Backup and Recovery Plan for Small Industry Setup

Threat Modeling & Data Identification

To identify potential threats to data availability, integrity, and confidentiality across all key servers (apps-a, db-a, backup-a, mgmt-a) and to Catalogue the critical data that must be protected to ensure operational continuity and recoverability — with special emphasis on ownCloud.

Threat Modeling Table

Data Identification Table

Backup Strategy Development

Define how, how often, and with what tools each type of data across all servers is backed up — ensuring protection against system failures, security breaches, and human error.

Backup Tools Used

Backup Strategy Matrix

Backup Job Rotation Policy

Restoration Checklists

1. apps-a – Application Server (OwnCloud)

• Restore ownCloud files:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/app/owncloud/ /var/www/owncloud/

• Restore Apache and PHP configs:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/app/apache2/ /etc/apache2/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/app/php/ /etc/php/7.4/

• Restore Puppet and Nagios configs:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/app/etc/puppetlabs/ /etc/puppetlabs/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/app/opt/puppetlabs/ /opt/puppetlabs/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/app/nrpe/ /etc/nagios/nrpe.cfg

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/app/nagios-plugins-lib/ /usr/lib/nagios/plugins/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/app/nagios-plugins/ /etc/nagios-plugins/

• Restore firewall and hostname:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/app/ufw/ /etc/ufw/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/app/system-config/hosts /etc/hosts

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/app/system-config/hostname /etc/hostname

• Restart services:

  systemctl restart apache2

  ufw reload

• Confirm ownCloud UI is accessible at:

  http://group-a.op-bit.nz/

2. db-a – Database Server

• Restore MySQL Database Dumps:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/db/db-dumps/ /home/group-a/

• Import them into MySQL (run as root):

  mysql -u root < /home/group-a/owncloud.sql

  mysql -u root < /home/group-a/mysql.sql

• Restore MySQL Server Configuration:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/db/mysql-config/ /etc/mysql/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/db/mysql-config/50-server.cnf /etc/mysql/mariadb.conf.d/50-server.cnf

• Restore Puppet and Nagios configs:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/db/etc/puppetlabs/ /etc/puppetlabs/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/db/opt/puppetlabs/ /opt/puppetlabs/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/db/nrpe/ /etc/nagios/nrpe.cfg

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/db/nagios-plugins-lib/ /usr/lib/nagios/plugins/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/db/nagios-plugins/ /etc/nagios-plugins/

  Restart NRPE if needed:

  systemctl restart nagios-nrpe-server

• Restore firewall and hostname:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/db/ufw/ /etc/ufw/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/db/system-config/hosts /etc/hosts

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/db/system-config/hostname /etc/hostname

3. backup-a – Local Backup Server

• Restore Prometheus:

  Restore Prometheus binary:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/backup/prometheus/bin/ /usr/local/bin/prometheus/

  Restore Prometheus systemd service:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/backup/prometheus/service/prometheus.service /etc/systemd/system/prometheus.service

  Reload systemd and start Prometheus:

  sudo systemctl daemon-reload

  sudo systemctl start prometheus

• Restore Node Exporter:

  Restore Node Exporter binary:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/backup/node_exporter/bin/ /usr/local/bin/node_exporter/

  Restore Node Exporter systemd service:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/backup/node_exporter/service/node_exporter.service /etc/systemd/system/node_exporter.service

  Reload systemd and start Node Exporter:

  sudo systemctl daemon-reload

  sudo systemctl start node_exporter

• Restore Puppet and Nagios configs:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/backup/etc/puppetlabs/ /etc/puppetlabs/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/backup/opt/puppetlabs/ /opt/puppetlabs/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/backup/nrpe/ /etc/nagios/nrpe.cfg

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/backup/nagios-plugins-lib/ /usr/lib/nagios/plugins/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/backup/nagios-plugins/ /etc/nagios-plugins/

  Restart NRPE if needed:

  systemctl restart nagios-nrpe-server

• Restore firewall and hostname:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/backup/ufw/ /etc/ufw/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/backup/system-config/hosts /etc/hosts

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/backup/system-config/hostname /etc/hostname

4. mgmt-a – Management Server

• Restore Puppet Configuration:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/mgmt/etc/puppetlabs/ /etc/puppetlabs/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/mgmt/opt/puppetlabs/ /opt/puppetlabs/

• Restore Nagios Core (Central Monitoring)

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/mgmt/nagios4/ /etc/nagios4/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/mgmt/nagios-plugins/ /etc/nagios-plugins/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/mgmt/nagios-plugins-lib/ /usr/lib/nagios/plugins/

  Restart Nagios service:

  sudo systemctl restart nagios

• Restore NTP (Time Sync Config)

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/mgmt/ntp/ntp.conf /etc/ntp.conf

• Restore firewall and hostname:

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/mgmt/ufw/ /etc/ufw/

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/mgmt/system-config/hosts /etc/hosts

  rsync -avz -e "ssh -i /etc/backup/.ssh/id_rsa" [email protected]:/home/group-a/storage/mgmt/system-config/hostname /etc/hostname

IP & DNS Contingency Planning