Backups and recovery

Owned by Gert Burger
Last updated: Mar 04, 2018 by Dave Ryan

Backups in canopy are separated into the following types:

  • Database
  • File data (uploads, templates, etc.)
  • Configuration data

The following sections describe each one of these, why they should be backed up and provides some guidance.

Note: ideally the canopy service should be shutdown during backup to prevent potential interruptions. This can be achieved through the following command:

sudo supervisorctl canopy stop

Database backup

The canopy database stores practically everything relating to canopy, with the exception of the uploaded files and templates. It is a critical component to running canopy. By default, canopy runs on PostgresSQL, and as such we can follow simple backup routines for PostgresSQL itself.

Backup Postgres Database

To perform a simple database backup of the canopy database, run the following command:

sudo -u postgres pg_dump -F c -d canopy > canopy_db.sqlc

For further information on backing up postgresql and options for automation, see:


Other database operations: removing client data

*** Deletes company/project/phase/report/finding/asset/example data!!!

As root:

sudo -u postgres psql canopy -c 'truncate canopy_company cascade'
sudo -u postgres psql canopy -c 'truncate canopy_activityentry cascade'

File data

Canopy stores all uploads (tool data, images, templates, and other shared files) on the file system, and references them in the database. Backing up the database alone is not sufficient for backing up all of the data stored in canopy. In order to backup the file data, ensure that you take a copy of the following directories:

/var/opt/checksec/canopy/data # for all canopy data 
/var/canopy/plugins # for custom plugins

Configuration data

Canopy's configuration data should also be backed up as needed. Canopy's configuration data is stored under:

/etc/canopy/

Backup guidance

There are many options to consider when making a backup. For example, do you want to perform local backups only? Do you need off-site backups? Are there any data security concerns for transfer and storing canopy's data at rest? These questions are out of scope for this discussion. As an example scenario, you might want to backup the DB, files and configuration data, place them into an archive, PGP encrypt it and copy it to an offsite host. This could then be automated to run daily/weekly via cron. You might also consider storing the data on a NAS or other redundant storage, and the DB on a DB cluster and the configuration data in a configuration management system (CMS); all of which may have their own backups in place already. Each organisation will have it's own specific requirements.

What about recovery?

In order to recover canopy from a backup:

  1. Install a clean canopy server (see the installation steps)
  2. Load the DB server: sudo -u postgres pg_restore -e -c -C -d postgres --if-exists < canopy_db.sqlc # This will wipe the existing database before restoring the backup!!!
  3. Copy the configuration data into /etc/canopy # Review the canopy.ini and other configuration files installed on the clean server under /etc/canopy and ensure that any new configuration settings are maintained during the copy.
  4. Copy the canopy data (files) into the correct location on the server (/var/opt/checksec/canopy/data)

Note: ideally the canopy service should be shutdown during recovery - sudo supervisctl canopy stop

Virtual machines

Many users run canopy on virtual machines and rely on snapshots for backup and restore purposes. This is a good approach, where it is supported, although it does in maintaining a backup of the operating system and other data. However, it does allow for quick recovery of fully working systems. Overall, virtual machines are a solid approach to ensuring canopy is both backed up and readily recoverable.