# MozDef - RAR Archive Creation Guide (Maximum Compression) ## 🎯 Objective Create a RAR archive with maximum compression for the complete MozDef project including Docker images. --- ## 📦 Archive Contents - **Docker Images:** All 17 MozDef images (~9-10 GB uncompressed) - **Source Code:** Complete MozDef source (~75 MB) - **Documentation:** All markdown documentation files **Estimated Archive Size:** ~5-8 GB (with maximum RAR compression) --- ## 🚀 Quick Start ### Method 1: RAR Archive (Best Compression) ```bash cd /root/MozDef ./archive_mozdef_rar.sh ``` **Script:** `/root/MozDef/archive_mozdef_rar.sh` **RAR Compression Settings:** - `-m5` = Maximum compression - `-rr10%` = 10% recovery record (data recovery) - `-s` = Solid archive (better compression) - `-ep1` = Exclude base directory ### Method 2: 7zip Archive (Alternative) If RAR is not available: ```bash cd /root/MozDef ./archive_mozdef_7z.sh ``` **7zip Compression Settings:** - `-mx=9` = Maximum compression - `-m0=lzma2` = LZMA2 compression method - `-mmt=on` = Multi-threading ### Method 3: Tar.gz (Fallback) ```bash cd /root/MozDef ./archive_mozdef.sh ``` --- ## 📋 Installation Requirements ### Install RAR (Debian/Ubuntu) ```bash apt-get update apt-get install -y rar unrar ``` ### Install RAR (RHEL/CentOS) ```bash yum install -y rar unrar # Or download from: https://www.rarlab.com/download.htm ``` ### Install 7zip (Alternative) ```bash # Debian/Ubuntu apt-get install -y p7zip-full # RHEL/CentOS yum install -y p7zip-full ``` --- ## 🔧 Manual RAR Archive Creation ### Step 1: Prepare Archive Directory ```bash ARCHIVE_DIR="$HOME/mozdef-archive-$(date +%Y%m%d)" mkdir -p "$ARCHIVE_DIR"/{docker-images,source-code,documentation} ``` ### Step 2: Save Docker Images ```bash docker save $(docker images mozdef/* --format "{{.Repository}}:{{.Tag}}") \ -o "$ARCHIVE_DIR/docker-images/mozdef-all-images.tar" ``` ### Step 3: Archive Source Code ```bash tar -czf "$ARCHIVE_DIR/source-code/MozDef-source.tar.gz" \ -C /root MozDef \ --exclude='MozDef/.git' \ --exclude='MozDef/node_modules' \ --exclude='MozDef/.meteor/local' ``` ### Step 4: Copy Documentation ```bash cp /root/MozDef/*.md "$ARCHIVE_DIR/documentation/" ``` ### Step 5: Create RAR Archive ```bash cd "$(dirname "$ARCHIVE_DIR")" rar a -m5 -rr10% -s -ep1 "mozdef-complete-$(date +%Y%m%d).rar" "$(basename "$ARCHIVE_DIR")" ``` **RAR Options Explained:** - `a` = Add files to archive - `-m5` = Maximum compression level (0-5, 5 = best) - `-rr10%` = Add 10% recovery record for data recovery - `-s` = Create solid archive (better compression) - `-ep1` = Exclude base directory from paths - `-v2g` = Split into 2GB volumes (optional, for large files) --- ## 📊 Compression Comparison | Method | Compression | Estimated Size | Recovery | |--------|-------------|----------------|----------| | **RAR (-m5)** | Maximum | ~5-8 GB | ✅ 10% recovery | | **7zip (-mx=9)** | Maximum | ~5-8 GB | ❌ No recovery | | **tar.gz (-9)** | Best | ~8-12 GB | ❌ No recovery | **Recommendation:** Use RAR for best compression + recovery record. --- ## 📥 Extracting RAR Archive ### Extract Complete Archive ```bash unrar x mozdef-complete-YYYYMMDD.rar ``` ### Extract to Specific Directory ```bash unrar x mozdef-complete-YYYYMMDD.rar /destination/path/ ``` ### List Archive Contents ```bash unrar l mozdef-complete-YYYYMMDD.rar ``` ### Test Archive Integrity ```bash unrar t mozdef-complete-YYYYMMDD.rar ``` --- ## 🔄 Restoring from RAR Archive ### Step 1: Extract RAR Archive ```bash unrar x mozdef-complete-YYYYMMDD.rar cd mozdef-archive-YYYYMMDD/ ``` ### Step 2: Load Docker Images ```bash docker load -i docker-images/mozdef-all-images.tar docker images mozdef/* # Verify (should show 17 images) ``` ### Step 3: Extract Source Code ```bash tar -xzf source-code/MozDef-source.tar.gz -C /root/ ``` ### Step 4: Start Services ```bash cd /root/MozDef docker-compose -f docker/compose/docker-compose.yml -p mozdef up -d ``` --- ## 📋 RAR Archive Features ### Advantages - ✅ **Best compression** (typically 20-30% better than tar.gz) - ✅ **Recovery record** (can recover damaged archives) - ✅ **Solid archive** (better compression for multiple files) - ✅ **Volume splitting** (split large files automatically) - ✅ **Password protection** (optional: add `-pPASSWORD`) ### Recovery Record The `-rr10%` option adds 10% recovery data, allowing you to: - Recover damaged archives - Repair corrupted files - Extract data even if archive is partially damaged **Usage:** ```bash # Repair damaged archive rar r mozdef-complete-YYYYMMDD.rar # Extract with recovery unrar x -kb mozdef-complete-YYYYMMDD.rar ``` --- ## 🔒 Password Protection (Optional) ### Create Password-Protected Archive ```bash rar a -m5 -rr10% -s -ep1 -pYOUR_PASSWORD "mozdef-complete-$(date +%Y%m%d).rar" "$(basename "$ARCHIVE_DIR")" ``` ### Extract Password-Protected Archive ```bash unrar x -pYOUR_PASSWORD mozdef-complete-YYYYMMDD.rar ``` --- ## 📊 Archive Size Estimation ### Before Compression - Docker images: ~9-10 GB - Source code: ~75 MB - Documentation: ~1-5 MB - **Total:** ~9-10 GB ### After RAR Compression (-m5) - **Estimated:** ~5-8 GB (40-50% compression ratio) ### After 7zip Compression (-mx=9) - **Estimated:** ~5-8 GB (similar to RAR) ### After tar.gz Compression (-9) - **Estimated:** ~8-12 GB (20-30% compression ratio) --- ## ⚡ Performance Tips ### For Faster Compression ```bash # Use lower compression (faster) rar a -m3 -s "archive.rar" directory/ # Use multi-threading (7zip) 7z a -mx=5 -mmt=on "archive.7z" directory/ ``` ### For Maximum Compression (Slower) ```bash # RAR maximum rar a -m5 -s "archive.rar" directory/ # 7zip maximum 7z a -mx=9 -m0=lzma2 "archive.7z" directory/ ``` --- ## ✅ Verification ### Check Archive Integrity ```bash # RAR unrar t mozdef-complete-YYYYMMDD.rar # 7zip 7z t mozdef-complete-YYYYMMDD.7z ``` ### List Archive Contents ```bash # RAR unrar l mozdef-complete-YYYYMMDD.rar # 7zip 7z l mozdef-complete-YYYYMMDD.7z ``` ### Check Archive Size ```bash ls -lh mozdef-complete-*.rar du -sh mozdef-complete-*.rar ``` --- ## 📝 Script Usage ### RAR Archive Script ```bash cd /root/MozDef ./archive_mozdef_rar.sh ``` **Output:** - Creates: `~/mozdef-complete-YYYYMMDD.rar` - Size: ~5-8 GB (compressed) - Includes: Docker images, source code, documentation ### 7zip Archive Script (Alternative) ```bash cd /root/MozDef ./archive_mozdef_7z.sh ``` **Output:** - Creates: `~/mozdef-complete-YYYYMMDD.7z` - Size: ~5-8 GB (compressed) --- ## 🚀 Transferring RAR Archive ### USB Drive ```bash cp mozdef-complete-*.rar /mnt/usb/ ``` ### Network Transfer ```bash # SCP scp mozdef-complete-*.rar user@target:/path/ # rsync (with progress) rsync -avz --progress mozdef-complete-*.rar user@target:/path/ ``` ### Split Large Files (if needed) ```bash # RAR automatically handles volumes with -v option # Or manually split: split -b 2G mozdef-complete.rar mozdef-complete.rar.part # Reassemble: cat mozdef-complete.rar.part* > mozdef-complete.rar ``` --- ## 📋 Summary **Best Method:** RAR with maximum compression - **Script:** `./archive_mozdef_rar.sh` - **Compression:** Maximum (-m5) - **Recovery:** 10% recovery record - **Estimated Size:** ~5-8 GB **Alternative:** 7zip if RAR unavailable - **Script:** `./archive_mozdef_7z.sh` - **Compression:** Maximum (-mx=9) - **Estimated Size:** ~5-8 GB **Fallback:** tar.gz - **Script:** `./archive_mozdef.sh` - **Compression:** Best (-9) - **Estimated Size:** ~8-12 GB --- **Last Updated:** $(date)