Merge pull request #8761 from wazuh/enhancement/idr255-update-backup-guide

ayodeko · web-flow · commit bb4bca24572f · 2025-08-13T09:44:41.000+02:00
Update the Backup guide
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -45,6 +45,7 @@ All notable changes to this project will be documented in this file.
 - **Post-release**: Added steps to export and import dashboard customizations in the upgrade guide. ([#8618](https://github.com/wazuh/wazuh-documentation/pull/8618))
 - **Post-release**: Updated the vulnerability detection capability section. ([#8693](https://github.com/wazuh/wazuh-documentation/pull/8693))
 - **Post-release**: Changed the warning note on using the `$` and `&` characters when changing passwords in Docker deployments. ([#8694](https://github.com/wazuh/wazuh-documentation/pull/8694))
+- **Post-release**: Changed Windows commands in the backup guide to PowerShell. ([#8761](https://github.com/wazuh/wazuh-documentation/pull/8761))
 
 ### Fixed
 
diff --git a/source/migration-guide/creating/wazuh-agent.rst b/source/migration-guide/creating/wazuh-agent.rst
@@ -26,18 +26,14 @@ Preparing the backup
             # bkp_folder=~/wazuh_files_backup/$(date +%F_%H:%M)
             # mkdir -p $bkp_folder && echo $bkp_folder
 
-      .. group-tab:: Windows (CMD Admin)
-
-         .. code-block:: doscon
-
-            > set datetime=%date%-%time%
-            > set datetime=%datetime: =_%
-            > set datetime=%datetime:/=-%
-            > set datetime=%datetime::=_%
-            > set datetime=%datetime:.=_%
-            > set bkp_folder=%userprofile%\wazuh_files_backup\%datetime%
-            > mkdir %bkp_folder% && echo %bkp_folder%
-      
+      .. group-tab:: Windows (Powershell Admin)
+
+         .. code-block:: ps1con
+
+            > $timestamp = Get-Date -Format "yyyy-MM-dd_HH-mm-ss"
+            > mkdir %bkp_folder% ; echo %bkp_folder%
+            > $bkp_folder = Join-Path -Path $env:USERPROFILE -ChildPath "wazuh_files_backup\$timestamp"
+
       .. group-tab:: macOS
 
          .. code-block:: console
@@ -65,18 +61,20 @@ Backing up a Wazuh agent
             /var/ossec/logs/ \
             /var/ossec/queue/rids/ $bkp_folder
 
-      .. group-tab:: Windows (CMD Admin)
+      .. group-tab:: Windows (Powershell Admin)
 
-         .. code-block:: doscon
+         .. code-block:: ps1con
 
-            > xcopy "C:\Program Files (x86)\ossec-agent\client.keys" %bkp_folder% /H /I /K /S /X
-            > xcopy "C:\Program Files (x86)\ossec-agent\ossec.conf" %bkp_folder% /H /I /K /S /X
-            > xcopy "C:\Program Files (x86)\ossec-agent\internal_options.conf" %bkp_folder% /H /I /K /S /X
-            > xcopy "C:\Program Files (x86)\ossec-agent\local_internal_options.conf" %bkp_folder% /H /I /K /S /X
-            > xcopy "C:\Program Files (x86)\ossec-agent\*.pem" %bkp_folder% /H /I /K /S /X
-            > xcopy "C:\Program Files (x86)\ossec-agent\ossec.log" %bkp_folder% /H /I /K /S /X
-            > xcopy "C:\Program Files (x86)\ossec-agent\logs\*"  %bkp_folder%\logs\ /H /I /K /S /X
-            > xcopy "C:\Program Files (x86)\ossec-agent\rids\*"  %bkp_folder%\rids\ /H /I /K /S /X
+            > New-Item -Path $bkp_folder -ItemType Directory -Force | Out-Null
+            > Write-Output $bkp_folder
+            > Copy-Item "C:\Program Files (x86)\ossec-agent\client.keys" $bkp_folder -Recurse -Force
+            > Copy-Item "C:\Program Files (x86)\ossec-agent\ossec.conf" $bkp_folder -Recurse -Force
+            > Copy-Item "C:\Program Files (x86)\ossec-agent\internal_options.conf" $bkp_folder -Recurse -Force
+            > Copy-Item "C:\Program Files (x86)\ossec-agent\local_internal_options.conf" $bkp_folder -Recurse -Force
+            > Copy-Item "C:\Program Files (x86)\ossec-agent\*.pem" $bkp_folder -Recurse -Force
+            > Copy-Item "C:\Program Files (x86)\ossec-agent\ossec.log" $bkp_folder -Recurse -Force
+            > Copy-Item "C:\Program Files (x86)\ossec-agent\logs\*"  "$bkp_folder\logs\" -Recurse -Force
+            > Copy-Item "C:\Program Files (x86)\ossec-agent\rids" "$bkp_folder\rids" -Recurse -Force
 
       .. group-tab:: macOS
 
@@ -103,13 +101,22 @@ Backing up a Wazuh agent
             # rsync -aREz /var/ossec/active-response/bin/<CUSTOM_ACTIVE_RESPONSE_SCRIPT> $bkp_folder
             # rsync -aREz /var/ossec/wodles/<CUSTOM_WODLE_SCRIPT> $bkp_folder
 
-      .. group-tab:: Windows (CMD Admin)
+      .. group-tab:: Windows (Powershell Admin)
+
+         .. code-block:: powershell
+
+            # Example variables - replace with your actual file names and folders
+
+            $SCA_DIRECTORY = "sca"
+            $CUSTOM_SCA_FILE = "custom_sca.yml"
+            $CUSTOM_ACTIVE_RESPONSE_SCRIPT = "my_response.ps1"
+            $CUSTOM_WODLE_SCRIPT = "custom_wodle.py"
 
-         .. code-block:: doscon
+         .. code-block:: ps1con
 
-            > xcopy "C:\Program Files (x86)\ossec-agent\<SCA_DIRECTORY>\<CUSTOM_SCA_FILE>" %bkp_folder% /H /I /K /S /X
-            > xcopy "C:\Program Files (x86)\ossec-agent\active-response\bin\<CUSTOM_ACTIVE_RESPONSE_SCRIPT>" %bkp_folder%\active-response\bin\ /H /I /K /S /X
-            > xcopy "C:\Program Files (x86)\ossec-agent\wodles\<CUSTOM_WODLE_SCRIPT>" %bkp_folder%\wodles\ /H /I /K /S /X
+            > Copy-Item "$SCA_DIRECTORY\$CUSTOM_SCA_FILE" "C:\Program Files (x86)\ossec-agent\$SCA_DIRECTORY" -Recurse -Force
+            > Copy-Item "active-response\bin\$CUSTOM_ACTIVE_RESPONSE_SCRIPT" "C:\Program Files (x86)\ossec-agent\active-response\bin" -Recurse -Force
+            > Copy-Item "wodles\$CUSTOM_WODLE_SCRIPT" "C:\Program Files (x86)\ossec-agent\wodles" -Recurse -Force
 
       .. group-tab:: macOS
 
@@ -133,11 +140,11 @@ Checking the backup
 
             # find $bkp_folder -type f | sed "s|$bkp_folder/||" | less
 
-      .. group-tab:: Windows (CMD Admin)
+      .. group-tab:: Windows (Powershell Admin)
 
-         .. code-block:: doscon
+         .. code-block:: ps1con
 
-            > tree %bkp_folder% /f
+            > tree (Get-ChildItem "$env:USERPROFILE\wazuh_files_backup" -Directory | Sort-Object LastWriteTime -Descending | Select-Object -First 1 -ExpandProperty FullName) /f
 
       .. group-tab:: macOS
 
diff --git a/source/migration-guide/index.rst b/source/migration-guide/index.rst
@@ -8,7 +8,7 @@ Backup guide
 
 In this section you can find instructions on how to create and restore a backup of your Wazuh installation.
 
-To do this backup, you copy key files to a folder preserving file permissions, ownership, and path. Later, you can move this folder contents back to the corresponding location to restore your Wazuh data, certificates, and configurations. Backing up Wazuh files is useful in cases such as moving your Wazuh installation to another system.
+To do this backup, copy the key files to a designated folder while preserving file permissions, ownership, and directory structure. This ensures you can later restore your Wazuh data, certificates, and configurations by transferring the files back to their original locations. This method is particularly useful when migrating your Wazuh installation to a new system.
 
 .. toctree::
    :maxdepth: 2
diff --git a/source/migration-guide/restoring/wazuh-agent.rst b/source/migration-guide/restoring/wazuh-agent.rst
@@ -102,38 +102,46 @@ Preparing the data restoration
 Restoring Wazuh agent files
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-Perform the steps below in an elevated Windows Command Prompt (CMD) to restore the Wazuh agent files on a Windows endpoint.
+Perform the steps below to restore Wazuh agent files on a Windows endpoint.
 
-#. Stop the Wazuh agent to prevent any modification to the Wazuh agent files during the restore process by running the following command on the Command Prompt as an administrator:
+#. Stop the Wazuh agent to prevent any modification to the Wazuh agent files during the restore process by running the following command on PowerShell as an administrator:
 
-   .. code-block:: doscon
+   .. code-block:: ps1con
 
-      NET STOP WazuhSvc
+      > NET STOP WazuhSvc
 
-#. Launch the Windows Command Prompt as an administrator and navigate to the ``wazuh_files_backup/<DATE_TIME>`` folder that contains the backup files.
+#. Launch PowerShell as an administrator and navigate to the ``wazuh_files_backup/<DATE_TIME>`` folder that contains the backup files.
 
 #. Run the following commands to copy the Wazuh agent data, certificates, and configurations:
 
-   .. code-block:: doscon
+   .. code-block:: ps1con
 
-      > xcopy client.keys "C:\Program Files (x86)\ossec-agent\" /H /I /K /S /X /Y
-      > xcopy ossec.conf "C:\Program Files (x86)\ossec-agent\" /H /I /K /S /X /Y
-      > xcopy internal_options.conf "C:\Program Files (x86)\ossec-agent\" /H /I /K /S /X /Y
-      > xcopy local_internal_options.conf "C:\Program Files (x86)\ossec-agent\" /H /I /K /S /X /Y
-      > xcopy *.pem "C:\Program Files (x86)\ossec-agent\" /H /I /K /S /X /Y
-      > xcopy ossec.log "C:\Program Files (x86)\ossec-agent\" /H /I /K /S /X /Y
-      > xcopy logs\* "C:\Program Files (x86)\ossec-agent\"  /H /I /K /S /X /Y
-      > xcopy rids\* "C:\Program Files (x86)\ossec-agent\"  /H /I /K /S /X /Y
+      > Copy-Item "$bkp_folder\client.keys" "C:\Program Files (x86)\ossec-agent" -Recurse -Force
+      > Copy-Item "$bkp_folder\ossec.conf" "C:\Program Files (x86)\ossec-agent" -Recurse -Force
+      > Copy-Item "$bkp_folder\internal_options.conf" "C:\Program Files (x86)\ossec-agent" -Recurse -Force
+      > Copy-Item "$bkp_folder\local_internal_options.conf" "C:\Program Files (x86)\ossec-agent" -Recurse -Force
+      > Copy-Item "$bkp_folder\*.pem" "C:\Program Files (x86)\ossec-agent" -Recurse -Force
+      > Copy-Item "$bkp_folder\ossec.log" "C:\Program Files (x86)\ossec-agent" -Recurse -Force
+      > Copy-Item "$bkp_folder\logs\*" "C:\Program Files (x86)\ossec-agent\logs" -Recurse -Force
+      > Copy-Item "$bkp_folder\rids\*" "C:\Program Files (x86)\ossec-agent\rids" -Recurse -Force
 
    You can also copy these files using the *drag and drop* method.
 
 #. Restore your custom files, such as local SCA policies, active response scripts, and wodle commands, if there are any. Adapt the following command accordingly.
 
-   .. code-block:: doscon
+   .. code-block:: powershell
+
+      # Example variables - replace with your actual file names and folders
+      $SCA_DIRECTORY = "sca"
+      $CUSTOM_SCA_FILE = "custom_sca.yml"
+      $CUSTOM_ACTIVE_RESPONSE_SCRIPT = "my_response.ps1"
+      $CUSTOM_WODLE_SCRIPT = "custom_wodle.py"
+
+   .. code-block:: ps1con
 
-      > xcopy <SCA_DIRECTORY>\<CUSTOM_SCA_FILE> “C:\Program Files (x86)\ossec-agent\<SCA_DIRECTORY>” /H /I /K /S /X /Y
-      > xcopy active-response\bin\<CUSTOM_ACTIVE_RESPONSE_SCRIPT> "C:\Program Files (x86)\ossec-agent\active-response\bin\" /H /I /K /S /X /Y
-      > xcopy wodles\<CUSTOM_WODLE_SCRIPT> "C:\Program Files (x86)\ossec-agent\wodles\" /H /I /K /S /X /Y
+      > Copy-Item "$SCA_DIRECTORY\$CUSTOM_SCA_FILE" "C:\Program Files (x86)\ossec-agent\$SCA_DIRECTORY" -Recurse -Force
+      > Copy-Item "active-response\bin\$CUSTOM_ACTIVE_RESPONSE_SCRIPT" "C:\Program Files (x86)\ossec-agent\active-response\bin" -Recurse -Force
+      > Copy-Item "wodles\$CUSTOM_WODLE_SCRIPT" "C:\Program Files (x86)\ossec-agent\wodles" -Recurse -Force
 
 #. Start the Wazuh agent service by running the following command on the Command Prompt as an administrator:
 
