sysconf config backup
Back up the appliance configuration data, and save it to the appliance file system. There is no limit on the size of individual backup files (version 7.8.5 onward) or the number of backups that can be stored on the file system, other than the available space. This space is shared by other files, such as spkg and log files, so account for this when planning your backup and restore strategy.
NOTE If the configuration content is less than 64 KB, a single file is generated with a name that includes the creation date and time.
If the sysconf config backup command detects that your configuration is more than 64 KB, then it breaks the config content into chunks, each of less than 64 KB. The backup chunk files get the same name, except that each has a sequential number appended. An additional generated file contains a hash of all the chunk files, and is used to reassemble the large backup when you later restore with sysconf config restore (Luna Network HSM 7 appliance software version 7.8.5 onward).
If desired, you can use the command sysconf config export to save the backup file to the internal HSM, or an external backup token after you create it.
NOTE This command does not backup the HSM and partition configurations. See hsm backup and partition backup for more information.
Certificates, if any, are added to the backup archive, and are restored to the trust store upon sysconf config restore.
Audit log encryption uses the same certificates, so it is important to coordinate with the audit user for any changes.
The backup file includes configuration data for the following modules and services:
| CTC | Crypto Traffic Control configuration |
| Network | Network configuration |
| NTLS | NTLS configuration |
| NTP | Network Time Protocol configuration |
| SNMP | SNMP configuration |
| SSH | SSH configuration |
| Syslog | Syslog configuration |
| System | System configuration (keys and certificates) |
| Users | User accounts, passwords, and files |
| Webserver | Webserver configuration for REST API |
User Privileges
Users with the following privileges can perform this command:
>Admin
Syntax
sysconf config backup -description <comment> [-service <name>] [-factoryconfig]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -description <comment> | -d | Comment describing this backup. The description must be enclosed in double quotes if it contains spaces. |
| -service <name> | -s |
Specifies the individual service configuration to back up. If this option is not included, all service configurations are backed up as described above. Valid Values: network, ssh, ntls, syslog, ntp, snmp, users, system, webserver, ctc Service syslog uses the same certificates as audit log encryption. [ release 7.8.5 onward] |
| -factoryconfig | -f | Binary option. |
Example (pre-7.8.5)
lunash:>sysconf config backup -description "Configuration Backup 17-03-01" Created configuration backup file: local_host_Config_20170301_1200.tar.gz Command Result : 0 (Success)
Example (7.8.5 onward)
With a service selected
lunash:>sysconf config backup -service ntls -d ntls Created configuration backup file: local_host_Config_ntls_20240206_1657.tar.gz It is recommended to export the backup file to the internal HSM, or an external backup token to mitigate the risk of data loss. Command Result : 0 (Success) [local_host] lunash:>sysconf config list Configuration backup files in file system: Size | File Name | Description ----------------------------------------------------------------------------------------------------- 10970 | local_host_Config_ntls_20240206_1657.tar.gz | ntls Command Result : 0 (Success)
Without a service selected
lunash:>sysconf config backup -d "all of them" Created configuration backup file: local_host_Config_all_20240206_1657.tar.gz It is recommended to export the backup file to the internal HSM, or an external backup token to mitigate the risk of data loss. Command Result : 0 (Success) [local_host] lunash:>sysconf config list Configuration backup files in file system: Size | File Name | Description ----------------------------------------------------------------------------------------------------- 10970 | local_host_Config_ntls_20240206_1657.tar.gz | ntls 62972 | local_host_Config_all_20240206_1657.tar.gz | all of them Command Result : 0 (Success)
