Configuring Remote Backup

Scenarios

To perform remote backup is to back up the data of a server to another server. Currently, it is only supported for Linux servers.

When you enable WTP on a Linux server, specify a local backup path. HSS will back up protected directories to that path. (The user-defined excluded subdirectories and file types will not be configured). Once the files in the protected directories are modified, HSS will automatically restore them.

For higher security, configure remote backup. Even if local server backup is damaged by attackers, you can log in to the remote backup server, go to the backup path, and obtain the remote backup to manually restore tampered web pages. You can view the backup path on the Manage Remote Backup Servers page. For details, see Modifying a Remote Backup Server.

Constraints

• Only Linux servers support remote backup.
• A remote backup server must be a Huawei Cloud Linux server. Ensure the server status is Running, and the server has an HSS agent in Online status.
• The remote backup server must connect to the protected server. To enjoy quick and stable backup, put the two servers in same intranet.

Remote Backup Configuration Process

Perform the following operations:

1. Adding a Remote Backup Server
2. Enabling Remote Backup

For details about how to modify or disable remote backup, see Modifying a Remote Backup Server and Disabling Remote Backup.

Adding a Remote Backup Server

1. Log in to the management console.
2. Click in the upper left corner of the page, select a region, and choose Security & Compliance > Host Security Service to go to the HSS management console.
3. In the navigation pane, choose Server Protection > Web Tamper Protection.
4. In the Operation column of a server, choose More > Manage Remote Backup Servers.
5. On the Manage Remote Backup Servers page, click Add Backup Server.
6. In the dialog box that is displayed, enter backup server information. For more information, see Table 1.
   Figure 1 Adding a remote backup server
   

   Table 1 Backup server parameters

   Parameter	Description
   Server Name	Select a server from the drop-down list.
   Address	This parameter will be automatically set after a server is selected.
   Port	Enter a port to be used for data backup.
   Backup Path	Enter a complete backup path. A backup path cannot contain semicolons (;), start with a space, or end with a slash (/). Up to 256 characters are allowed. Key system directories are a main attack target and cannot be used as backup paths, including but not limited to /etc/, /bin/, /usr/bin/, /var/spool/, /usr/sbin/, /sbin/, /usr/lib/, /lib/, /lib64/, /usr/lib64/, and their subdirectories. If the protected directories of multiple servers are backed up to the same remote backup server, the data will be stored in separate folders named after agent IDs. Assume the protected directories of the two servers are /hss01 and hss02, and the agent IDs of the two servers are f1fdbabc-6cdc-43af-acab-e4e6f086625f and f2ddbabc-6cdc-43af-abcd-e4e6f086626f, and the remote backup path is /hss01. The corresponding backup paths are /hss01/f1fdbabc-6cdc-43af-acab-e4e6f086625f and /hss01/f2ddbabc-6cdc-43af-abcd-e4e6f086626f.

7. Click OK.
8. On the Manage Remote Backup Servers page, check the status of the target server. If the status is Running, the remote backup server has been added.

   The status of a remote backup server indicates whether the server can be used for backup. For details, see Table 2.

   Table 2 Remote backup server status

   Status	Description
   Not started	The WTP backup policy has not been delivered.
   Starting	The WTP backup policy is being delivered.
   Running	The WTP backup policy has been delivered. You can start backup.
   Startup Failed	The server agent is offline, and the WTP backup policy fails to be delivered.

Enabling Remote Backup

1. Log in to the management console.
2. Click in the upper left corner of the page, select a region, and choose Security & Compliance > Host Security Service to go to the HSS management console.
3. In the navigation pane, choose Server Protection > Web Tamper Protection.
4. In the Operation column of a server, choose More > Enable Remote Backup.
5. On the Enable Remote Backup page, select a server and click OK.
   Figure 2 Enabling remote backup
   

Modifying a Remote Backup Server

After a remote backup server is added, you can modify its backup path and port.

1. Log in to the management console.
2. Click in the upper left corner of the page, select a region, and choose Security & Compliance > Host Security Service to go to the HSS management console.
3. In the navigation pane, choose Server Protection > Web Tamper Protection.
4. In the Operation column of a server, choose More > Manage Remote Backup Servers.
5. In the Operation column of a remote backup server, click Edit.
6. In the Configure Remote Backup Server dialog box, modify server information.
7. Click OK.
8. On the Manage Remote Backup Servers page, check the status of the target server. If the status is Running, the remote backup server has been modified.

Disabling Remote Backup

1. Log in to the management console.
2. Click in the upper left corner of the page, select a region, and choose Security & Compliance > Host Security Service to go to the HSS management console.
3. In the navigation pane, choose Server Protection > Web Tamper Protection.
4. Disable remote backup in either of the following ways:
   • Disable remote backup only
     1. In the Operation column of a server, choose More > Disable Remote Backup.
     2. In the dialog box that is displayed, set YES and click OK.
   • Disable remote backup and delete the remote backup server
     1. In the Operation column of a server, choose More > Manage Remote Backup Servers.
     2. In the Operation column of a remote backup server, click Delete.
     3. In the dialog box that is displayed, click OK.