{"id":284,"date":"2009-08-22T14:59:42","date_gmt":"1999-01-01T00:00:00","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/?p=284"},"modified":"2021-07-27T16:46:29","modified_gmt":"2021-07-27T16:46:29","slug":"shell-script-checkpoint-backup","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/firewalls\/check-point\/shell-script-checkpoint-backup.html","title":{"rendered":"Shell Script – Check Point Backup"},"content":{"rendered":"

This script will determine which operating system is running then backup the OS accordingly, once complete it will securely send it to the manager.<\/p>\n

The script is based on R65 and all backups will be sent to “\/var\/tmp\/backups” on the manager.<\/p>\n

Each time the backup is run it will write a system log confirming if it was successful or unsuccessful.
\nIf successful it will include the MD5 within the log message that you can use prior to any restores.<\/p>\n

You can download the script here.<\/a><\/p>\n

Installation<\/strong><\/p>\n

Server:<\/strong><\/p>\n

    \n
  1. Create a new username `useradd cpbackup<\/strong>`<\/li>\n
  2. Add password to user `passwd cpbackup<\/strong>`<\/li>\n
  3. Login as cpbackup<\/li>\n
  4. ssh to yourself `ssh\u00a0127.0.0.1<\/strong>` and then disconnect (this will create the required ssh folder for you).<\/li>\n
  5. Create a folder `mkdir \/var\/tmp\/backups<\/strong>`<\/li>\n
  6. Change permissions `chown root:cpbackup \/var\/tmp\/backups<\/strong>`<\/li>\n
  7. Change permissions `chmod 760 \/var\/tmp\/backups<\/strong>`<\/li>\n<\/ol>\n

    Client:<\/strong><\/p>\n

      \n
    1. Create ssh key `ssh-keygen -t rsa<\/strong>` (Do not enter a passphrase and use the folder path selected as default.)<\/li>\n
    2. scp the file to your server.<\/li>\n
    3. Set the variables in the script for the port number and server ip.<\/li>\n
    4. Add an entry to your crontab to run the backup each night.<\/li>\n<\/ol>\n

      Server:<\/strong><\/p>\n

        \n
      1. Copy the rsa_id.pub (just copied) to a file called authorized_keys in the folder \/home\/cpbackup\/.ssh\/<\/strong> and enure the permissions are set to 600.<\/li>\n
      2. Add the user cpbackup to the line `AllowUsers<\/strong>` within\u00a0 \/etc\/ssh\/sshd_config.<\/li>\n
      3. Restart ssh `\/etc\/init.d\/sshd restart<\/strong>`<\/li>\n
      4. Add an entry to your crontab to rotate the backups (find \/var\/tmp\/backups -name *backup\\* -mtime +2 -exec rm {} \\;)<\/li>\n<\/ol>\n

        How it Works \/ How to restore<\/strong><\/p>\n

        SPLAT<\/strong>
        \nWhen running this script on SPLAT you will be running the `backup` command.
        \nTo restore your backup use the `restore` command. You will need to restore the backupfile named “splat-backup_[hostname]_[date].tgz” using the restore command. The `restore` command will not restore the init.d scripts (such as the arp or route scripts). Because of this these are backed up separately within the file “[hostname]_runconfig_[date].txt” which is included within the tgz file “splat-backup_[hostname]_OS_[date ].tgz”.<\/p>\n

        To allow all the arps and routes to be saved with the use of the backup command the following should be used,<\/p>\n