public/Restore-TNServer.ps1

function Restore-TNServer {
    <#
    .SYNOPSIS
        Restores either Nessus or tenable.sc backups generated by Backup-TNServer
 
    .DESCRIPTION
        Restores either Nessus or tenable.sc backups generated by Backup-TNServer
 
        This command only works when the destination server is running linux
 
    .PARAMETER ComputerName
        Target Nessus or Tenable.sc IP Address or FQDN
 
    .PARAMETER Credential
        The credential to login. This user must have access to restart services and replace keys.
 
        Basically, the user must have access.
 
    .PARAMETER SshSession
        If you use a private key to connect to your server, use New-SshSession to configure what you need and pass it to SShSession instead of using ComputerName and Credential
 
    .PARAMETER SftpSession
        If you use a private key to connect to your server, use New-SftpSession to configure what you need and pass it to SShSession instead of using ComputerName and Credential
 
    .PARAMETER SshPort
        Port number of the Nessus SSH service. Defaults to 22.
 
    .PARAMETER FilePath
        The path to the tar.gz file
 
    .PARAMETER Type
        Nessus or Tenable.sc.
 
    .PARAMETER AcceptAnyThumbprint
        Give up security and accept any SSH host key. To be used in exceptional situations only, when security is not required. To set, use Posh-SSH commands.
 
    .PARAMETER EnableException
        By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
        This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
        Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
 
    .EXAMPLE
        PS> Restore-TNServer -ComputerName securitycenter.ad.local -Credential acasadmin -Type tenable.sc -FilePath C:\temp\sc_backup.tar.gz
 
        Restores C:\temp\sc_backup.tar.gz to securitycenter.ad.local and uses the acasadmin account which has sudo access
 
    .EXAMPLE
        PS> Get-ChildItem C:\temp\nessus_backup.tar.gz | Restore-TNServer -ComputerName securitycenter.ad.local -Credential $cred -Type Nessus
 
        Restores C:\temp\nessus_backup.tar.gz to securitycenter.ad.local and a credential which has sudo access
    #>

    [CmdletBinding()]
    param
    (
        [object]$SshSession,
        [object]$SftpSession,
        [string]$ComputerName,
        [Management.Automation.PSCredential]$Credential,
        [Parameter(Mandatory, ValueFromPipelineByPropertyName)]
        [ValidateScript( { Test-Path -Path $_ })]
        [Alias("FullName")]
        [string]$FilePath,
        [ValidateSet("tenable.sc", "Nessus")]
        [parameter(Mandatory)]
        [string]$Type,
        [int]$SshPort = 22,
        [switch]$AcceptAnyThumbprint,
        [switch]$EnableException
    )
    process {
        if ((-not $PSBoundParameters.SshSession -and -not $PSBoundParameters.SftpSession) -and -not ($PSBoundParameters.ComputerName -and $PSBoundParameters.Credential)) {
            Stop-PSFFunction -EnableException:$EnableException -Message "You must specify either SshSession and SftpSession or ComputerName and Credential"
            return
        }

        # Set default parameter values
        $PSDefaultParameterValues['*-SCP*:Timeout'] = 1000000
        $PSDefaultParameterValues['*-SSH*:Timeout'] = 1000000
        $PSDefaultParameterValues['*-SSH*:ErrorAction'] = "Stop"
        $PSDefaultParameterValues['*-SCP*:ErrorAction'] = "Stop"
        $PSDefaultParameterValues['*-SCP*:Credential'] = $Credential
        $PSDefaultParameterValues['*-SSH*:Credential'] = $Credential
        $PSDefaultParameterValues['*-SSH*:ComputerName'] = $ComputerName
        $PSDefaultParameterValues['*-SCP*:ComputerName'] = $ComputerName
        $PSDefaultParameterValues['*-SCP*:AcceptKey'] = [bool]$AcceptAnyThumbprint
        $PSDefaultParameterValues['*-SSH*:AcceptKey'] = [bool]$AcceptAnyThumbprint

        $filename = Split-Path -Path $FilePath -Leaf
        $filename = "/tmp/$filename"

        try {
            Write-PSFMessage -Level Verbose -Message "Connecting to $ComputerName"
            Write-ProgressHelper -StepNumber ($stepCounter++) -Message "Connecting to $ComputerName"

            if (-not $PSBoundParameters.SshSession) {
                $SshSession = New-SSHSession -Port $SshPort
            }

            $PSDefaultParameterValues['*-SCP*:SessionId'] = $SshSession.SessionId
            $PSDefaultParameterValues['*-SSH*:SessionId'] = $SshSession.SessionId

            If ($PSBoundParameters.Credential -and $Credential.UserName -ne "root") {
                $sudo = "sudo"
                $stream = $SshSession.Session.CreateShellStream("PS-SSH", 0, 0, 0, 0, 1000)
                Write-PSFMessage -Level Verbose -Message "Logging in using $sudo"
                $results = Invoke-SSHStreamExpectSecureAction -ShellStream $stream -Command "sudo su -" -ExpectString "[sudo] password for $($Credential.UserName):" -SecureAction $Credential.Password
                $null = $stream.Read()
                Write-PSFMessage -Level Verbose -Message "Sudo: $results"
            }

            Write-ProgressHelper -StepNumber ($stepCounter++) -Message "Connecting to $ComputerName"

            if (-not $PSBoundParameters.SftpSession) {
                $SftpSession = New-SFTPSession -ComputerName $ComputerName -Credential $Credential -Port $SshPort
            }

            $PSDefaultParameterValues['*-SFTP*:SFTPSession'] = $SftpSession

            if ("Nessus" -eq $Type) {
                try {
                    Write-ProgressHelper -StepNumber ($stepCounter++) -Message "Uploading files to Nessus"
                    Write-PSFMessage -Level Verbose -Message "Uploading files to Nessus"
                    $null = Set-SFTPItem -Destination /tmp -Path $FilePath -ErrorAction Stop
                } catch {
                    Stop-PSFFunction -EnableException:$EnableException -Message "Failure for $computername. Couldn't upload $FilePath" -ErrorRecord $record
                    return
                }

                $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Stopping the nessus service" -Command "$sudo service nessusd stop"
                $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Unzipping Nessus files. This will take a moment." -Command "$sudo tar -xvzf $filename --directory /"
                $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Removing backup files from nessus" -Command "$sudo rm -rf $filename"
                $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Starting the nessus service" -Command "$sudo service nessusd start"
            }

            if ("tenable.sc" -eq $Type) {
                try {
                    Write-ProgressHelper -StepNumber ($stepCounter++) -Message "Uploading files to the tenable.sc server"
                    Write-PSFMessage -Level Verbose -Message "Uploading files to the tenable.sc server"
                    $null = Set-SFTPItem -Destination /tmp -Path $FilePath -ErrorAction Stop
                } catch {
                    Stop-PSFFunction -EnableException:$EnableException -Message "Failure for $computername. Couldn't upload $FilePath" -ErrorRecord $record
                    return
                }

                $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Stopping securitycenter" -Command "$sudo service SecurityCenter stop"
                $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Unzipping backup. This will take a moment." -Command "$sudo tar -xvzf $filename --directory /"

                if ($stream) {
                    do {
                        Start-Sleep 1
                        $running = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Waiting for backup to finish. This will take a few minutes." -Command "ps aux | grep tar | grep $filename | grep -v grep"
                    } until ($null -eq $running)
                }

                $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Starting the SecurityCenter service" -Command "$sudo service SecurityCenter start"
                $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Removing backup files from tenable.sc" -Command "$sudo rm -rf /tmp/sc_backup.tar.gz"
            }

            [PSCustomObject]@{
                ComputerName = $ComputerName
                Type         = $Type
                FileName     = $filename
                Status       = "Success"
            }
        } catch {
            $record = $_
            try {
                if ("Nessus" -eq $Type -and $SshSession) {
                    $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Starting the nessus service" -Command "$sudo service nessusd start"
                }

                if ("tenable.sc" -eq $Type -and $SshSession) {
                    $null = Invoke-SecureShellCommand -Stream $stream -StepCounter ($stepcounter++) -Message "Starting the SecurityCenter service" -Command "$sudo service SecurityCenter start"
                }
            } catch {
                # don't care
            }

            Stop-PSFFunction -EnableException:$EnableException -Message "Failure for $computername" -ErrorRecord $record
        } finally {
            if (-not $PSBoundParameters.SshSession -and $SshSession.SessionId) {
                Write-ProgressHelper -StepNumber ($stepCounter++) -Message "Logging out from SSH"
                Write-PSFMessage -Level Verbose -Message "Logging out from SSH"
                $null = Remove-SSHSession -SessionId $SshSession.SessionId -ErrorAction Ignore
            }
            if (-not $PSBoundParameters.SftpSession -and $SftpSession.SessionId) {
                Write-ProgressHelper -StepNumber ($stepCounter++) -Message "Logging out from FTP"
                Write-PSFMessage -Level Verbose -Message "Logging out from FTP"
                $null = Remove-SFTPSession -SessionId $SftpSession.SessionId -ErrorAction Stop
            }
        }
    }
}