forked from evolix/evobackup
New upstream version 22.04
This commit is contained in:
commit
0980100739
27
client/CHANGELOG.md
Normal file
27
client/CHANGELOG.md
Normal file
|
@ -0,0 +1,27 @@
|
|||
# Changelog
|
||||
All notable changes to this project will be documented in this file.
|
||||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
### Added
|
||||
|
||||
### Changed
|
||||
|
||||
* Use --dump-dir instead of --backup-dir to supress dump-server-state warning
|
||||
|
||||
### Deprecated
|
||||
|
||||
### Removed
|
||||
|
||||
### Fixed
|
||||
|
||||
* Make start_time and stop_time compatible with OpenBSD
|
||||
|
||||
### Security
|
||||
|
||||
## [22.03]
|
||||
|
||||
Split client and server parts of the project
|
|
@ -20,6 +20,8 @@ set -u
|
|||
|
||||
##### Configuration ###################################################
|
||||
|
||||
VERSION="22.03"
|
||||
|
||||
# email adress for notifications
|
||||
MAIL=jdoe@example.com
|
||||
|
||||
|
@ -38,18 +40,23 @@ LOCAL_BACKUP_DIR="/home/backup"
|
|||
# You can set "linux" or "bsd" manually or let it choose automatically
|
||||
SYSTEM=$(uname | tr '[:upper:]' '[:lower:]')
|
||||
|
||||
# Store pid and logs in a file named after this program's name
|
||||
PROGNAME=$(basename $0)
|
||||
# Store pid in a file named after this program's name
|
||||
PROGNAME=$(basename "$0")
|
||||
PIDFILE="/var/run/${PROGNAME}.pid"
|
||||
LOGFILE="/var/log/${PROGNAME}.log"
|
||||
|
||||
# Customize the log path if you have multiple scripts and with separate logs
|
||||
LOGFILE="/var/log/evobackup.log"
|
||||
|
||||
# Enable/Disable tasks
|
||||
LOCAL_TASKS=${LOCAL_TASKS:-1}
|
||||
SYNC_TASKS=${SYNC_TASKS:-1}
|
||||
|
||||
HOSTNAME=$(hostname)
|
||||
|
||||
##### SETUP AND FUNCTIONS #############################################
|
||||
|
||||
BEGINNING=$(/bin/date +"%d-%m-%Y ; %H:%M")
|
||||
START_EPOCH=$(/bin/date +%s)
|
||||
DATE_FORMAT="%Y-%m-%d %H:%M:%S"
|
||||
|
||||
# shellcheck disable=SC2174
|
||||
mkdir -p -m 700 ${LOCAL_BACKUP_DIR}
|
||||
|
@ -84,6 +91,7 @@ test_server() {
|
|||
else
|
||||
# SSH connection failed
|
||||
new_error=$(printf "Failed to connect to \`%s' within %s seconds" "${item}" "${SSH_CONNECT_TIMEOUT}")
|
||||
log "${new_error}"
|
||||
SERVERS_SSH_ERRORS=$(printf "%s\\n%s" "${SERVERS_SSH_ERRORS}" "${new_error}" | sed -e '/^$/d')
|
||||
|
||||
return 1
|
||||
|
@ -97,17 +105,16 @@ pick_server() {
|
|||
if [ "${increment}" -ge "${list_length}" ]; then
|
||||
# We've reached the end of the list
|
||||
new_error="No more server available"
|
||||
log "${new_error}"
|
||||
SERVERS_SSH_ERRORS=$(printf "%s\\n%s" "${SERVERS_SSH_ERRORS}" "${new_error}" | sed -e '/^$/d')
|
||||
|
||||
# Log errors to stderr
|
||||
printf "%s\\n" "${SERVERS_SSH_ERRORS}" >&2
|
||||
# Log errors to logfile
|
||||
printf "%s\\n" "${SERVERS_SSH_ERRORS}" >> $LOGFILE
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Extract the day of month, without leading 0 (which would give an octal based number)
|
||||
today=$(date +%e)
|
||||
today=$(/bin/date +%e)
|
||||
# A salt is useful to randomize the starting point in the list
|
||||
# but stay identical each time it's called for a server (based on hostname).
|
||||
salt=$(hostname | cksum | cut -d' ' -f1)
|
||||
|
@ -119,6 +126,15 @@ pick_server() {
|
|||
|
||||
echo "${SERVERS}" | cut -d' ' -f${field}
|
||||
}
|
||||
log() {
|
||||
msg="${1:-$(cat /dev/stdin)}"
|
||||
pid=$$
|
||||
printf "[%s] %s[%s]: %s\\n" \
|
||||
"$(/bin/date +"${DATE_FORMAT}")" "${PROGNAME}" "${pid}" "${msg}" \
|
||||
>> "${LOGFILE}"
|
||||
}
|
||||
|
||||
log "START GLOBAL - VERSION=${VERSION} LOCAL_TASKS=${LOCAL_TASKS} SYNC_TASKS=${SYNC_TASKS}"
|
||||
|
||||
## Verify other evobackup process and kill if needed
|
||||
if [ -e "${PIDFILE}" ]; then
|
||||
|
@ -133,16 +149,18 @@ if [ -e "${PIDFILE}" ]; then
|
|||
kill -9 "${pid}"
|
||||
printf "%s is still running (PID %s). Process has been killed" "$0" "${pid}\\n" >&2
|
||||
else
|
||||
rm -f ${PIDFILE}
|
||||
rm -f "${PIDFILE}"
|
||||
fi
|
||||
fi
|
||||
echo "$$" > ${PIDFILE}
|
||||
echo "$$" > "${PIDFILE}"
|
||||
# shellcheck disable=SC2064
|
||||
trap "rm -f ${PIDFILE}" EXIT
|
||||
|
||||
##### LOCAL BACKUP ####################################################
|
||||
|
||||
if [ "${LOCAL_TASKS}" = "1" ]; then
|
||||
log "START LOCAL_TASKS"
|
||||
|
||||
# You can comment or uncomment sections below to customize the backup
|
||||
|
||||
## OpenLDAP : example with slapcat
|
||||
|
@ -173,6 +191,9 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
|||
# mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/mysql/
|
||||
# pt-show-grants --flush --no-header > ${LOCAL_BACKUP_DIR}/mysql/all_grants.sql
|
||||
|
||||
# Dump all variables
|
||||
# mysql -A -e"SHOW GLOBAL VARIABLES;" > ${LOCAL_BACKUP_DIR}/MySQLCurrentSettings.txt
|
||||
|
||||
## example with SQL dump (schema only, no data) for each databases
|
||||
# mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/mysql/
|
||||
# for i in $(mysql --defaults-extra-file=/etc/mysql/debian.cnf -P 3306 -e 'show databases' -s --skip-column-names \
|
||||
|
@ -210,9 +231,9 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
|||
## PostgreSQL
|
||||
|
||||
## Purge previous dumps
|
||||
# rm ${LOCAL_BACKUP_DIR}/pg.*.gz
|
||||
# rm ${LOCAL_BACKUP_DIR}/pg-backup.tar
|
||||
# rm ${LOCAL_BACKUP_DIR}/postgresql/*
|
||||
# rm -rf ${LOCAL_BACKUP_DIR}/pg.*.gz
|
||||
# rm -rf ${LOCAL_BACKUP_DIR}/pg-backup.tar
|
||||
# rm -rf ${LOCAL_BACKUP_DIR}/postgresql/*
|
||||
## example with pg_dumpall (warning: you need space in ~postgres)
|
||||
# su - postgres -c "pg_dumpall > ~/pg.dump.bak"
|
||||
# mv ~postgres/pg.dump.bak ${LOCAL_BACKUP_DIR}/
|
||||
|
@ -283,7 +304,7 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
|||
# for snapshot in $(curl -s -XGET "localhost:9200/_snapshot/snaprepo/_all?pretty=true" | grep -Eo 'snapshot_[0-9]{4}-[0-9]{2}-[0-9]{2}' | head -n -10); do
|
||||
# curl -s -XDELETE "localhost:9200/_snapshot/snaprepo/${snapshot}" | grep -v -Fx '{"acknowledged":true}'
|
||||
# done
|
||||
# date=$(date +%F)
|
||||
# date=$(/bin/date +%F)
|
||||
# curl -s -XPUT "localhost:9200/_snapshot/snaprepo/snapshot_${date}?wait_for_completion=true" -o /tmp/es_snapshot_${date}.log
|
||||
|
||||
## RabbitMQ
|
||||
|
@ -295,71 +316,95 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
|||
|
||||
#megacli -CfgSave -f ${LOCAL_BACKUP_DIR}/megacli_conf.dump -a0 >/dev/null
|
||||
|
||||
## Dump system and kernel versions
|
||||
uname -a > ${LOCAL_BACKUP_DIR}/uname
|
||||
|
||||
## Dump network routes with mtr and traceroute (warning: could be long with aggressive firewalls)
|
||||
for addr in 8.8.8.8 www.evolix.fr travaux.evolix.net; do
|
||||
mtr -r ${addr} > ${LOCAL_BACKUP_DIR}/mtr-${addr}
|
||||
traceroute -n ${addr} > ${LOCAL_BACKUP_DIR}/traceroute-${addr} 2>&1
|
||||
done
|
||||
|
||||
## Dump process with ps
|
||||
ps auwwx >${LOCAL_BACKUP_DIR}/ps.out
|
||||
server_state_dir="${LOCAL_BACKUP_DIR}/server-state"
|
||||
|
||||
dump_server_state_bin=$(command -v dump-server-state)
|
||||
|
||||
if [ "${SYSTEM}" = "linux" ]; then
|
||||
if [ -n "${dump_server_state_bin}" ]; then
|
||||
${dump_server_state_bin} --all --force --dump-dir "${server_state_dir}"
|
||||
else
|
||||
mkdir -p "${server_state_dir}"
|
||||
|
||||
## Dump system and kernel versions
|
||||
uname -a > ${server_state_dir}/uname.txt
|
||||
|
||||
## Dump process with ps
|
||||
ps auwwx > ${server_state_dir}/ps.txt
|
||||
|
||||
## Dump network connections with ss
|
||||
ss -taupen > ${LOCAL_BACKUP_DIR}/netstat.out
|
||||
ss -taupen > ${server_state_dir}/netstat.txt
|
||||
|
||||
## List Debian packages
|
||||
dpkg -l > ${LOCAL_BACKUP_DIR}/packages
|
||||
dpkg --get-selections > ${LOCAL_BACKUP_DIR}/packages.getselections
|
||||
apt-cache dumpavail > ${LOCAL_BACKUP_DIR}/packages.available
|
||||
|
||||
## Dump MBR / table partitions
|
||||
disks=$(lsblk -l | grep disk | grep -v -E '(drbd|fd[0-9]+)' | awk '{print $1}')
|
||||
for disk in ${disks}; do
|
||||
dd if="/dev/${disk}" of="${LOCAL_BACKUP_DIR}/MBR-${disk}" bs=512 count=1 2>&1 | grep -Ev "(records in|records out|512 bytes)"
|
||||
fdisk -l "/dev/${disk}" > "${LOCAL_BACKUP_DIR}/partitions-${disk}" 2>&1
|
||||
done
|
||||
cat ${LOCAL_BACKUP_DIR}/partitions-* > ${LOCAL_BACKUP_DIR}/partitions
|
||||
dpkg -l > ${server_state_dir}/packages
|
||||
dpkg --get-selections > ${server_state_dir}/packages.getselections
|
||||
apt-cache dumpavail > ${server_state_dir}/packages.available
|
||||
|
||||
## Dump iptables
|
||||
if [ -x /sbin/iptables ]; then
|
||||
{ /sbin/iptables -L -n -v; /sbin/iptables -t filter -L -n -v; } > ${LOCAL_BACKUP_DIR}/iptables.txt
|
||||
{ /sbin/iptables -L -n -v; /sbin/iptables -t filter -L -n -v; } > ${server_state_dir}/iptables.txt
|
||||
fi
|
||||
|
||||
## Dump findmnt(8) output
|
||||
FINDMNT_BIN=$(command -v findmnt)
|
||||
if [ -x "${FINDMNT_BIN}" ]; then
|
||||
${FINDMNT_BIN} > ${LOCAL_BACKUP_DIR}/findmnt.txt
|
||||
${FINDMNT_BIN} > ${server_state_dir}/findmnt.txt
|
||||
fi
|
||||
else
|
||||
## Dump network connections with fstat
|
||||
fstat | head -1 > ${LOCAL_BACKUP_DIR}/netstat.out
|
||||
fstat | grep internet >> ${LOCAL_BACKUP_DIR}/netstat.out
|
||||
|
||||
## List OpenBSD packages
|
||||
pkg_info -m > ${LOCAL_BACKUP_DIR}/packages
|
||||
|
||||
## Dump MBR / table partitions
|
||||
disklabel sd0 > ${LOCAL_BACKUP_DIR}/partitions
|
||||
disks=$(lsblk -l | grep disk | grep -v -E '(drbd|fd[0-9]+)' | awk '{print $1}')
|
||||
for disk in ${disks}; do
|
||||
dd if="/dev/${disk}" of="${server_state_dir}/MBR-${disk}" bs=512 count=1 2>&1 | grep -Ev "(records in|records out|512 bytes)"
|
||||
fdisk -l "/dev/${disk}" > "${server_state_dir}/partitions-${disk}" 2>&1
|
||||
done
|
||||
cat ${server_state_dir}/partitions-* > ${server_state_dir}/partitions
|
||||
fi
|
||||
else
|
||||
if [ -n "${dump_server_state_bin}" ]; then
|
||||
${dump_server_state_bin} --all --force --backup-dir "${server_state_dir}"
|
||||
else
|
||||
mkdir -p "${server_state_dir}"
|
||||
|
||||
## Dump system and kernel versions
|
||||
uname -a > ${server_state_dir}/uname
|
||||
|
||||
## Dump process with ps
|
||||
ps auwwx > ${server_state_dir}/ps.out
|
||||
|
||||
## Dump network connections with fstat
|
||||
fstat | head -1 > ${server_state_dir}/netstat.out
|
||||
fstat | grep internet >> ${server_state_dir}/netstat.out
|
||||
|
||||
## List OpenBSD packages
|
||||
pkg_info -m > ${server_state_dir}/packages
|
||||
|
||||
## Dump MBR / table partitions
|
||||
disklabel sd0 > ${server_state_dir}/partitions
|
||||
|
||||
## Dump pf infos
|
||||
pfctl -sa > ${LOCAL_BACKUP_DIR}/pfctl-sa.txt
|
||||
|
||||
pfctl -sa > ${server_state_dir}/pfctl-sa.txt
|
||||
fi
|
||||
fi
|
||||
|
||||
## Dump rights
|
||||
#getfacl -R /var > ${LOCAL_BACKUP_DIR}/rights-var.txt
|
||||
#getfacl -R /etc > ${LOCAL_BACKUP_DIR}/rights-etc.txt
|
||||
#getfacl -R /usr > ${LOCAL_BACKUP_DIR}/rights-usr.txt
|
||||
#getfacl -R /home > ${LOCAL_BACKUP_DIR}/rights-home.txt
|
||||
#getfacl -R /var > ${server_state_dir}/rights-var.txt
|
||||
#getfacl -R /etc > ${server_state_dir}/rights-etc.txt
|
||||
#getfacl -R /usr > ${server_state_dir}/rights-usr.txt
|
||||
#getfacl -R /home > ${server_state_dir}/rights-home.txt
|
||||
|
||||
log "STOP LOCAL_TASKS"
|
||||
fi
|
||||
|
||||
##### REMOTE BACKUP ###################################################
|
||||
|
||||
|
||||
if [ "${SYNC_TASKS}" = "1" ]; then
|
||||
n=0
|
||||
server=""
|
||||
if [ "${SERVERS_FALLBACK}" = "1" ]; then
|
||||
|
@ -383,16 +428,14 @@ fi
|
|||
SSH_SERVER=$(echo "${server}" | cut -d':' -f1)
|
||||
SSH_PORT=$(echo "${server}" | cut -d':' -f2)
|
||||
|
||||
HOSTNAME=$(hostname)
|
||||
|
||||
if [ "${SYSTEM}" = "linux" ]; then
|
||||
rep="/bin /boot /lib /opt /sbin /usr"
|
||||
else
|
||||
rep="/bsd /bin /sbin /usr"
|
||||
fi
|
||||
|
||||
log "START SYNC_TASKS - server=${server}"
|
||||
|
||||
if [ "${SYNC_TASKS}" = "1" ]; then
|
||||
# /!\ DO NOT USE COMMENTS in the rsync command /!\
|
||||
# It breaks the command and destroys data, simply remove (or add) lines.
|
||||
|
||||
|
@ -425,13 +468,13 @@ if [ "${SYNC_TASKS}" = "1" ]; then
|
|||
--exclude "/var/lib/postgresql" \
|
||||
--exclude "/var/lib/sympa" \
|
||||
--exclude "/var/lock" \
|
||||
--exclude "/var/log" \
|
||||
--exclude "/var/log/evobackup*" \
|
||||
--exclude "/var/run" \
|
||||
--exclude "/var/spool/postfix" \
|
||||
--exclude "/var/spool/smtpd" \
|
||||
--exclude "/var/spool/squid" \
|
||||
--exclude "/var/state" \
|
||||
--exclude "/var/tmp" \
|
||||
--exclude "lxc/*/rootfs/tmp" \
|
||||
--exclude "lxc/*/rootfs/usr/doc" \
|
||||
--exclude "lxc/*/rootfs/usr/obj" \
|
||||
--exclude "lxc/*/rootfs/usr/share/doc" \
|
||||
|
@ -444,6 +487,7 @@ if [ "${SYNC_TASKS}" = "1" ]; then
|
|||
--exclude "lxc/*/rootfs/var/log" \
|
||||
--exclude "lxc/*/rootfs/var/run" \
|
||||
--exclude "lxc/*/rootfs/var/state" \
|
||||
--exclude "lxc/*/rootfs/var/tmp" \
|
||||
--exclude "/home/mysqltmp" \
|
||||
${rep} \
|
||||
/etc \
|
||||
|
@ -453,20 +497,24 @@ if [ "${SYNC_TASKS}" = "1" ]; then
|
|||
-e "${RSH_COMMAND}" \
|
||||
"root@${SSH_SERVER}:/var/backup/" \
|
||||
| tail -30 >> $LOGFILE
|
||||
|
||||
log "STOP SYNC_TASKS - server=${server}"
|
||||
fi
|
||||
|
||||
##### REPORTING #######################################################
|
||||
|
||||
END=$(/bin/date +"%d-%m-%Y ; %H:%M")
|
||||
STOP_EPOCH=$(/bin/date +%s)
|
||||
|
||||
printf "EvoBackup - %s - START %s ON %s (LOCAL_TASKS=%s SYNC_TASKS=%s)\\n" \
|
||||
"${HOSTNAME}" "${BEGINNING}" "${SSH_SERVER}" "${LOCAL_TASKS}" "${SYNC_TASKS}" \
|
||||
>> $LOGFILE
|
||||
if [ "${SYSTEM}" = "openbsd" ]; then
|
||||
start_time=$(/bin/date -f "%s" -j "${START_EPOCH}" +"${DATE_FORMAT}")
|
||||
stop_time=$(/bin/date -f "%s" -j "${STOP_EPOCH}" +"${DATE_FORMAT}")
|
||||
else
|
||||
start_time=$(/bin/date --date="@${START_EPOCH}" +"${DATE_FORMAT}")
|
||||
stop_time=$(/bin/date --date="@${STOP_EPOCH}" +"${DATE_FORMAT}")
|
||||
fi
|
||||
duration=$(( STOP_EPOCH - START_EPOCH ))
|
||||
|
||||
printf "EvoBackup - %s - STOP %s ON %s (LOCAL_TASKS=%s SYNC_TASKS=%s)\\n" \
|
||||
"${HOSTNAME}" "${END}" "${SSH_SERVER}" "${LOCAL_TASKS}" "${SYNC_TASKS}" \
|
||||
>> $LOGFILE
|
||||
log "STOP GLOBAL - start='${start_time}' stop='${stop_time}' duration=${duration}s"
|
||||
|
||||
tail -10 $LOGFILE | \
|
||||
mail -s "[info] EvoBackup - Client ${HOSTNAME}" \
|
||||
${MAIL}
|
||||
tail -20 "${LOGFILE}" \
|
||||
| mail -s "[info] EvoBackup - Client ${HOSTNAME}" ${MAIL}
|
0
.gitignore → server/.gitignore
vendored
0
.gitignore → server/.gitignore
vendored
|
@ -6,10 +6,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
|
||||
## [Unreleased]
|
||||
|
||||
### Added
|
||||
|
||||
### Changed
|
||||
|
||||
### Deprecated
|
||||
|
||||
### Removed
|
||||
|
@ -18,6 +14,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
|
||||
### Security
|
||||
|
||||
## [22.04] - 2022-04-20
|
||||
|
||||
### Added
|
||||
|
||||
* Run the test suite on Bullseye (ext4/btrfs) in addition of Stretch and Buster (ext4/btrfs)
|
||||
* Tell sed to follow symlinks
|
||||
* Add a header in `bkctld status` output and improved columns width.
|
||||
* bkctld-check-setup: compatibility with minifirewall 22.03+
|
||||
|
||||
### Changed
|
||||
|
||||
* change versioning pattern
|
||||
|
||||
## [2.12.0] - 2021-11-02
|
||||
|
||||
### Changed
|
4
Vagrantfile → server/Vagrantfile
vendored
4
Vagrantfile → server/Vagrantfile
vendored
|
@ -28,8 +28,8 @@ DEBIAN_FRONTEND=noninteractive apt-get -yq install openssh-server btrfs-progs rs
|
|||
SCRIPT
|
||||
|
||||
$pre_part = <<SCRIPT
|
||||
sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
|
||||
sed -i -e 's/# fr_FR.UTF-8 UTF-8/fr_FR.UTF-8 UTF-8/' /etc/locale.gen && \
|
||||
sed --follow-symlinks --in-place -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
|
||||
sed --follow-symlinks --in-place -e 's/# fr_FR.UTF-8 UTF-8/fr_FR.UTF-8 UTF-8/' /etc/locale.gen && \
|
||||
echo 'LANG="fr_FR.UTF-8"'>/etc/default/locale && \
|
||||
dpkg-reconfigure --frontend=noninteractive locales && \
|
||||
update-locale LANG=fr_FR.UTF-8
|
|
@ -116,6 +116,7 @@ case "${subcommand}" in
|
|||
;;
|
||||
"status")
|
||||
jail_name="${2:-}"
|
||||
printf '%-30s %-10s %-10s %-25s %-20s\n' 'JAIL NAME' 'STATUS' 'PORT' 'RETENTION (DAY/MONTH)' 'IP'
|
||||
if [ "${jail_name}" = "all" ] || [ -z "${jail_name}" ]; then
|
||||
for jail in $("${LIBDIR}/bkctld-list"); do
|
||||
"${LIBDIR}/bkctld-${subcommand}" "${jail}"
|
|
@ -49,3 +49,6 @@ Launch git-buildpackage :
|
|||
~~~
|
||||
gbp buildpackage
|
||||
~~~
|
||||
|
||||
The generated build files (including the `.deb`) are located in the `/tmp/bkctld/` directory.
|
||||
|
|
@ -5,7 +5,7 @@
|
|||
A Debian package is available in the Evolix repository
|
||||
|
||||
~~~
|
||||
echo "http://pub.evolix.net/jessie/" >> /etc/apt/sources.list
|
||||
echo "deb http://pub.evolix.net/ stretch" >> /etc/apt/sources.list
|
||||
apt update
|
||||
apt install bkctld
|
||||
~~~
|
|
@ -26,6 +26,9 @@ for jail_name in $("${LIBDIR}/bkctld-list"); do
|
|||
|
||||
# read each line in jail configuration
|
||||
while read line; do
|
||||
## TODO
|
||||
# deal with empty lines
|
||||
|
||||
# inc date in ISO format
|
||||
inc_iso=$(relative_date "${line}")
|
||||
# inc date in seconds from epoch
|
|
@ -29,10 +29,16 @@ fi
|
|||
# Check if the firewall file is sourced
|
||||
|
||||
minifirewall_config=/etc/default/minifirewall
|
||||
minifirewall_version=$(/etc/init.d/minifirewall status | head -1 | cut -d ' ' -f 3)
|
||||
|
||||
if [ -n "${FIREWALL_RULES}" ] \
|
||||
&& [ -r "${FIREWALL_RULES}" ] \
|
||||
&& [ -f "${minifirewall_config}" ]; then
|
||||
if [ -n "${minifirewall_version}" ] && dpkg --compare-versions "${minifirewall_version}" ge "22.03"; then
|
||||
# Minifirewall 22.03+ includes files automatically
|
||||
nb_ok=$((nb_ok + 1))
|
||||
output="${output}OK - Firewall file \`${FIREWALL_RULES}' is present.\n"
|
||||
else
|
||||
if grep -qE "^(\.|source) ${FIREWALL_RULES}" "${minifirewall_config}"; then
|
||||
nb_ok=$((nb_ok + 1))
|
||||
output="${output}OK - Firewall file \`${FIREWALL_RULES}' is sourced by \`${minifirewall_config}'.\n"
|
||||
|
@ -42,6 +48,7 @@ if [ -n "${FIREWALL_RULES}" ] \
|
|||
[ "${return}" -le 1 ] && return=1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# Check if jails are started
|
||||
nb_on=0
|
|
@ -25,7 +25,7 @@ iptables_input_accept() {
|
|||
|
||||
if [ -n "${FIREWALL_RULES}" ]; then
|
||||
# remove existing rules for this jail
|
||||
[ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail_name}$/d" "${FIREWALL_RULES}"
|
||||
[ -f "${FIREWALL_RULES}" ] && sed --follow-symlinks --in-place "/#${jail_name}$/d" "${FIREWALL_RULES}"
|
||||
if [ -d "${jail_path}" ]; then
|
||||
port=$("${LIBDIR}/bkctld-port" "${jail_name}")
|
||||
# Add a rule for each IP
|
|
@ -16,7 +16,7 @@ create_inc_btrfs() {
|
|||
|
||||
btrfs_bin=$(command -v btrfs)
|
||||
if [ -z "${btrfs_bin}" ]; then
|
||||
error "btrfs not found. Please install brtfs-progs."
|
||||
error "btrfs not found. Please install btrfs-progs."
|
||||
fi
|
||||
|
||||
if dry_run; then
|
|
@ -13,8 +13,8 @@ target_path="${2:?}"
|
|||
lock_target() {
|
||||
target="${1:?}"
|
||||
btrfs_bin=$(command -v btrfs)
|
||||
if [ -z ${btrfs_bin} ]; then
|
||||
error "btrfs not found. Please install brtfs-progs."
|
||||
if [ -z ${btrfs_bin} ]; then
|
||||
error "btrfs not found. Please install btrfs-progs."
|
||||
fi
|
||||
if is_btrfs "${target}"; then
|
||||
${btrfs_bin} property set -ts "${target}" ro true
|
||||
|
@ -26,7 +26,7 @@ lock_target() {
|
|||
unlock_target() {
|
||||
target="${1:?}"
|
||||
btrfs_bin=$(command -v btrfs)
|
||||
if [ -z ${btrfs_bin} ]; then
|
||||
if [ -z ${btrfs_bin} ]; then
|
||||
error "btrfs not found. Please install brtfs-progs."
|
||||
fi
|
||||
if is_btrfs "${target}"; then
|
|
@ -18,12 +18,11 @@ test -d "${jail_path}" && error "Skip jail \`${jail_name}' : it already exists"
|
|||
# Create config and jails directory
|
||||
mkdir --parents "${CONFDIR}" "${JAILDIR}"
|
||||
|
||||
btrfs_bin=$(command -v btrfs)
|
||||
if [ -z ${btrfs_bin} ]; then
|
||||
error "btrfs not found. Please install brtfs-progs."
|
||||
fi
|
||||
|
||||
if is_btrfs "$(dirname "${JAILDIR}")" || is_btrfs "${JAILDIR}"; then
|
||||
btrfs_bin=$(command -v btrfs)
|
||||
if [ -z ${btrfs_bin} ]; then
|
||||
error "btrfs not found. Please install btrfs-progs."
|
||||
fi
|
||||
${btrfs_bin} subvolume create "${jail_path}"
|
||||
else
|
||||
mkdir --parents "${jail_path}"
|
|
@ -38,7 +38,7 @@ else
|
|||
allow_users="${allow_users} root@${new_ip}"
|
||||
done
|
||||
if grep -q -E "^AllowUsers" "${jail_sshd_config}"; then
|
||||
sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_sshd_config}"
|
||||
sed --follow-symlinks --in-place "s~^AllowUsers .*~${allow_users}~" "${jail_sshd_config}"
|
||||
else
|
||||
error "No \`AllowUsers' directive found in \`${jail_sshd_config}'"
|
||||
fi
|
|
@ -27,7 +27,7 @@ else
|
|||
port=$((port+1))
|
||||
[ "${port}" -le 1 ] && port=2222
|
||||
fi
|
||||
sed -i "s/^Port .*/Port ${port}/" "${jail_sshd_config}"
|
||||
sed --follow-symlinks --in-place "s/^Port .*/Port ${port}/" "${jail_sshd_config}"
|
||||
|
||||
notice "Update SSH port \`${port}' for jail \`${jail_name}' : OK"
|
||||
|
|
@ -53,8 +53,8 @@ rm -f "${CONFDIR}/${jail_name}"
|
|||
rm -rf "$(jail_config_dir "${jail_name}")"
|
||||
|
||||
btrfs_bin=$(command -v btrfs)
|
||||
if [ -z ${btrfs_bin} ]; then
|
||||
error "btrfs not found. Please install brtfs-progs."
|
||||
if [ -z ${btrfs_bin} ]; then
|
||||
error "btrfs not found. Please install btrfs-progs."
|
||||
fi
|
||||
|
||||
if is_btrfs "${jail_path}"; then
|
|
@ -63,8 +63,8 @@ delete_inc_btrfs() {
|
|||
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
||||
btrfs_bin=$(command -v btrfs)
|
||||
|
||||
if [ -z ${btrfs_bin} ]; then
|
||||
error "btrfs not found. Please install brtfs-progs."
|
||||
if [ -z ${btrfs_bin} ]; then
|
||||
error "btrfs not found. Please install btrfs-progs."
|
||||
fi
|
||||
|
||||
if dry_run; then
|
|
@ -27,4 +27,4 @@ status="OFF"
|
|||
port=$("${LIBDIR}/bkctld-port" "${jail_name}")
|
||||
ip=$("${LIBDIR}/bkctld-ip" "${jail_name}" | xargs | tr -s ' ' ',')
|
||||
|
||||
echo "${jail_name} ${status} ${port} ${incs_policy} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
|
||||
echo "${jail_name} ${status} ${port} ${incs_policy} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 25s %- 20s\n", $1, $2, $3, $4, $5); }'
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
[ -f /etc/default/bkctld ] && . /etc/default/bkctld
|
||||
|
||||
VERSION="2.11.1"
|
||||
VERSION="22.04"
|
||||
|
||||
LIBDIR=${LIBDIR:-/usr/lib/bkctld}
|
||||
CONFDIR="${CONFDIR:-/etc/evobackup}"
|
||||
|
@ -34,7 +34,7 @@ show_version() {
|
|||
cat <<END
|
||||
bkctld version ${VERSION}
|
||||
|
||||
Copyright 2004-2021 Evolix <info@evolix.fr>,
|
||||
Copyright 2004-2022 Evolix <info@evolix.fr>,
|
||||
Victor Laborie <vlaborie@evolix.fr>,
|
||||
Jérémy Lecour <jlecour@evolix.fr>
|
||||
and others.
|
|
@ -144,7 +144,8 @@ OUT
|
|||
@test "Check setup WARNING if firewall rules are not sourced" {
|
||||
/usr/lib/bkctld/bkctld-start ${JAILNAME}
|
||||
|
||||
firewall_rules_file="/etc/firewall.rc.jails"
|
||||
mkdir /etc/minifirewall.d/
|
||||
firewall_rules_file="/etc/minifirewall.d/bkctld"
|
||||
set_variable "/etc/default/bkctld" "FIREWALL_RULES" "${firewall_rules_file}"
|
||||
echo "" > "${firewall_rules_file}"
|
||||
|
||||
|
@ -158,7 +159,8 @@ OUT
|
|||
@test "Check setup OK if firewall rules are sourced" {
|
||||
/usr/lib/bkctld/bkctld-start ${JAILNAME}
|
||||
|
||||
firewall_rules_file="/etc/firewall.rc.jails"
|
||||
mkdir /etc/minifirewall.d/
|
||||
firewall_rules_file="/etc/minifirewall.d/bkctld"
|
||||
set_variable "/etc/default/bkctld" "FIREWALL_RULES" "${firewall_rules_file}"
|
||||
echo "" > "${firewall_rules_file}"
|
||||
|
|
@ -61,7 +61,7 @@ load test_helper
|
|||
|
||||
@test "Missing AllowUsers" {
|
||||
# Remove AllowUsers directive in SSH config
|
||||
sed -i '/^AllowUsers/d' "${JAILPATH}/etc/ssh/sshd_config"
|
||||
sed --follow-symlinks --in-place '/^AllowUsers/d' "${JAILPATH}/etc/ssh/sshd_config"
|
||||
# An error should be raised when trying to add an IP restriction
|
||||
run /usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
|
||||
assert_failure
|
|
@ -40,7 +40,7 @@ set_variable() {
|
|||
var_value=${3:-}
|
||||
|
||||
if grep -qE "^\s*${var_name}=" "${file}"; then
|
||||
sed -i "s|^\s*${var_name}=.*|${var_name}=${var_value}|" "${file}"
|
||||
sed --follow-symlinks --in-place "s|^\s*${var_name}=.*|${var_name}=${var_value}|" "${file}"
|
||||
else
|
||||
echo "${var_name}=${var_value}" >> "${file}"
|
||||
fi
|
||||
|
@ -49,7 +49,7 @@ remove_variable() {
|
|||
file=${1:?}
|
||||
var_name=${2:?}
|
||||
|
||||
sed -i "s|^\s*${var_name}=.*|d" "${file}"
|
||||
sed --follow-symlinks --in-place "s|^\s*${var_name}=.*|d" "${file}"
|
||||
}
|
||||
|
||||
is_btrfs() {
|
Loading…
Reference in a new issue