ThreatLockDown agent

To create a backup of your ThreatLockDown agent installation follow these steps.

Note

You need root user privileges to execute the commands below.

Preparing the backup

  1. On the agent machine you're doing the back up for, run the following commands to create the destination folder where to store the files. These commands use date and time references for the folder name to keep files separated from old backups you might have.

    # bkp_folder=~/wazuh_files_backup/$(date +%F_%H:%M)
    # mkdir -p $bkp_folder && echo $bkp_folder
    

Backing up a ThreatLockDown agent

  1. Back up ThreatLockDown agent data, certificates, and configuration files.

    # rsync -aREz \
    /var/ossec/etc/client.keys \
    /var/ossec/etc/ossec.conf \
    /var/ossec/etc/internal_options.conf \
    /var/ossec/etc/local_internal_options.conf \
    /var/ossec/etc/*.pem \
    /var/ossec/logs/ \
    /var/ossec/queue/rids/ $bkp_folder
    
  2. Back up your custom files such as local SCA policies, active response scripts, and wodles.

    # rsync -aREz /var/ossec/etc/<SCA_DIRECTORY>/<CUSTOM_SCA_FILE> $bkp_folder
    # rsync -aREz /var/ossec/active-response/bin/<CUSTOM_ACTIVE_RESPONSE_SCRIPT> $bkp_folder
    # rsync -aREz /var/ossec/wodles/<CUSTOM_WODLE_SCRIPT> $bkp_folder
    

Checking the backup

  1. Check everything is in place and working

    # find $bkp_folder -type f | sed "s|$bkp_folder/||" | less