diff --git a/salt/common/tools/sbin/so-config-backup b/salt/common/tools/sbin/so-config-backup
new file mode 100644
index 000000000..2e2eea9bb
--- /dev/null
+++ b/salt/common/tools/sbin/so-config-backup
@@ -0,0 +1,44 @@
+!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.. /usr/sbin/so-common
+{% set BACKUPLOCATIONS = salt['pillar.get']('backup:locations', {}) %}
+
+TODAY=$(date '+%Y_%m_%d')
+BACKUPFILE="/nsm/backup/so-config-backup-$TODAY.tar"
+MAXBACKUPS=7
+
+# Create backup dir if it does not exist
+mkdir -p /nsm/backup
+
+# If we haven't already written a backup file for today, let's do so
+if [ ! -f $BACKUPFILE ]; then
+
+  # Create empty backup file
+  tar -cf $BACKUPFILE -T /dev/null
+
+  # Loop through all paths defined in global.sls, and append them to backup file
+  {%- for LOCATION in BACKUPLOCATIONS %}
+  tar -rf $BACKUPFILE {{ LOCATION }}
+  {%- endfor %}
+
+fi
+
+# Find oldest backup file and remove it
+NUMBACKUPS=$(find /nsm/backup/ -type f -name "so-config-backup*" | wc -l)
+OLDESTBACKUP=$(find /nsm/backup/ -type f -name "so-config-backup*" | ls -1t | tail -1)
+if [ "$NUMBACKUPS" -gt "$MAXBACKUPS" ]; then
+  rm -f /nsm/backup/$OLDESTBACKUP
+fi