X hits on this document

123 views

0 shares

0 downloads

0 comments

24 / 47

Orion Incident Response Live CD 2

6.5.4. Citadel Data Archive

The recommended configuration is a Citadel server on the primary handler’s system with periodic backups of the database. Orion includes the script backup-citadel to copy the Citadel data and configuration to a backup location using rsync over SSH. The Citadel database is contained within the directory /var/lib/citadel, and the remaining configuration can be found in /etc/citadel. Citadel can also maintain complete transaction logs in /var/lib/citadel/data/. With this feature enabled, an off-system archive of this data provides a very handy forensic history of all communication and collaboration associated with the incident.

root@orion:/orion/scripts# ./backup-citadel Usage: ./backup-citadel <path> Rsync Citadel data and config to <path> ======================================= Path (user@host:/path if remote): john@192.168.1.101:ORION Enter passphrase for key ‘/root/.ssh/orion’: building file list ... done created directory ORION citadel/ citadel/bio/ citadel/bitbucket/ citadel/data/ citadel/data/cdb.00 citadel/data/cdb.01 citadel/data/log.0000000001 citadel/files/ citadel/images/

sent 10714110 total size is

bytes

received 426 bytes

10711559

speedup

is

1.00

1020432.00 bytes/sec

Hit any key to close this window ->

Figure 18: backup-citadel command

John Jarocki, john.jarocki@gmail.com

Document info
Document views123
Page views124
Page last viewedSun Dec 04 04:15:37 UTC 2016
Pages47
Paragraphs864
Words8806

Comments