topic Re: firepower crontab in Network Security

firepower crontab

jbates5873 — Mon, 13 Nov 2023 04:42:36 GMT

hi all,

I am trying to make a firepower using FDM automatically backup its config files to our backup server.

I have accessed it using the root shell, and made the script and tested it works as expected and it does. However when i put it into /etc/cron.daily it does not run.

Originally, i tried editing the crontab. but it was a jumbled mess (assuming by design) so went looking and found cron.daily.

I understand that this is probably "not supported" but lets ignore that, and see if there is a way that i can get this automated sync happening. Im amazed that FDM does not support remote backup in the base product.

Im keen to see what we can come up with.

Many thanks

Jason

Re: firepower crontab

MHM Cisco World — Mon, 13 Nov 2023 08:41:17 GMT

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-mgmt.html#id_14709

check this you can from FDM backup not need via CLI

Thanks A Lot
MHM

Re: firepower crontab

balaji.bandi — Mon, 13 Nov 2023 10:42:38 GMT

check below thread can help you : (if GUI not helpfull for you ?)

https://community.cisco.com/t5/security-knowledge-base/firepower-device-manager-fdm-backup-amp-restore-using-rest-api/ta-p/4178793

Re: firepower crontab

jbates5873 — Mon, 13 Nov 2023 10:47:08 GMT

i have the backups running on a schedule as needed. My issue is getting them from the FTD to our backup server using SCP or some other method.

I have a script in /etc/cron.daily that runs the command to sync it, and that works as expected.

My issue is scheduling that script to run daily. Having it in the cron.daily folder isnt working.

Re: firepower crontab

jbates5873 — Mon, 13 Nov 2023 10:48:52 GMT

i came across this a while ago, but that only makes the backup. It doesnt allow extraction.

that script (as far as i can tell) runs the backup on the box, and you need to retrieve it.

Im wanting the FTD to sync its backup folder to our backup server automatically.

Re: firepower crontab

balaji.bandi — Mon, 13 Nov 2023 10:50:34 GMT

i have not tried command level

Try if you can use "crontab -e" and add scheduled.

Re: firepower crontab

jbates5873 — Tue, 23 Jan 2024 04:48:46 GMT

OK, just to check back onto this, as i have resolved my own issue.

The below will allow you to configure an external target that you can push your FDM backups to in case the unit dies and you need to recover it.

Whats the point of having the backup stored on the box thats just died? Poor effort Cisco.

You will need to have generated a RSA SSH key pair already, and have the public key loaded into your target server.

SSH into the firepower unit and access expert mode.

ssh <firepower_user>@<firepower_ip> expert

Create the SSH Private Key file and set its permissions to the required level.

vi /ngfw/home/admin/.ssh/id_rsa <Insert Mode> <Paste Private key into terminal> <Escape> :wq chmod 400 /ngfw/home/admin/.ssh/id_rsa

enter sudo mode in Firepower

sudo su

Create the backup script that is called daily and also set it to be executable

vi /ngfw/etc/cron.daily/1_firepower_backup <Insert Mode> <Paste below command into terminal> #!/bin/sh rsync --archive --progress --verbose --rsh 'ssh -oPort=22 -i /ngfw/home/admin/.ssh/id_rsa' /var/sf/backup/ <backup_server_username>@<backup_server_ip>:<backup_server_target_location> <Escape> :wq chmod +x /ngfw/etc/cron.daily/1_firepower_backup

To see the schedule that your cron.daily runs at, you can execute

cat /ngfw/etc/crontab

It will come back with the cron schedule

SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO="" HOME=/ # run-parts #m h dom mon dow user command */5 * * * * root run-parts /ngfw/etc/cron.5min 01 * * * * root run-parts /ngfw/etc/cron.hourly 02 4 * * * root run-parts /ngfw/etc/cron.daily 22 4 * * 0 root run-parts /ngfw/etc/cron.weekly 42 4 1 * * root run-parts /ngfw/etc/cron.monthly

And thats it. That should have your firepower backing up to an external target daily.