public/Restore-TNServer.ps1
function Restore-TNServer { <# .SYNOPSIS Restores either Nessus or tenable.sc backups generated by Backup-TNServer .DESCRIPTION Restores either Nessus or tenable.sc backups generated by Backup-TNServer This command only works when the destination server is running linux .PARAMETER ComputerName Target Nessus or Tenable.sc IP Address or FQDN .PARAMETER Credential The credential to login. This user must have access to restart services and replace keys. Basically, the user must have access. .PARAMETER SshSession If you use a private key to connect to your server, use New-SshSession to configure what you need and pass it to SShSession instead of using ComputerName and Credential .PARAMETER SftpSession If you use a private key to connect to your server, use New-SftpSession to configure what you need and pass it to SShSession instead of using ComputerName and Credential .PARAMETER SshPort Port number of the Nessus SSH service. Defaults to 22. .PARAMETER FilePath The path to the tar.gz file .PARAMETER Type Nessus or Tenable.sc. .PARAMETER AcceptAnyThumbprint Give up security and accept any SSH host key. To be used in exceptional situations only, when security is not required. To set, use Posh-SSH commands. .PARAMETER EnableException By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch. .EXAMPLE PS> Restore-TNServer -ComputerName securitycenter.ad.local -Credential acasadmin -Type tenable.sc -FilePath C:\temp\sc_backup.tar.gz Restores C:\temp\sc_backup.tar.gz to securitycenter.ad.local and uses the acasadmin account which has sudo access .EXAMPLE PS> Get-ChildItem C:\temp\nessus_backup.tar.gz | Restore-TNServer -ComputerName securitycenter.ad.local -Credential $cred -Type Nessus Restores C:\temp\nessus_backup.tar.gz to securitycenter.ad.local and a credential which has sudo access #> [CmdletBinding()] param ( [object]$SshSession, [object]$SftpSession, [string]$ComputerName, [Management.Automation.PSCredential]$Credential, [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [ValidateScript( { Test-Path -Path $_ })] [Alias("FullName")] [string]$FilePath, [ValidateSet("tenable.sc", "Nessus")] [parameter(Mandatory)] [string]$Type, [int]$SshPort = 22, [switch]$AcceptAnyThumbprint, [switch]$EnableException ) process { if ((-not $PSBoundParameters.SshSession -and -not $PSBoundParameters.SftpSession) -and -not ($PSBoundParameters.ComputerName -and $PSBoundParameters.Credential)) { Stop-PSFFunction -EnableException:$EnableException -Message "You must specify either SshSession and SftpSession or ComputerName and Credential" return } # Set default parameter values $PSDefaultParameterValues['*-SCP*:Timeout'] = 1000000 $PSDefaultParameterValues['*-SSH*:Timeout'] = 1000000 $PSDefaultParameterValues['*-SSH*:ErrorAction'] = "Stop" $PSDefaultParameterValues['*-SCP*:ErrorAction'] = "Stop" $PSDefaultParameterValues['*-SCP*:Credential'] = $Credential $PSDefaultParameterValues['*-SSH*:Credential'] = $Credential $PSDefaultParameterValues['*-SSH*:ComputerName'] = $ComputerName $PSDefaultParameterValues['*-SCP*:ComputerName'] = $ComputerName $PSDefaultParameterValues['*-SCP*:AcceptKey'] = [bool]$AcceptAnyThumbprint $PSDefaultParameterValues['*-SSH*:AcceptKey'] = [bool]$AcceptAnyThumbprint $filename = Split-Path -Path $FilePath -Leaf $filename = "/tmp/$filename" try { Write-PSFMessage -Level Verbose -Message "Connecting to $ComputerName" Write-ProgressHelper -StepNumber ($stepCounter++) -Message "Connecting to $ComputerName" if (-not $PSBoundParameters.SshSession) { $SshSession = New-SSHSession -Port $SshPort } $PSDefaultParameterValues['*-SCP*:SessionId'] = $SshSession.SessionId $PSDefaultParameterValues['*-SSH*:SessionId'] = $SshSession.SessionId If ($PSBoundParameters.Credential -and $Credential.UserName -ne "root") { $sudo = "sudo" $stream = $SshSession.Session.CreateShellStream("PS-SSH", 0, 0, 0, 0, 1000) Write-PSFMessage -Level Verbose -Message "Logging in using $sudo" $results = Invoke-SSHStreamExpectSecureAction -ShellStream $stream -Command "sudo su -" -ExpectString "[sudo] password for $($Credential.UserName):" -SecureAction $Credential.Password $null = $stream.Read() Write-PSFMessage -Level Verbose -Message "Sudo: $results" } Write-ProgressHelper -StepNumber ($stepCounter++) -Message "Connecting to $ComputerName" if (-not $PSBoundParameters.SftpSession) { $SftpSession = New-SFTPSession -ComputerName $ComputerName -Credential $Credential -Port $SshPort } $PSDefaultParameterValues['*-SFTP*:SFTPSession'] = $SftpSession if ("Nessus" -eq $Type) { try { Write-ProgressHelper -StepNumber ($stepCounter++) -Message "Uploading files to Nessus" Write-PSFMessage -Level Verbose -Message "Uploading files to Nessus" $null = Set-SFTPItem -Destination /tmp -Path $FilePath -ErrorAction Stop } catch { Stop-PSFFunction -EnableException:$EnableException -Message "Failure for $computername. Couldn't upload $FilePath" -ErrorRecord $record return } $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Stopping the nessus service" -Command "$sudo service nessusd stop" $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Unzipping Nessus files. This will take a moment." -Command "$sudo tar -xvzf $filename --directory /" $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Removing backup files from nessus" -Command "$sudo rm -rf $filename" $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Starting the nessus service" -Command "$sudo service nessusd start" } if ("tenable.sc" -eq $Type) { try { Write-ProgressHelper -StepNumber ($stepCounter++) -Message "Uploading files to the tenable.sc server" Write-PSFMessage -Level Verbose -Message "Uploading files to the tenable.sc server" $null = Set-SFTPItem -Destination /tmp -Path $FilePath -ErrorAction Stop } catch { Stop-PSFFunction -EnableException:$EnableException -Message "Failure for $computername. Couldn't upload $FilePath" -ErrorRecord $record return } $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Stopping securitycenter" -Command "$sudo service SecurityCenter stop" $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Unzipping backup. This will take a moment." -Command "$sudo tar -xvzf $filename --directory /" if ($stream) { do { Start-Sleep 1 $running = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Waiting for backup to finish. This will take a few minutes." -Command "ps aux | grep tar | grep $filename | grep -v grep" } until ($null -eq $running) } $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Starting the SecurityCenter service" -Command "$sudo service SecurityCenter start" $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Removing backup files from tenable.sc" -Command "$sudo rm -rf /tmp/sc_backup.tar.gz" } [PSCustomObject]@{ ComputerName = $ComputerName Type = $Type FileName = $filename Status = "Success" } } catch { $record = $_ try { if ("Nessus" -eq $Type -and $SshSession) { $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Starting the nessus service" -Command "$sudo service nessusd start" } if ("tenable.sc" -eq $Type -and $SshSession) { $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Starting the SecurityCenter service" -Command "$sudo service SecurityCenter start" } } catch { # don't care } Stop-PSFFunction -EnableException:$EnableException -Message "Failure for $computername" -ErrorRecord $record } finally { if (-not $PSBoundParameters.SshSession -and $SshSession.SessionId) { Write-ProgressHelper -StepNumber ($stepCounter++) -Message "Logging out from SSH" Write-PSFMessage -Level Verbose -Message "Logging out from SSH" $null = Remove-SSHSession -SessionId $SshSession.SessionId -ErrorAction Ignore } if (-not $PSBoundParameters.SftpSession -and $SftpSession.SessionId) { Write-ProgressHelper -StepNumber ($stepCounter++) -Message "Logging out from FTP" Write-PSFMessage -Level Verbose -Message "Logging out from FTP" $null = Remove-SFTPSession -SessionId $SftpSession.SessionId -ErrorAction Stop } } } } |