Automating a Remote Backup

You can automate a periodical backup of SecureTrack. The target location can be one of the following:

  • A Windows shared folder
  • A central storage device, such as NAS/SAN
  • Locally on the host

The following solution covers the first option: automating backup to a remote Windows shared folder. The solution includes preparing the targets, configuring the backup script file, and creating a crontab job for automatic scheduling.

The solution leaves temporary data in /tmp , which should be cleaned out after confirming successful backup.

The script works on Tufin appliances (TufinOS 1.3 build 60 and higher). For other installations, make sure samba is installed.

To automate a remote backup:

  1. Prepare the target Windows host as follows:

    1. Create a shared directory on the target Windows host.
    2. On the Windows host, configure a user account with read and write permissions.

  2. Create target directories on SecureTrack, if they do not yet exist, as follows:

    1. Under directory var, create a directory called backup:

      mkdir /var/backup

    2. Under mnt create backup:

      mkdir /mnt/backup

  3. Create a new backup script file with this content:

    #!/bin/sh
    export PATH="${PATH}:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin"
    DATE=`/bin/date +%F`
    VER=`st ver | grep SecureTrack |awk '{print $3$4$5$6}'`
    RESULT=`tos backup --st /tmp/tufin-$VER`
    echo $RESULT | grep -i "Backup finished successfully" >/dev/null
    if [ $? -ne 0 ]; then
    echo "backup failed. reason: " $RESULT
    exit 1;
    fi
    mount -t cifs //<IP_of_target_host>/<target_directory_name> -o username=<username>@<domain>,password=<password> /mnt/backup
    if [ $? -ne 0 ]; then
    echo "Mount failed"
    exit 1;
    fi
    cp /tmp/tufin-$VER"_"$DATE.zip /mnt/backup/tufin-$VER"_"$DATE.zip
    if [ $? -ne 0 ]; then
    echo "Copy failed"
    exit 1;
    fi
    umount //<IP_of_target_host>/<target_directory_name>
    echo "Backup finished successfully"

  4. Edit the file, and replace the following variables with the appropriate values for your environment:

    • <IP_of_target_host>: The IP address or resolvable name of the target Windows host.

      This variable appears twice in the backup script file.

    • <target_directory_name>: The path to the target directory on the target Windows host.

    • <username>: The user name for the user account with read/write permissions for the target directory.

    • <domain>: The domain of the user account.
    • <password>: The password for this user account.

    Save and close the file.

  5. Place the file on SecureTrack, under /usr/local/bin .

  6. Give the file executable permissions, by running:

    cd /usr/local/bin
    chmod +x backup.sh

  7. Edit Crontab to enable periodic scheduling of the backup process, as follows:

    1. Enter Crontab file edit mode:

      crontab -e

    2. Add a line to run the backup script file according to a desired schedule. For example, the following will initiate the script every Monday at midnight:

      0 0 * * 1 /usr/local/bin/backup.sh

      For full instructions on using crontab, see the crontab page.