Project

General

Profile

Forums » Help »

Recovering Redmine data

Added by Max Yaffe 2 months ago

My company was hit with a crpyto locking attack. We've been able to recover all but 11 days of redmine data. We can get the potentially bad data base on an isolated machine. How can restore the missing data to our new Redmine server. We are not copying anything except Redmine assets.

Ideas?


Replies (6)

RE: Recovering Redmine data - Added by Christian Eichert 7 days ago

I am not sure, but I think best way is to pay the gangsters. I am serious.
This Project is somehow strange.

I have not see a backup mechanism in this project.
Normally there should be at least a borg and a crontab, but I was not able how to backup anything.

If you use docker in combination with a database, I noticed that everything that is not in the database is in /var/lib/docker/volumes. The best practice is to borg this at least once a day on a secure place.

So if you have your original docker file and your yaml files then you could build everything from scratch and then if the database is still there or you backup-ed somehow, and if you still have the docker volumes folder, you could be lucky.

RE: Recovering Redmine data - Added by Max Yaffe 2 days ago

Thank you for your comments Christian. We did have backup procedures in place and were able to recover everything. I didn't pay the "gangsters" a plug nickel. (Great way to characterize them, by the way.) The backup process however, saves the whole server including whatever crap the gangsters have put on it.

My questions is simpler - where is Redmine? I want to know where the various assets of Redmine including programs, configuration, and data are stored on the Linux server. With that we could simply pick up the database and put it on a clean server with Redmine installed and avoid transferring an any corrupted content.

Ultimately we did that.

Max

RE: Recovering Redmine data - Added by Christian Eichert 1 day ago

This depends mainly how you installed redmine, as docker or as deployment, or from a package manager.
You must tell us a little more.

RE: Recovering Redmine data - Added by Ivan Cenov 1 day ago

Max Yaffe wrote in RE: Recovering Redmine data:

Thank you for your comments Christian. We did have backup procedures in place and were able to recover everything. I didn't pay the "gangsters" a plug nickel. (Great way to characterize them, by the way.) The backup process however, saves the whole server including whatever crap the gangsters have put on it.

My questions is simpler - where is Redmine? I want to know where the various assets of Redmine including programs, configuration, and data are stored on the Linux server. With that we could simply pick up the database and put it on a clean server with Redmine installed and avoid transferring an any corrupted content.

Ultimately we did that.

Max

Usually, Redmine is stored in a directory that is named 'redmine'. So search for /path/to/redmine.
What I am doing for saving data:
  • archive all that redmine directory (I use 7z).
  • make sql dump of the database into sql file.
  • Copy both files in another place, to another machine and to a cloud. Par example FreeFileSync program perfectly does backup copying to google drive. Also you can define revisions of the files and to keep them for a given period of time.

RE: Recovering Redmine data - Added by Christian Eichert 1 day ago

The OP stated that he is using a backup process on a Linux server probably this is a VPS machine at some Internet Server Host. Where the provider creates a image that can be restored.
If the OP can not find the redmin folder I suppose that it was a docker install.
Probably you have used the provider restore mechanism and now the server is in the same situation like 11 days before.

If the redmin is a docker install you can log in the container_id

cd /folder/where/docker-compose.yaml

#run the container (if the container is down)
docker-compose up -d

# check out the container_id
docker ps -all

# log into your docker container
docker exec -if <container_id> sh

now you can use `find` to search for your folders

I have choose also the docker install, and I connected the docker to a outside database, so I have one server that is keeping just the redmine images and container and this redmine container stores everything in a database on another server and the files in the container where a borg syncs it on a secure place and encrypts the files.


services:
  redmine:
    image: redmine:alpine
    container_name: redmine
    restart: always
    ports:
      - 80:3000
    volumes:
      - ./redmine:/usr/src/redmine
    environment:
      REDMINE_DB_MYSQL: 192.168.178.2
      REDMINE_DB_PORT: 3306
      REDMINE_DB_USERNAME: redmine
      REDMINE_DB_PASSWORD: redmine
      REDMINE_DB_DATABASE: redmine
      REDMINE_SECRET_KEY_BASE: supersecretkey
    networks:
      - network
networks:
  network:

So you can see that I have the redirect that redirects the "/usr/src/redmine" folder from inside the container to outside
in the same folder where the docker-compose.yaml


    volumes:
      - ./redmine:/usr/src/redmine

and from there I have a borg script that stores once a day the redmin folder in /var/backups
The nice thing is that /var/backups is on another partition, on a usb raid where I turned off the execute rights from fstab, so it can not get infected :))


0 2 * * *   /usr/bin/borg create --compression lz4 --no-follow-symlinks /var/backup/redmin::redmin ./redmine

as you can note this is fully automatic

have fun

RE: Recovering Redmine data - Added by Max Yaffe about 20 hours ago

Thank you all for your help and hints.
Max

    (1-6/6)