Skip to main content

System Backup and Restore

System Backup and System Restore are configured and ran in the CLI as root. There is a Backup script located at /opt/hermes/scripts/system_backup.sh and a Restore script located at /opt/hermes/scripts/system_restore.sh. These scripts should not be moved/copied to other locations. System Backups should be scheduled via Cron or other mechanism to point to  /opt/hermes/scripts/system_backup.sh.

Before scheduling system_backup.sh, it's highly recommended that you run it manually to ensure proper operation before scheduling it. The backups can be stored to any mount that you have previously configured in your system such as local, SMB, NFS etc...

System Backup

The /opt/hermes/scripts/system_backup.sh script accepts several flags with corresponding values enclosed in single quotes in order to configure its behavior.

  • The -D flag sets the number of days of backups to retain. For example, -D '7' would configure it to delete any backups older than 7 days.
  • The -P flag sets the path to store the backups WITHOUT the trailing slash. For example -P '/mnt/backups' configures the backup to store all backups in the /mnt/backups path. Please note that backup logs are also automatically stored in that path.
  • The -E flag sets the recipient to send backup success/failure notifications. For example, -E 'to@domain.tld' configures the backup to send notifications to to@domain.tld.
  • The -F flag sets the sender where the backup success/failure notifications would come from. For example, -F ' 'from@domain.tld' configures the backup to send notications from from@domain.tld.
  • The -B flag sets the backup mode. The backup mode can be either system (backs up all Hermes related files and databases EXCLUDING the e-mail archive), archive (backs up ONLY the e-mail archive) or all (backups all Hermes related files including the databases as well as the e-mail archive). For example, -B 'system' sets the backup mode to back up all Hermes related files and databases. 
  • The -R flag sets the MySQL root password that the backup will need in order to back up all the Hermes databases. For example, - R 'supersercretpass' sets the MySQL root password to supersercretpass.

Putting it all together, if you wanted to run an all backup, you can run a command similar to below:

/opt/hermes/scripts/system_backup.sh -D '7' -P '/mnt/backups' -E 'to@domain.tld' -F 'from@domain.tld' -B 'all' -R 'supersercretpass'

Please note that depending on what Backup Mode you use, the system will store an appropriately named backup file in the backup location. For example, hermes-system-220410-08-16-2024-0920.tar.gz backup file is system backup as noted by the word system in its name. In case of an all Backup Mode, the system will generate two backup files, one backup file will contain the system backup and the other backup file will contain the e-mail archive backup. In addition to the type of backup, the backup file also includes the build number (in this case 220410) as well as the date/time the backup was created. The build number becomes very important when you attempt to perform a System Restore. 

System Restore

System Restore WILL NOT install any programs, therefore, it requires that you have an already existing and fully updated Ubuntu 20.04 LTS Server plain "vanilla" machine with a /mnt/data directory for database and email archive storage. Then, you install the same build of Hermes SEG as the build number of the backup file you are attempting to restore.

System Preparation

Please note that Hermes SEG will NOT run in a LXC Environment

Required Information

Ensure you have that information available before you begin:

  • MySQL(MariaDB) root user password you wish to use
  • MySQL(MariaDB) username you wish to use with the hermes database (Example: hermes)
  • MySQL(MariaDB) password you wish to use with the hermes database user
  • MySQL(MariaDB) username you wish to use with the Syslog database (Example: rsyslog)
  • MySQL(MariaDB) password you wish to use with the Syslog database user
  • MySQL(MariaDB) username you wish to use with the cipermail database (Example: ciphermail)
  • MySQL(MariaDB) password you wish to use with the ciphermail database user
  • MySQL(MariaDB) username you wish to use with the opendmarc database (Example: opendmarc)
  • MySQL(MariaDB) password you wish to use with the opendmarc database user
  • Lucee Server and Web Administrator password you wish to use
  • System Mailname (Example: smtp.domain.tld)

The Configure /mnt/data partition directions below assume you have a 250GB secondary drive which you will partition, format and mount as /mnt/data.

Technically a secondary drive for the /mnt/data directory is not a requirement but it's highly recommended for performance reasons. If you don't wish to use a secondary drive for the /mnt/data directory, simply create a /mnt/data directory in your system.

Configure /mnt/data partition
sudo mkdir /mnt/data
sudo fdisk -l

Look for 250 GB drive you created earlier device ID, usually /dev/sdb. Ensure you select correct device ID before running the commands below)

Create partition:

sudo fdisk /dev/sdb
  • Hit "n" to add new partition
  • Hit "p" for primary partition
  • Hit "Enter" for partition 1
  • Hit "Enter" for default first sector
  • Hit "Enter" for default last sector
  • Hit "w" to write changes to disk and exit

Format Partition:

sudo mkfs.ext4 /dev/sdb1

Mount Partition to /mnt/data:

sudo mount /dev/sdb1 /mnt/data

Get disk UUID:

ls -l /dev/disk/by-uuid

Edit /etc/fstab:

sudo vi /etc/fstab

Add the following in /etc/fstab where DEVICE_ID is the UUID from the command above:

UUID=DEVICE_ID /mnt/data ext4 errors=remount-ro 0 1

Verify drive is mounted:

sudo df -h

Should yield output similar to below:

Filesystem      Size  Used Avail Use% Mounted on
udev            1.9G     0  1.9G   0% /dev
tmpfs           395M  1.1M  394M   1% /run
/dev/sda2        79G  5.5G   69G   8% /
tmpfs           2.0G     0  2.0G   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           2.0G     0  2.0G   0% /sys/fs/cgroup
/dev/loop0       87M   87M     0 100% /snap/core/4917
/dev/loop1       90M   90M     0 100% /snap/core/8039
tmpfs           395M     0  395M   0% /run/user/1000
/dev/sdb1       246G   61M  233G   1% /mnt/data

Reboot and ensure /mnt/data gets mounted automatically.

Install Hermes SEG using specific build number

Identify the build number from the restore file you wish to restore. For example, the build number for restore file hermes-system-220410-08-16-2024-0920.tar.gz is 220410.

Git Clone Method

After identifying the build number, from the CLI as root git clone the desired build using the following command where build-220410 is the desired build:

git clone --depth 1 --branch build-220410 https://github.com/deeztek/Hermes-Secure-Email-Gateway

This will clone the repository into directory Hermes-Secure-Email-Gateway

Change to the Hermes-Secure-Email-Gateway directory:

cd Hermes-Secure-Email-Gateway/

Make script executable:

sudo chmod +x ubuntu_hermes_install.sh

Run the script as root:

sudo ./ubuntu_hermes_install.sh

https://github.com/deeztek/Hermes-Secure-Email-Gateway/releases

Back to top