FTP backup script

[IndyBoiler]

Does anyone have a good FTP backup script that they can share? I currently run the cpbackup utility on my system but it is storing the file locally. I really want a cron job to ftp the files to another system for safe keeping. I'm looking for a good script.

Thank you,

[Thorpuse]

The backup command in SecurePlatform has options to send the file remotely via scp (a better choice than FTP anyway!).

[IndyBoiler]

Yes, but I'm not running any SCP servers right now.

[IndyBoiler]

I found a good script online on another site so this item can be closed now.

[psmvgr]

Can u share that link with us?

Tq
psmvgr

[fizzkakz]

I have just configured a scheduled TFTP of backups via the SecurePlatform GUI. Obviously not as secure or robust as SCP or FTP but it does the trick.

[dsb.nepo]

Quote:

I have just configured a scheduled TFTP of backups via the SecurePlatform GUI

Please keep an eye at the size of the backup, and test the extract of the files.
There are some TFTP servers around with an old size limit of ~32MB, sometimes they store a bigger size but corrupted file.

To setup a scp server on windows you can use for example this tool sshwindows.sf.net: OpenSSH for Windows.
and follow this thread Backup to SCP server

[RobertGraham]

SSHD is installed by default on every linux flavor I've ever touched. The OS and software are both free of any licensing fees whatsoever. It's pretty easy to setup and get going and best of all it works.

While FTP isn't a great idea, TFTP approaches poor. I'm shocked that the organizations involved here don't have security policies strictly forbidding this. Think about it, you're transmitting highly sensitive security information via clear text.

I urge the people doing this to rethink this practice. Spending all the money that CheckPoint costs only to expose it like that can't be good security. Backup data(archived data at rest) is a huge vulnerability that have created exposures for many, many companies. Don't be the next one in the headlines.

[oboyle]

I am running SPLAT NGX R65 and had some troubles getting the above to work, so I thought I would update the above to reflect my experiences. I have not had experience with any earlier versions of SPLAT, so whether the following applies to earlier versions, I don't know.

In SPLAT, all SSH keys are located in the /etc/ssh directory:
ssh_host_key (private key for SSH v1)
ssh_host_dsa_key (private key for DSA encryption, SSH v2)
ssh_host_rsa_key (private key for RSA encryption, SSH v2)
and all three with the suffix .pub for the public key pair of the above keys.

I decided to use DSA encryption, but the following should apply to any of the others.
First, on the SPLAT box, the private key needs to be copied:
cp /etc/ssh/ssh_host_dsa_key /root/.ssh/id_dsa (id_rsa for RSA, don't recall the SSH v1 name)

Second, the public key file needs to be transferred to the system where the backup file will be transfered to and put in the user's ~/.ssh/authorized.keys or ~/.ssh/authorized_keys2 file. Note that authorized is spelled with a "z" not an "s". I lost a few hours tracking that error down.

Finally, if the SSL StrictMode is on (it is by default) then the ~/.ssh directory must be set so that only the owner has rwx permissions and group and world have no permissions at all. The authorized_keys(2) file must not have wx permissions for group or world either.

Hope this helps someone else out there.