PDA

View Full Version : Cron MDS Backup for NGX



charliey_2000
2007-11-30, 16:50
Can someone help with setting up a Cron job to run MDS backup. Does the MDSENV need to run to set the environment variables?

ppnair@gmail.com
2007-11-30, 17:48
Yes. You need to add the following line "source line"in your scriptjust before the start line...

Also the cron entry could be something like this; which will ignore the GUI client connection checks...

30 4 * * * /export/sysadm/scripts/mds_backup -b -d /backup/mds_backup > /backup/mds_backup/mds_backup.txt

################################################## ################################
source /opt/CPshared/5.0/tmp/.CPprofile.csh
start:
if ( "X$MDS_SYSTEM" == "X" ) then
echo "environment variable MDS_SYSTEM is not defined, aborting"
exit 99
endif

setenv MDS_INTER

cciesec2006
2007-11-30, 20:49
here is a much better way to do it. Tested and verified on NGx R65:

--------------------
[root@LinuxES root]# more /local/scripts/P1_mds_backup
#!/bin/csh
source /opt/CPshrd-R65/tmp/.CPprofile.csh
set DMY=`date +%d%h%Y`
mdsenv
cd /var/tmp/mds_backups
mkdir /var/tmp/mds_backups/$DMY
cd /var/tmp/mds_backups/$DMY
mdsstop
mds_backup < /local/scripts/cr.txt
[root@LinuxES root]#
-----------------------
The file /local/scripts/cr.txt has something like this:
[root@LinuxES root]# more /local/scripts/cr.txt
^M
^M
[root@-LinuxES root]#
[root@-LinuxES root]# crontab -l
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.13933 installed on Thu Sep 13 17:19:30 2007)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
45 23 * * 0 /local/scripts/P1_mds_backup > /tmp/my.log 2>&1
[root@LinuxES root]#

Easy right?

cciesec2006
2007-11-30, 20:55
new revision of the script:

#!/bin/csh
source /opt/CPshrd-R65/tmp/.CPprofile.csh
set DMY=`date +%d%h%Y`
mdsenv
cd /var/tmp/mds_backups
mkdir /var/tmp/mds_backups/$DMY
cd /var/tmp/mds_backups/$DMY
mdsstop
mds_backup < /local/scripts/cr.txt
mdsstart
cd /var/tmp/mds_backups
tar -cf $DMY.tar $DMY
gzip $DMY.tar
rm -rf /var/tmp/mds_backups/$DMY

ppnair@gmail.com
2007-12-01, 14:28
What the advantage? The mds_backup script already gives us a neat Date/Time/Year format in the filename itself. So directory name is not needed.

Also it is not a nice way to run the mdsstop on the cronjob just to take backup. If you can explain any other advantages. I hope it is depend upon the requirements.

cciesec2006
2007-12-01, 16:41
Whenever I need to perform mds_backup and send it to checkpoint TAC,
they also demand that I do an mdsstop prior to running mds_backup.

"mdsstop" ensures ALL GUIs will be disconnected to that particular
MDS system and no one can write to the CMA(s). It ensures the
integrity of the backup.

my script will tar up all the backup files and gzip them up into a single
.gz file for archives.

It boils down to personal preferences. I like it because it is compacted and
simple.

my 2c.

charliey_2000
2007-12-03, 09:40
Thanks everyone for the post. I will try them in my test environment.

Valefor
2008-07-22, 17:51
I haven't been able to get either one of these to work. It doesn't seem to grab the CMA's, just the basic MDS info.

ppnair@gmail.com
2008-08-27, 16:38
Valefor,

Did you try my method of running via the cron job; if yes, and you still face issues, please run this following from the command line and provide the output of mds_backup.txt file + any error message you get on the screen. I have implemented this solution on NGX R62 and upgraded to NGX R65 and it works fantastic for us..

$MDSDIR/scripts/mds_backup -b -d /backup/mds_backup > /backup/mds_backup/mds_backup.txt

Also please specify which MDS server you are running. If you are running on MDS Manager Server it will not capture any CMA files. You should run mds_backup on MDS Container server separately to backup CMAs as well if you are using distributed environment like us.

n3al10
2008-10-29, 22:22
MDS backup script / provider-1 / p-1 / automate backup script

here is my version which also sends to a ftp server.

only thing I have not verified is that after 30 days the files get deleted properly, you should verify that section is correct so that your disk does not get filled up

======

#!/bin/csh

#
# Check Point SPLAT automatic backup/export script.
# by Phil. Modified by Neal Granick 10-29-2008
#
# This script is intended for demo purposes in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.
#
# This script follows a simmilar process to a script produced by James Bly.

#
# Outline: -
#
# 1. Setup script variables.
# 2. Change to mdsenv
# 3. Create tmp location
# 4. MDSSTOP & backup & mdsstart
# 4a. tar & gzip backup file and remove tmp directory
# 4b. Create backup file MD5 hash and export file MD5 hash values.
# 4c. Create backup file SHA1 hash and export file SHA1 hash values.
# 5. Transfer backup/export + MD5/SHA1 hash files to ftp server.
# 6. Change backup file permissions
# 7. Trim backup folder to last 30 days only.
#
# ********* note ********
# /var/scripts/cr.txt contains the below two lines (2 x ^M)
#^M
#^M
# you need these directories to use this script
# /var/backups
# /var/backups/arcvhives
# /var/backups/logs
# /var/scripts
# save the script as /var/script/mds_backup_script.sh and schedule in crontab as below to run at 1am everyday
# * 1 * * * /var/scripts/mds_backup_script.sh > /var/backups/logs/mds_backup_script.log 2>&1


#
# 1. Setup script variables.
#
set ARCHIVE_DIR=/var/backups/archives/
set BACKUP_DIR=/var/backups/
set BACKUP_FILE_GZ=`hostname`-BACKUP-`/bin/date +%Y_%m_%d_%H-%M-%S`.gz
set BACKUP_FILE_TAR_GZ=`hostname`-BACKUP-`/bin/date +%Y_%m_%d_%H-%M-%S`.tar.gz
set BACKUP_FILE=`hostname`-BACKUP-`/bin/date +%Y_%m_%d_%H-%M-%S`
set TMP_BACKUP_DIR=/var/log/CPbackup/backups/NGX_R65_
set BACKUP_MD5_HASH=`hostname`-BACKUP-MD5-`/bin/date +%Y_%m_%d_%H-%M-%S`.txt
set BACKUP_SHA1_HASH=`hostname`-BACKUP-SHA1-`/bin/date +%Y_%m_%d_%H-%M-%S`.txt
set LOG_DIR=/var/backups/logs/
set FTP_SERVER="192.168.1.1"
set FTP_USERNAME=anonymous
set FTP_PASSWORD=anonymous@t.com
set HOSTNAME=`hostname`
#
# Source the Check Point profile for library settings
#
source /opt/CPshrd-R65/tmp/.CPprofile.csh


#
# 2. Change to mdsenv
#
mdsenv

#
# 3. Create tmp location
#
cd /var/backups
mkdir /var/backups/tmp
cd /var/backups/tmp


#
# 4. MDSSTOP & backup & mdsstart
#
mdsstop
mds_backup < /var/scripts/cr.txt
mdsstart

#
# 4a. tar & gzip backup file and remove tmp directory
#
cd /var/backups
tar -cf $BACKUP_FILE.tar tmp
gzip $BACKUP_FILE.tar
rm -rf /var/backups/tmp

#
# 4b. Create backup file MD5 hash and export file MD5 hash values.
#

#
# Set MD5SUM variable
#
set MD5SUM=`/usr/bin/md5sum $BACKUP_DIR$BACKUP_FILE_TAR_GZ | awk '{ print $1; }'`
#
/usr/bin/logger "BACKUP: ${BACKUP_FILE_TAR_GZ} created with md5sum ${MD5SUM}"
echo "BACKUP: ${BACKUP_FILE_TAR_GZ} created with md5sum ${MD5SUM} " > $BACKUP_DIR/$BACKUP_MD5_HASH

#
# 4c. Create backup file SHA1 hash and export file SHA1 hash values.

#
#set SHA1SUM Variable
#
set SHA1SUM=`/usr/bin/sha1sum $BACKUP_DIR$BACKUP_FILE_TAR_GZ | awk '{ print $1; }'`
#
/usr/bin/logger "BACKUP: ${BACKUP_FILE_TAR_GZ} created with sha1sum ${SHA1SUM}"
echo "BACKUP: ${BACKUP_FILE_TAR_GZ} created with sha1sum ${SHA1SUM} " > $BACKUP_DIR/$BACKUP_SHA1_HASH


#
# 5. Transfer backup/export + MD5/SHA1 hash files to ftp server.
#
ftp -n $FTP_SERVER <<EOC
quote user $FTP_USERNAME
quote pass $FTP_PASSWORD
binary
cd $HOSTNAME
lcd $BACKUP_DIR
put $BACKUP_FILE_TAR_GZ
put $BACKUP_MD5_HASH
put $BACKUP_SHA1_HASH
bye
EOC


#
# 6. Change backup file permissions
#
chmod 777 $BACKUP_DIR$BACKUP_FILE_TAR_GZ
chmod 777 $BACKUP_DIR$BACKUP_MD5_HASH
chmod 777 $BACKUP_DIR$BACKUP_SHA1_HASH


#
# 7. Move Files to Archive location
#

mv $BACKUP_DIR`hostname`*.*gz $ARCHIVE_DIR
mv $BACKUP_DIR`hostname`*.*txt $ARCHIVE_DIR



#
# 7. Trim backup folder to last 30 days only.
#
cd $ARCHIVE_DIR
find `hostname`*.*gz `hostname`*".txt" -mtime +30 -exec rm {} \;
find `hostname`*.*txt `hostname`*".txt" -mtime +30 -exec rm {} \;

Martin Cmelik
2011-02-02, 12:09
Hi,

here you can find automatic backup script with upload to backup server over SSH (SCP)

Check Point automatic MDS backup script with upload to SSH | Security-Portal.cz | Bezpe (http://www.security-portal.cz/clanky/check-point-automatic-mds-backup-script-upload-ssh)