Someone confronted me with the following scenario:
An UTM-1 appliance is crashed and can’t boot properly.
Before resetting the device to factory defaults, a backup should be performed to restore the configuration afterwards.
How can you do this without booting the device and using the Check Point backup utility?
Well, the backup .tgz file you produce with backup utility is just a collection of configuration files from your local filesystem.
The backup utility uses the configuration in /var/CPbackup/schemes to determine which files to include and which files to exclude.
If you need to backup the configuration, just go for these files:
UAG
- $UAGDIR/database/*
- $UAGDIR/conf/*
- $UAGDIR/boot/modules/*
- $UAGDIR/log/*
SYSTEMCONFIG
- /etc/sysconfig/*
- /etc/hosts
- /etc/hosts.allow
- /etc/hosts.deny
- /etc/resolv.conf
- /etc/passwd
- /etc/shadow
- /etc/localtime
- /etc/localtime.tz
- /etc/snmp/*
- /var/net-snmp/*
- /home/*
- /etc/cpshell/*
- /etc/ethers
- /etc/raddb
- /etc/dhcpd.conf
- /opt/spwm/conf/cp_http_admin_server.conf
- /var/CPbackup/conf/backup_sched.conf
- /var/spool/cron
SVN
- /var$CPDIR/registry/*
- /var$CPDIR/conf/*
- $CPDIR/database/*
- /var$CPDIR/log/*
RT
- $RTDIR/scripts/*
- $RTDIR/conf/*
- /var$RTDIR/Database/*
- $RTDIR/log/*
PERFORMANCEPACK
- $PPKDIR/boot/modules
FWLOGS
- /var$FWDIR/log
FW1
- /var$FWDIR/conf/*
- /var$FWDIR/database/*
- /var$FWDIR/state/*
- $FWDIR/lib/*.pf
- $FWDIR/boot/
FG1
- $FGDIR/conf/*
- $FGDIR/scripts/*
- $FGDIR/boot/modules/*
- $FGDIR/log/*
CVPN
- $CVPNDIR/conf/*
- $CVPNDIR/var/*
- $CVPNDIR/sync_files/*
- $CVPNDIR/mgmt_conf_files/*
- $CVPNDIR/htdocs/Mail/data
- $CVPNDIR/htdocs/Mail/attachments
- $CVPNDIR/htdocs/Login/images/CompanyLogo.gif
- $CVPNDIR/htdocs/sre/descr/
- $CVPNDIR/htdocs/sre/data/manual_rules.xml
- $CVPNDIR/htdocs/sre/ICSScanner.cab
- $CVPNDIR/htdocs/sre/SetupBrowser.exe
- $WEBISDIR/conf/*
Since the device is not running, the variables are not filled with the correct values. For a R71 installation the variables have to be substituted with the following values:
CPDIR=/opt/CPshrd-R71
CPMDIR=/opt/CPsuite-R71/fw1
CVPNDIR=/opt/CPcvpn-R71
FGDIR=/opt/CPsuite-R71/fg1
FWDIR=/opt/CPsuite-R71/fw1
RTDIR=/opt/CPrt-R71
WEBDIR=/opt/CPportal-R71/webis
PPKDIR/opt/CPppak-R71/
You can boot an UTM-1 appliance from a live Linux CD or DVD, using an USB-DVD drive connected to the appliance.
While SPLAT is using normal partitions, the UTM-1 appliances use the Logical Volume Manager lvm. So the operating system you use should be able to deal with these LVM partitions. I use this modified grml system for this purpose.
On the boot screen you have to add some parameters for the startup process:
Some information and boot options available via keys F2 - F10. http://grml.org/
grml 2010.04 - Release Codename Grmlmonster 2010.04.29
boot: serial debug=noscreen lang=de lvm
When grml was finished, it has a console with all the needed tools. LVM is loaded already.
Check for the volume groups on the hard drive with the vgscan command:
root@grml ~ # vgscan -v
Wiping cache of LVM-capable devices
Wiping internal VG cache
Reading all physical volumes. This may take a while...
Finding all volume groups
Finding volume group "vg_splat"
Found volume group "vg_splat" using metadata type lvm2
Activate the logical volumes with vgchange:
root@grml ~ # vgchange -a y
6 logical volume(s) in volume group "vg_splat" now active
Now you can display the volume group with vgdisplay:
root@grml ~ # vgdisplay
--- Volume group ---
VG Name vg_splat
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 7
VG Access read/write
VG Status resizable
MAX LV 255
Cur LV 6
Open LV 0
Max PV 255
Cur PV 1
Act PV 1
VG Size 72.47 GiB
PE Size 4.00 MiB
Total PE 18553
Alloc PE / Size 7424 / 29.00 GiB
Free PE / Size 11129 / 43.47 GiB
VG UUID dCQA6u-z70X-LIsE-Xhmb-n5ho-ZMrX-JyBePy
You can display the logical volumes with lvscan:
root@grml ~ # lvscan
ACTIVE '/dev/vg_splat/lv_current' [5.00 GiB] inherit
ACTIVE '/dev/vg_splat/lv_log' [10.00 GiB] inherit
ACTIVE '/dev/vg_splat/lv_hfa' [5.00 GiB] inherit
ACTIVE '/dev/vg_splat/lv_upgrade' [5.00 GiB] inherit
ACTIVE '/dev/vg_splat/lv_fcd' [2.00 GiB] inherit
ACTIVE '/dev/vg_splat/lv_fcd62' [2.00 GiB] inherit
Mount the logical volume lv_current in /tmp
mkdir /tmp/utm1/
mount /dev/vg_splat/lv_current /tmp/utm1/
mount /dev/vg_splat/lv_current /tmp/utm1/
Change to /tmp/utm1 and you’re in the root directory of your UTM-1 appliance.
From there go to the directories listed above and get your files.
Transfer them over the network with scp or copy them to a USB stick.
Transfer them over the network with scp or copy them to a USB stick.
After you did a backup of all the files you can do the factory reset.
When the initial system and software installation is done, just boot into maintenance mode and copy the backup files to the appropriate location on the appliance.
When the initial system and software installation is done, just boot into maintenance mode and copy the backup files to the appropriate location on the appliance.
After a restart of the system you have your old configuration working.
No hay comentarios:
Publicar un comentario