SysAdm: Malware Analytics Backup and Recovery

Document created by RSA Information Design and Development on Jul 29, 2016Last modified by Susan Ewald on Nov 1, 2016
Version 2Show Document
  • View in full screen mode
 

Administrators can back up and restore configuration and database files for Malware Analysis, so if information is lost or deleted, it can be restored.

Prerequisites

Before backing up and restoring the configuration and database files for Malware Analysis, make sure there is enough disk space in the directory where the backup will be generated.

Back Up Files

For a full backup of configuration files:

  1. Stop RSA Malware service with the following command:
    stop rsaMalwareDevice
  2. Create a tar file of the required files  
    cd /
    tar -cjphvf RSAMalwareFromSlashNew.tar.bz2 /var/lib/netwitness/rsamalware --exclude='root.war' /etc/init/rsaMalwareDevice.conf
  3. Start RSA Malware service with the following command
    start rsaMalwareDevice

Note: For a daily or a partial backup you can create a tar file of files in the subdirectory var/lib/netwitness/rsamalware/spectrum

To back up database files:

  1. Backup in one of the following ways:
  • On a co-located host, it uses H2. If you backup the directory var/lib/netwitness/rsamalware mentioned above, it backs up the database as well.  
  • On a standalone MA box, Postgres is used. Back up the database in the directory var/lib/pgsql/9.1/data on a daily basis.

Restore Files

To restore the configuration and database files:

  1. Log on to the host you intend to restore from a saved backup using ssh.
  2. Stop RSA Malware service with the following command:
    stop rsaMalwareDevice
  3. Change to the / directory.
    cd / 
  4. Copy the necessary tar file RSAMalwareFromSlashNew.tar.bz2 using a utility like SCP to the host in the / folder.
  5. Extract the tar file by using the following command:
    tar -xjpvf RSAMalwareFromSlashNew.tar.bz2 
  6. Start RSA Malware service with the following command:
    start rsaMalwareDevice
You are here: Backup and Restore Data for Hosts and Services > Malware Analytics Backup and Recovery

Attachments

    Outcomes