System Backup and Restore

System Backup and System Restore are configured and ran in the CLI as root. There is a Backup script located at /opt/hermes/scripts/system_backup.sh and a Restore script located at /opt/hermes/scripts/system_restore.sh. These scripts should not be moved/copied to other locations. System Backups should be scheduled via Cron or other mechanism to point to  /opt/hermes/scripts/system_backup.sh.

Before scheduling system_backup.sh, it's highly recommended that you run it manually to ensure proper operation before scheduling it. The backups can be stored to any mount that you have previously configured in your system such as local, SMB, NFS etc...

System Backup

The /opt/hermes/scripts/system_backup.sh script accepts several flags with corresponding values enclosed in single quotes in order to configure its behavior.

• The -D flag sets the number of days of backups to retain. For example, -D '7' would configure it to delete any backups older than 7 days.
• The -P flag sets the path to store the backups WITHOUT the trailing slash. For example -P '/mnt/backups' configures the backup to store all backups in the /mnt/backups path. Please note that backup logs are also automatically stored in that path.
• The -E flag sets the recipient to send backup success/failure notifications. For example, -E 'to@domain.tld' configures the backup to send notifications to to@domain.tld.
• The -F flag sets the sender where the backup success/failure notifications would come from. For example, -F ' 'from@domain.tld' configures the backup to send notications from from@domain.tld.
• The -B flag sets the backup mode. The backup mode can be either system (backs up all Hermes related files and databases EXCLUDING the e-mail archive), archive (backs up ONLY the e-mail archive) or all (backups all Hermes related files including the databases as well as the e-mail archive). For example, -B 'system' sets the backup mode to back up all Hermes related files and databases. 
• The -R flag sets the MySQL root password that the backup will need in order to back up all the Hermes databases. For example, - R 'supersercretpass' sets the MySQL root password to supersercretpass.

Putting it all together, if you wanted to run an all backup, you can run a command similar to below:

/opt/hermes/scripts/system_backup.sh -D '7' -P '/mnt/backups' -E 'to@domain.tld' -F 'from@domain.tld' -B 'all' -R 'supersercretpass'

Please note that depending on what Backup Mode you use, the system will store an appropriately named backup file in the backup location. For example, hermes-system-220410-08-16-2024-0920.tar.gz backup file is system backup as noted by the word system in its name. In case of an all Backup Mode, the system will generate two backup files, one backup file will contain the system backup and the other backup file will contain the e-mail archive backup. In addition to the type of backup, the backup file also includes the build number (in this case 220410) as well as the date/time the backup was created. The build number becomes very important when you attempt to perform a System Restore. 

System Restore

System Restore WILL NOT install any programs, therefore, it requires that you have an already existing and fully updated Ubuntu 20.04 LTS Server plain "vanilla" machine with a /mnt/data directory for database and email archive storage. Then, you install the same build of Hermes SEG as the build number of the backup file you are attempting to restore.

System Preparation

Please note that Hermes SEG will NOT run in a LXC Environment

Required Information

Ensure you have that information available before you begin:

• MySQL(MariaDB) root user password you wish to use
• MySQL(MariaDB) username you wish to use with the hermes database (Example: hermes)
• MySQL(MariaDB) password you wish to use with the hermes database user
• MySQL(MariaDB) username you wish to use with the Syslog database (Example: rsyslog)
• MySQL(MariaDB) password you wish to use with the Syslog database user
• MySQL(MariaDB) username you wish to use with the cipermail database (Example: ciphermail)
• MySQL(MariaDB) password you wish to use with the ciphermail database user
• MySQL(MariaDB) username you wish to use with the opendmarc database (Example: opendmarc)
• MySQL(MariaDB) password you wish to use with the opendmarc database user
• Lucee Server and Web Administrator password you wish to use
• System Mailname (Example: smtp.domain.tld)

The Configure /mnt/data partition directions below assume you have a 250GB secondary drive which you will partition, format and mount as /mnt/data.

Technically a secondary drive for the /mnt/data directory is not a requirement but it's highly recommended for performance reasons. If you don't wish to use a secondary drive for the /mnt/data directory, simply create a /mnt/data directory in your system.

Configure /mnt/data partition

sudo mkdir /mnt/data

sudo fdisk -l

Look for 250 GB drive you created earlier device ID, usually /dev/sdb. Ensure you select correct device ID before running the commands below)

Create partition:

sudo fdisk /dev/sdb

• Hit "n" to add new partition
• Hit "p" for primary partition
• Hit "Enter" for partition 1
• Hit "Enter" for default first sector
• Hit "Enter" for default last sector
• Hit "w" to write changes to disk and exit

Format Partition:

sudo mkfs.ext4 /dev/sdb1

Mount Partition to /mnt/data:

sudo mount /dev/sdb1 /mnt/data

Get disk UUID:

ls -l /dev/disk/by-uuid

Edit /etc/fstab:

sudo vi /etc/fstab

Add the following in /etc/fstab where DEVICE_ID is the UUID from the command above:

UUID=DEVICE_ID /mnt/data ext4 errors=remount-ro 0 1

Verify drive is mounted:

sudo df -h

Should yield output similar to below:

Filesystem      Size  Used Avail Use% Mounted on
udev            1.9G     0  1.9G   0% /dev
tmpfs           395M  1.1M  394M   1% /run
/dev/sda2        79G  5.5G   69G   8% /
tmpfs           2.0G     0  2.0G   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           2.0G     0  2.0G   0% /sys/fs/cgroup
/dev/loop0       87M   87M     0 100% /snap/core/4917
/dev/loop1       90M   90M     0 100% /snap/core/8039
tmpfs           395M     0  395M   0% /run/user/1000
/dev/sdb1       246G   61M  233G   1% /mnt/data

Reboot and ensure /mnt/data gets mounted automatically.

Install Hermes SEG using specific build number

The instructions below have ONLY been tested on Hermes SEG build-220410 and above. Do not use on any builds lower than build-220410.

Identify the build number from the restore file you wish to restore. For example, the build number for restore file hermes-system-220410-08-16-2024-0920.tar.gz is 220410.

After identifying the build number, from the CLI as root git clone the desired build using the following command where build-220410 is the desired build:

git clone --depth 1 --branch build-220410 https://github.com/deeztek/Hermes-Secure-Email-Gateway

This will clone the repository into directory Hermes-Secure-Email-Gateway. 

Change to the Hermes-Secure-Email-Gateway directory:

cd Hermes-Secure-Email-Gateway/

If you are installing Hermes Build 220410 and below, download ubuntu_hermes_old_install.sh and overwrite existing one. Do NOT run the command below if you are installing Hermes Build 231130 and above:

wget https://raw.githubusercontent.com/deeztek/Hermes-Secure-Email-Gateway/master/ubuntu_hermes_old_install.sh -O ubuntu_hermes_install.sh

Make script executable:

sudo chmod +x ubuntu_hermes_install.sh

Run the script as root and follow the prompt to install Hermes SEG:

sudo ./ubuntu_hermes_install.sh

Once installation is complete, reboot your computer, ensure everything is running and then continue below to perform a System Restore.

Perform a Restore

Before you can perform a restore, you must have already mounted the location where all you backup files are stored accessible to the /opt/hermes/scripts/system_restore.sh script. Additionally, be aware that once you restore a backup, all existing Hermes SEG credentials including the database credentials will be replaced by the credentials in the backup.

If you have a Hermes SEG Pro installation with a valid license, please be aware that your license will have to be re-installed and re-activated in the restored system. Please send the serial number to support@deeztek.com and let us know that you wish to activate the license on a new system.

The recommended order of restoring backups is to first perform a system restore and once that completes, reboot your computer and then perform an archive restore. Archive restores can take a very long time to complete depending on the size of the data being restored, thus it's best to have your system already up and running and processing e-mail while the archive restore is running. This method will minimize down time.

The /opt/hermes/scripts/system_restore.sh script accepts several flags with corresponding values enclosed in single quotes in order to configure its behavior.

• The -F flag sets the full path to the backup file you wish to restore. For example, -F 
  '/mnt/backups/hermes-system-220410-08-16-2024-0920.tar.gz'.
• The -M flag sets the Restore Mode you wish to perform. It should be either 'system' or 'archive' For example -M 'system' sets to restore a system backup. The mode you wish to use depends on the file you wish to restore. 
• The -R flag sets the MySQL root password that the backup will need in order to restore up all the Hermes databases. For example, - R 'supersercretpass' sets the MySQL root password to supersercretpass.
  

Putting it all together, if you wanted to run a system mode restore, you can run a command similar to below:

 /opt/hermes/scripts/system_restore.sh -F '/mnt/backups/hermes-system-220410-08-11-2024-0822.tar.gz' -M 'system' -R 'supersecretpass'

Once the restore is complete, reboot your computer and ensure everything has been restored and your machine is processing e-mail as intended.