Backup & Restore

Backup

You can use stamus_config to create backup files. These backups contains a dump that is enough to restore a working and functional clone of an existing instance. Currently only data will not be restored. This means events stored in Elasticsearch, dashboards as well as RYOD containers.

To trigger a backup, connect to the system with snuser and start stamus_config with sudo

snuser@stamus:~$ sudo stamus_config

In the menu, choose backup then backup action. Wait till the process is over. Once done, it will give you the name of the created backup that you will be able to copy via scp to another system. All backups are generated in /home/snuser/backups/ directory.

Restore

Important

Please have in mind, that restoring from a backup created on non-consecutive versions, will not be possible. For example, you will not be able to restore a backup of v37 on a v39 upgrade.

Please note that restoring data will cause all existing data to be lost.

To restore data, copy a backup file in the backups directory if needed (or use one already available here).

Then connect to the system as snuser and start stamus_config with sudo

snuser@stamus:~$ sudo stamus_config

In the menu, choose backup then restore action. Choose the correct file in the list and select Restore. Wait till the process is over. Once done, apply changes to Manager and all Probes then reboot Manager and all Probes by running sudo reboot on each device. Once the system is back up, you will be able to connect to the interface using credentials saved in the backup file.

Important

Please note that if restoring the backup on a machine with different ip address (than the one it was taken on), an additional configurational step is needed which is to change the stamus visible address and then Apply changes

Migrating a Physical SCS to a Virtual Machine

Before Starting

  • Unless you are using an external ES cluster, the collected events (data) will be lost as they aren’t migrated.

  • Only the configuration is backuped (users, roles, network definitions, probes ssh keys, …)

  • If you want to preserve the ES data, you should explore the possibility of using Clonezilla to clone the Hard Drive onto a Virtual Hard Drive. This would require further adjustments in configuration and this case isn’t documented at the moment in our procedures.

  • Once the migration is completed we recommend keeping the old physical server a few days or weeks before decommissioning it to ensure everything is fine with the new system.

  • The software versions must strictly be identical on the backuped server and the restored VM (i.e. both should be U37.0.0 for example)

Backuping the existing SCS

  • Log in with SSH on your running SCS (snuser by default)

  • Run the command sudo stamus_backup

  • The backup file will be available in /home/snuser/backups/ and named such as sciriuspro-scirius-2021-10-18-064342.tar.bz2

  • Export this backup using scp into another system (optional)

Installing a new Virtual Machine

  • Create a new Virtual Machine with the SCS image such as SN-SciriusSecurityPlatform-Appliance-37.0.0-vmware.tar.gz

  • As initial setup, setup the network configuration of this VM (i.e. IP address).

    • Note that the restoration procedure doesn’t include network parameters of the system.

    • If you want to use the same IP address as previously with the physical server, disconnect first the physical server

    • This IP address can be changed later after having installed the new license file

  • Once the system is installed, generate the system UUID (see procedure)

  • Install the new license file received from support (see procedure)

  • Copy using scp the previously created backup file onto this new SCS. Place it under /home/snuser/backups/

  • Login with SSH on this new SCS (snuser by default)

  • Run the command stamus_restore with the filename of the backup as a parameter such as sudo stamus_restore sciriuspro-scirius-2021-10-18-064342.tar.bz2

  • Once completed, reboot the system

  • The IP address of the system can be changed using stamus_config if not done already. Reboot the system if you do it.

  • Once the new SCS is back online, you may need to proceed with Apply changes in order to restore the communication with your Probes