Backup & Restore
Procedures for backing up and restoring Aquilon DLP data and configuration.
What to Back Up
| Component | Location | Priority | Notes |
|---|---|---|---|
| Configuration | /etc/aquilon-dlp/aquilon_dlp_config.toml | Critical | Application settings |
| Database | /var/lib/aquilon-dlp/aquilon_dlp.db | High | Findings and cache |
| Custom policies | /etc/aquilon-dlp/policies/ | High | If using custom policies |
| Retention config | /etc/aquilon-dlp/retention_config.toml | Medium | Compliance retention settings |
Backup Procedures
Configuration Backup
# Create backup directory
mkdir -p /backup/aquilon-dlp/$(date +%Y%m%d)
# Backup configuration
cp /etc/aquilon-dlp/aquilon_dlp_config.toml /backup/aquilon-dlp/$(date +%Y%m%d)/
# Backup custom policies (if any)
cp -r /etc/aquilon-dlp/policies/ /backup/aquilon-dlp/$(date +%Y%m%d)/ 2>/dev/null || true
# Backup retention config (if any)
cp /etc/aquilon-dlp/retention_config.toml /backup/aquilon-dlp/$(date +%Y%m%d)/ 2>/dev/null || true
Database Backup
Hot backup (service running):
# SQLite hot backup
sqlite3 /var/lib/aquilon-dlp/aquilon_dlp.db ".backup /backup/aquilon-dlp/$(date +%Y%m%d)/aquilon_dlp.db"
# Verify backup
sqlite3 /backup/aquilon-dlp/$(date +%Y%m%d)/aquilon_dlp.db "PRAGMA integrity_check;"
Cold backup (service stopped):
# Stop service
sudo systemctl stop aquilon-dlp
# Copy database
cp /var/lib/aquilon-dlp/aquilon_dlp.db /backup/aquilon-dlp/$(date +%Y%m%d)/
# Restart service
sudo systemctl start aquilon-dlp
Complete Backup Script
Create /usr/local/bin/aquilon-dlp-backup.sh:
#!/bin/bash
set -e
BACKUP_DIR="/backup/aquilon-dlp/$(date +%Y%m%d_%H%M%S)"
mkdir -p "$BACKUP_DIR"
echo "Backing up Aquilon DLP to $BACKUP_DIR"
# Configuration
cp /etc/aquilon-dlp/aquilon_dlp_config.toml "$BACKUP_DIR/"
cp /etc/aquilon-dlp/retention_config.toml "$BACKUP_DIR/" 2>/dev/null || true
cp -r /etc/aquilon-dlp/policies/ "$BACKUP_DIR/" 2>/dev/null || true
# Database (hot backup)
sqlite3 /var/lib/aquilon-dlp/aquilon_dlp.db ".backup $BACKUP_DIR/aquilon_dlp.db"
# Verify
sqlite3 "$BACKUP_DIR/aquilon_dlp.db" "PRAGMA integrity_check;" > "$BACKUP_DIR/integrity.txt"
# Compress
tar -czf "$BACKUP_DIR.tar.gz" -C "$(dirname $BACKUP_DIR)" "$(basename $BACKUP_DIR)"
rm -rf "$BACKUP_DIR"
echo "Backup complete: $BACKUP_DIR.tar.gz"
Automated Backups
Add to crontab:
# Daily backup at 2 AM
0 2 * * * /usr/local/bin/aquilon-dlp-backup.sh >> /var/log/aquilon-dlp-backup.log 2>&1
Restore Procedures
Configuration Restore
# Stop service
sudo systemctl stop aquilon-dlp
# Restore configuration
cp /backup/aquilon-dlp/20240115/aquilon_dlp_config.toml /etc/aquilon-dlp/
# Restore custom policies (if any)
cp -r /backup/aquilon-dlp/20240115/policies/ /etc/aquilon-dlp/ 2>/dev/null || true
# Validate configuration
aquilon-dlp --validate-config /etc/aquilon-dlp/aquilon_dlp_config.toml
# Restart service
sudo systemctl start aquilon-dlp
Database Restore
# Stop service
sudo systemctl stop aquilon-dlp
# Backup current database (in case restore fails)
cp /var/lib/aquilon-dlp/aquilon_dlp.db /var/lib/aquilon-dlp/aquilon_dlp.db.bak
# Restore from backup
cp /backup/aquilon-dlp/20240115/aquilon_dlp.db /var/lib/aquilon-dlp/
# Verify restored database
sqlite3 /var/lib/aquilon-dlp/aquilon_dlp.db "PRAGMA integrity_check;"
# Restart service
sudo systemctl start aquilon-dlp
# Verify service health
sleep 5
systemctl status aquilon-dlp
Complete Restore Script
#!/bin/bash
set -e
BACKUP_FILE="$1"
if [ -z "$BACKUP_FILE" ]; then
echo "Usage: $0 /path/to/backup.tar.gz"
exit 1
fi
echo "Restoring from $BACKUP_FILE"
# Extract backup
TEMP_DIR=$(mktemp -d)
tar -xzf "$BACKUP_FILE" -C "$TEMP_DIR"
BACKUP_DIR=$(ls "$TEMP_DIR")
# Stop service
sudo systemctl stop aquilon-dlp
# Backup current state
mkdir -p /backup/aquilon-dlp/pre-restore
cp /etc/aquilon-dlp/aquilon_dlp_config.toml /backup/aquilon-dlp/pre-restore/
cp /var/lib/aquilon-dlp/aquilon_dlp.db /backup/aquilon-dlp/pre-restore/
# Restore configuration
cp "$TEMP_DIR/$BACKUP_DIR/aquilon_dlp_config.toml" /etc/aquilon-dlp/
# Restore database
cp "$TEMP_DIR/$BACKUP_DIR/aquilon_dlp.db" /var/lib/aquilon-dlp/
# Verify
sqlite3 /var/lib/aquilon-dlp/aquilon_dlp.db "PRAGMA integrity_check;"
aquilon-dlp --validate-config /etc/aquilon-dlp/aquilon_dlp_config.toml
# Cleanup
rm -rf "$TEMP_DIR"
# Restart service
sudo systemctl start aquilon-dlp
echo "Restore complete"
Verification
Post-Restore Checklist
- Service starts successfully
- Configuration validates without errors
- Database integrity check passes
- OSQuery tables return data
- New findings are being generated
Verification Queries
-- Check database has data
SELECT COUNT(*) as total_alerts FROM aquilon_dlp_alerts;
-- Check recent activity
SELECT MAX(timestamp) as last_alert, COUNT(*) as total
FROM aquilon_dlp_alerts;
Log Review
After restore, check logs for errors:
# Linux
sudo journalctl -u aquilon-dlp -n 50 --no-pager
# macOS
tail -50 /var/log/aquilon-dlp/stderr.log
Retention Policy
Backup Retention
Recommended retention schedule:
| Backup Type | Retention |
|---|---|
| Daily | 7 days |
| Weekly | 4 weeks |
| Monthly | 12 months |
Cleanup Script
#!/bin/bash
BACKUP_DIR="/backup/aquilon-dlp"
# Remove backups older than 7 days
find "$BACKUP_DIR" -name "*.tar.gz" -mtime +7 -delete
echo "Cleaned up old backups"
Cloud Backup
AWS S3
# Upload to S3
aws s3 cp /backup/aquilon-dlp/20240115.tar.gz s3://my-bucket/aquilon-dlp/
# Restore from S3
aws s3 cp s3://my-bucket/aquilon-dlp/20240115.tar.gz /tmp/
./restore.sh /tmp/20240115.tar.gz
Azure Blob
# Upload to Azure
az storage blob upload \
--container-name backups \
--file /backup/aquilon-dlp/20240115.tar.gz \
--name aquilon-dlp/20240115.tar.gz