Administrators can back up and restore configuration and database files for Malware Analytics, so that if information is lost or deleted, it can be restored.
Back Up Files
For a full backup of configuration files:
- Stop the RSA Malware service with the following command:
- Create a tar file of the required files:
tar -C / -cjphvf RSAMalwareFromSlashNew.tar.bz2 /var/lib/netwitness/rsamalware --exclude='root.war' /etc/init/rsaMalwareDevice.conf
Note: For a daily or a partial backup, you can create a tar file of the files in the subdirectory var/lib/netwitness/rsamalware/spectrum
To back up database files:
- Back up database files in one of the following ways:
- On a co-located host, the database uses H2. If you backup the directory var/lib/netwitness/rsamalware mentioned above, it backs up the database as well.
- On a standalone Malware Analysis box, Postgres is used. Back up the database in the directory var/lib/pgsql/9.1/data on a daily basis.
To back up Puppet and RabbitMQ files:
- Create a tar.bz2 file of the Puppet and RabbitMQ files:
tar -C / --atime-preserve --recursion -cvpjf /root/puppet-rabbit-backup.tar.bz2 --exclude=/var/lib/puppet/bucket --exclude=/var/lib/puppet/reports --exclude=/var/lib/puppet/lib --exclude=/var/lib/rabbitmq/mnesia /var/lib/puppet /etc/puppet /var/lib/rabbitmq
- If you are backing up a system that is still being used, start the RSA Malware service with the following command:
When you are restoring files that have been backed up, put the files in a consistent place. In this document, we are using the /tmp/ folder as the location for the tar files to be extracted. You can use a different folder if needed.
To restore the configuration and database files:
- Log onto the host you intend to restore from a saved backup using SSH.
Stop the RSA Malware service with the following command:
Change the directory.
- Copy the tar file RSAMalwareFromSlashNew.tar.bz2, using a utility like Secure Copy (SCP), to the host in the /tmp/ folder.
Extract the tar file by using the following command:
tar -C / -xjpvf /tmp/RSAMalwareFromSlashNew.tar.bz2
Delete the tar files.
To restore Puppet and RabbitMQ Files:
- Change to the / directory.
- Copy the tar file puppet-rabbit-backup.tar.bz2, using a utility like Secure Copy (SCP), to the host in the /tmp/ directory.
- Extract the tar file by using the following command:
tar -C / -xvjf /tmp/puppet-rabbit-backup.tar.bz2
- Delete the tar file.
- Start the Malware Analysis service with the following command: