[prev in list] [next in list] [prev in thread] [next in thread]
List: sidewinder
Subject: Re: [Sidewinder] Restoring Sidewinder configurations on a new server
From: sidewinder-admin () adeptech ! com
Date: 2003-02-07 22:31:48
[Download RAW message or body]
I wrote a few backup and restore scripts that I used on 3 firewalls in
a one-to-many config. I last updated it for V5.2.1.02(I think). You could
do something similar. I have sucessfully used this on multiple occaisions
to install firewalls that are identical except for the hostname and IP
addresses on the NICs. The scripts you need to create for this are at the
bottom. You can use a script and crontab entry at the bottom to have your
firewall automatically send the tarred config file to an FTP server once a
week
Regards,
Jeffery Gieser
Instructions for Backup
cd /etc/scripts
./config.script (The script will sit for about 5 minutes appearing to
be hung up. Be patient. You will get the fwname# prompt back when it's
done. The contents of the script are below)
cd /home/ftp/pub
ls -lay acl.* (Make sure that the size of the file is something other
than 0. If some of the file sizes are 0 then there may be a corrupted ACL
database on the firewall.)
rm /home/ftp/pub/acl.*
FTP the file to an FTP server.
Instructions for Restore
Install Sidewinder
FTP the tar file from the FTP server to the Sidewinder
***Do not place the file on a disk from a Windows machine as the file will
be corrupted. You can do it from a UNIX machine, though.***
tar -xvf tar.firewall name.conf
cd config
tar -xvf ./tar.scripts
First we need to make sure that this Sidewinder is at the same patch level
as the Sidewinder we saved the config files from. Look at the output from
the 'packages' command and compare it to what is in the
/home/ftp/pub/config/packages file. They should be the same. If there is
a minor patch level difference you may or may not be able to use there
config files. If there is a major patch level difference you will probably
not be able to use all of these config files.
/etc/scripts/untar.scripts
cf acl purge table=acl
cf acl purge table=ipaddr
cf acl purge table=host
cf acl purge table=subnet
cf acl purge table=netgroup
cf acl purge table=domain
cf acl purge table=servicegroup
cf acl purge table=usergroup
cf acl query
***Make sure the query comes back empty***
cf -f /home/ftp/pub/config/firewall name.udb
ed /home/ftp/pub/config/firewall name.udb
***These commands are run in the text editor ed.***
1,$n
1,ms/add/modify/ (m= The number of lines that is found by 1,$n.)
w
<enter>
q
<enter>
***You are now out of ed.***
cf -f /home/ftp/pub/config/firewall name.udb
cf -f /home/ftp/pub/config/firewall name.server
cf -f /home/ftp/pub/config/firewall name.nss
cf -f /home/ftp/pub/config/firewall name.ipfilter
cf -f /home/ftp/pub/config/firewall name.gated
cf -Ff /home/ftp/pub/config/firewall name.acl
reconfigure_mail
ndc restart
enable ping proxy in the correct burbs
***The following commands must be done in the admin kernel due to Type
Enforcement. The command to find out what kernel you are in is uname -v.
***
chtype Xsrv:file /etc/Xaccel.ini
chtype \$Sys:conf /etc/sidewinder/rollaudit.conf
Edit the /usr/share/sendmail/m4/cfhead.m4 file. Search for 5d and you will
find the following line.
define(`confTO_QUEUERETURN', `5d')
Change the 5d to 12h.
define(`confTO_QUEUERETURN', `12h')
Cleanup
rm -Rf /home/ftp/pub/config
rm tar.firewall name.conf.date
doublecheck the NAT addresses on IP filters to make sure they correspond to
this firewall rather than the other firewall.
Do not forget to license the Sidewinder.
All the scripts are below
### The /etc/scripts/config.script, tshould contain all the commands from
here to the pound signs. CHange fwname to your firewall's name.###
mkdir /home/ftp/pub/config
cf acl query > /home/ftp/pub/config/fwname.acl
cf udb query > /home/ftp/pub/config/fwname.udb
cf role query > /home/ftp/pub/config/fwname.role
cf server query > /home/ftp/pub/config/fwname.server
cf nss query > /home/ftp/pub/config/fwname.nss
cf udp query > /home/ftp/pub/config/fwname.udp
cf ipfilter query > /home/ftp/pub/config/fwname.ipfilter
cf gated query > /home/ftp/pub/config/fwname.gated
cf acl query table=acl > /home/ftp/pub/acl.acl
cf acl query table=host > /home/ftp/pub/acl.host
cf acl query table=ipaddr > /home/ftp/pub/acl.ipaddr
cf acl query table=subnet > /home/ftp/pub/acl.subnet
cf acl query table=netgroup > /home/ftp/pub/acl.netgroup
cf acl query table=usergroup > /home/ftp/pub/acl.usergroup
cp /etc/sidewinder/rollaudit.conf /home/ftp/pub/config/rollaudit.conf
package -Q > /home/ftp/pub/config/package
date > /home/ftp/pub/config/date
cp /etc/gateways /home/ftp/pub/config/gateways
cp /etc/named.conf.i /home/ftp/pub/config/named.conf.i
cp /etc/named.conf.u /home/ftp/pub/config/named.conf.u
cp /etc/mailertable.mta1 /home/ftp/pub/config/mailertable.mta1
cp /etc/mailertable.mta2 /home/ftp/pub/config/mailertable.mta2
cp /etc/crontab /home/ftp/pub/config/crontab
cp /etc/access.mta1 /home/ftp/pub/config/access.mta1
cp /etc/access.mta2 /home/ftp/pub/config/access.mta2
cp /etc/sidewinder/sendmail/sidewinder.1.mc
/home/ftp/pub/config/sidewinder.1.mc
cp /etc/Xaccel.ini /home/ftp/pub/config/Xaccel.ini
cp /etc/aliases /home/ftp/pub/config/aliases
cp /etc/sidewinder/proxy/pudp.conf /home/ftp/pub/config/pudp.conf
cp /etc/sidewinder/proxy/squid/squid.conf /home/ftp/pub/config/squid.conf
chtype UDPx:conf /etc/sidewinder/proxy/pudp.conf
chtype wwwc:conf /etc/sidewinder/proxy/squid/squid.conf
chtype DNSu:conf /etc/named.conf.u
chtype DNS2:conf /etc/named.conf.i
chtype mta1:conf /etc/mailertable.mta1
chtype mta2:conf /etc/mailertable.mta2
chtype Cron:cJob /etc/crontab
chtype mta1:conf /etc/access.mta1
chtype mta2:conf /etc/access.mta2
chtype mtac:conf /etc/sidewinder/sendmail/sidewinder.1.mc
chtype mta1:conf /etc/aliases
tar -cvf /home/ftp/pub/config/tar.scripts /etc/scripts
tar -cvf /home/ftp/pub/tar.fwname.conf /home/ftp/pub/config
rm -Rf /home/ftp/pub/config
###This is the end of the script.###
###The /etc/scripts/untar.scripts should contain the following commands.
###
mv /home/ftp/pub/config/gateways /etc/gateways
mv /home/ftp/pub/config/named.conf.i /etc/named.conf.i
mv /home/ftp/pub/config/named.conf.u /etc/named.conf.u
mv /home/ftp/pub/config/mailertable.mta1 /etc/mailertable.mta1
mv /home/ftp/pub/config/mailertable.mta2 /etc/mailertable.mta2
mv /home/ftp/pub/config/crontab /etc/crontab
mv /home/ftp/pub/config/access.mta1 /etc/access.mta1
mv /home/ftp/pub/config/access.mta2 /etc/access.mta2
mv /home/ftp/pub/config/sidewinder.1.mc
/etc/sidewinder/sendmail/sidewinder.1.mc
mv /home/ftp/pub/config/Xaccel.ini /etc/Xaccel.ini
mv /home/ftp/pub/config/aliases /etc/aliases
mv /home/ftp/pub/config/pudp.conf /etc/sidewinder/proxy/pudp.conf
mv /home/ftp/pub/config/squid.conf /etc/sidewinder/proxy/squid/squid.conf
mv /home/ftp/pub/config/rollaudit.conf /etc/sidewinder/rollaudit.conf
chtype UDPx:conf /etc/sidewinder/proxy/pudp.conf
chtype wwwc:conf /etc/sidewinder/proxy/squid/squid.conf
chtype DNSu:conf /etc/named.conf.u
chtype DNS2:conf /etc/named.conf.i
chtype mta1:conf /etc/mailertable.mta1
chtype mta2:conf /etc/mailertable.mta2
chtype Cron:cJob /etc/crontab
chtype mta1:conf /etc/access.mta1
chtype mta2:conf /etc/access.mta2
chtype mtac:conf /etc/sidewinder/sendmail/sidewinder.1.mc
chtype mta1:conf /etc/aliases
cf ntp config burb=external
cf ntp add server burb=external ip=192.5.41.40
cf ntp add server burb=external ip=192.5.41.41
cf server enable ntp burb=external
cf ntp config burb=internal
cf ntp add peer burb=internal ip=127.127.1.0 prefer=yes
cf server enable ntp burb=internal
cf ntp config burb=wan
cf ntp add peer burb=wan ip=127.127.1.0 prefer=yes
cf server enable ntp burb=wan
cf ntp config burb=web
cf ntp add peer burb=web ip=127.127.1.0 prefer=yes
cf server enable ntp burb=web
cf ntp config burb=vendor
cf ntp add peer burb=vendor ip=127.127.1.0 prefer=yes
cf server enable ntp burb=vendor
cf ntp config burb=man
cf ntp add peer burb=man ip=127.127.1.0 prefer=yes
cf server enable ntp burb=man
cf ntp config burb=qa
cf ntp add peer burb=qa ip=127.127.1.0 prefer=yes
cf server enable ntp burb=qa
###This is the end of the script.###
crontab entries for automated backup
0 5 * * 1 root Admn /etc/scripts/config.script
21 5 * * 1 root Admn /usr/bin/ftp -n < /etc/scripts/ftp2.script
***Contents of /etc/scripts/ftp2.script for automated backup***
open (ftp server)
user (username)
bin
put /home/ftp/pub/tar.fwname.conf ./tar.fwname.conf
***end of script***
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic