Check Point configuration backup on CentOS

From The sin within

Check Point configuration backup on CentOS

This article will present a way to backup the Check Point configuration of a SmartCenter or Enforcement module + SmartCenter running on CentOS. This HowTo assumes the following:

• You have lftp installed on the machine (if not, just run yum install -y lftp and you're set)
• The Check Point version you're running is NGX R60 but that's just for information purpouses as it will work with other versions too
• That you have a remote FTP server on which you have upload privileges based on username and password

The backup script is as follows:

#!/bin/sh
# (c) 2007 by sin@imacandi.net

# This is needed to setup CP environment variables
. /opt/CPshrd-R60/tmp/.CPprofile.sh

# Our own variables
DATE=`date +%d%m%Y`
TMP_DIR="/tmp/$RANDOM"
HOST=`hostname`
CP_ARCHIVE="CP-$HOST-`date +%d%m%Y`"
LFTP="/usr/bin/lftp"
FTP_SERVER="10.2.3.4"
FTP_USER="backup_user"
FTP_PASS="backup_password"

mkdir -p $TMP_DIR
cd $TMP_DIR

# we use upgrade_export to save and archive the CP configuration
echo | $FWDIR/bin/upgrade_tools/upgrade_export $CP_ARCHIVE > /dev/null 2> /dev/null

# we use lftp's scripting capabilities to upload the resulting
# archive to an ftp server

echo "open $FTP_SERVER" >> $TMP_DIR/lftp_commands
echo "user $FTP_USER $FTP_PASS" >> $TMP_DIR/lftp_commands
echo "mput $CP_ARCHIVE.tgz" >> $TMP_DIR/lftp_commands
echo "quit" >> $TMP_DIR/lftp_commands
echo "" >> $TMP_DIR/lftp_commands

$LFTP -f $TMP_DIR/lftp_commands

# now we cleanup the temporary files we created
/bin/rm -rf  $TMP_DIR

For a short and hopefully understandable explation on what the script does is as follows:

• take a configuration snapshot of the current configuration and create an archive with it
• upload the archive to a remote ftp server for backup
• cleanup after itself