From da8451e649a819b82c458cf09fb2173b65a03d08 Mon Sep 17 00:00:00 2001 From: Tristan PILAT Date: Fri, 4 Dec 2020 10:47:44 +0100 Subject: [PATCH 01/13] zzz_evobackup: add 2 slapcat examples for separate config/data backups --- zzz_evobackup | 2 ++ 1 file changed, 2 insertions(+) diff --git a/zzz_evobackup b/zzz_evobackup index 7826ed2..a59fab2 100755 --- a/zzz_evobackup +++ b/zzz_evobackup @@ -145,6 +145,8 @@ if [ "${LOCAL_TASKS}" = "1" ]; then # You can comment or uncomment sections below to customize the backup ## OpenLDAP : example with slapcat + # slapcat -n 0 -l ${LOCAL_BACKUP_DIR}/config.ldap.bak + # slapcat -n 1 -l ${LOCAL_BACKUP_DIR}/data.ldap.bak # slapcat -l ${LOCAL_BACKUP_DIR}/ldap.bak ## MySQL From 53a1309d69f49bb02f6267dddec3997c6a557de6 Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Thu, 7 Jan 2021 09:47:27 +0100 Subject: [PATCH 02/13] zzz_evobackup: exclude OpenBSD mails folder --- zzz_evobackup | 1 + 1 file changed, 1 insertion(+) diff --git a/zzz_evobackup b/zzz_evobackup index a59fab2..1c1b103 100755 --- a/zzz_evobackup +++ b/zzz_evobackup @@ -405,6 +405,7 @@ if [ "${SYNC_TASKS}" = "1" ]; then --exclude "/var/log/evobackup*" \ --exclude "/var/run" \ --exclude "/var/spool/postfix" \ + --exclude "/var/spool/smtpd" \ --exclude "/var/spool/squid" \ --exclude "/var/state" \ --exclude "lxc/*/rootfs/usr/doc" \ From 68a7da6b88920aef285bd898399c16251e3f9639 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Mon, 8 Feb 2021 11:32:12 +0100 Subject: [PATCH 03/13] evobackup: log/pid files named after program's name --- zzz_evobackup | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/zzz_evobackup b/zzz_evobackup index 1c1b103..c9e4957 100755 --- a/zzz_evobackup +++ b/zzz_evobackup @@ -32,17 +32,18 @@ SERVERS_FALLBACK=${SERVERS_FALLBACK:-1} # timeout (in seconds) for SSH connections SSH_CONNECT_TIMEOUT=${SSH_CONNECT_TIMEOUT:-90} -## We use /home/backup : feel free to use your own dir +# We use /home/backup : feel free to use your own dir LOCAL_BACKUP_DIR="/home/backup" # You can set "linux" or "bsd" manually or let it choose automatically SYSTEM=$(uname | tr '[:upper:]' '[:lower:]') -# Change these 2 variables if you have more than one backup cron -PIDFILE="/var/run/evobackup.pid" -LOGFILE="/var/log/evobackup.log" +# Store pid and logs in a file named after this program's name +PROGNAME=$(basename $0) +PIDFILE="/var/run/${PROGNAME}.pid" +LOGFILE="/var/log/${PROGNAME}.log" -## Enable/Disable tasks +# Enable/Disable tasks LOCAL_TASKS=${LOCAL_TASKS:-1} SYNC_TASKS=${SYNC_TASKS:-1} From b7cddcac27466903bb7dd580dadf6957efeec05d Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Mon, 8 Feb 2021 14:13:10 +0100 Subject: [PATCH 04/13] tests: clean jail configuration after each test --- CHANGELOG.md | 2 ++ test/test_helper.bash | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ee794f8..a1a622b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed +* tests: clean jail configuration after each test + ### Security ## [2.8.0] - 2020-11-28 diff --git a/test/test_helper.bash b/test/test_helper.bash index 386180b..d14c6ee 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -20,7 +20,7 @@ setup() { teardown() { remove_variable "/etc/default/bkctld" "BACKUP_DISK" - FORCE=1 /usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCSPATH}" + FORCE=1 /usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCSPATH}" "/etc/evobackup/${JAILNAME}" "/etc/evobackup/${JAILNAME}.d" } random_jail_name() { From a41eb2a21819c681dd7d8a093081a25e75b46e21 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Mon, 8 Feb 2021 14:16:03 +0100 Subject: [PATCH 05/13] test: bkctld check-incs shouldn't fail without incs_policy file Currently it does, because we "stat" a blank file (issue #43). --- CHANGELOG.md | 2 ++ test/checks.bats | 14 ++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a1a622b..0c7d87b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added +* test: bkctld check-incs shouldn't fail without incs_policy file + ### Changed ### Deprecated diff --git a/test/checks.bats b/test/checks.bats index f8e5c85..65a2ccc 100644 --- a/test/checks.bats +++ b/test/checks.bats @@ -235,4 +235,18 @@ OUT run /usr/lib/bkctld/bkctld-check-incs assert_equal "0" "$status" } + +@test "Check-incs doesn't fail without incs_policy file" { + # Delete all possible incs polixy files + rm -f /etc/evobackup/${JAILNAME} + rm -rf /etc/evobackup/${JAILNAME}.d/incs_policy + + # Run bkctld-check-incs and store stderr in a file + local stderrPath="${BATS_TMPDIR}/${BATS_TEST_NAME}.stderr" + /usr/lib/bkctld/bkctld-check-incs 2> ${stderrPath} + + # Verify if + run grep -E "^stat:" ${stderrPath} + assert_failure +} # TODO: write many more tests for bkctld-check-incs From c27cb81b57fce267134e549cc23b6c4e2ca3fefb Mon Sep 17 00:00:00 2001 From: Brice Waegeneire Date: Mon, 8 Feb 2021 11:12:57 +0100 Subject: [PATCH 06/13] bkctld-check-incs: Protect jail_config_epoch Test if `incs_policy_file` exists before using it. Fixes #43. --- CHANGELOG.md | 1 + lib/bkctld-check-incs | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c7d87b..0da34b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed * tests: clean jail configuration after each test +* bkctld-check-incs: Protect `jail_config_epoch` ### Security diff --git a/lib/bkctld-check-incs b/lib/bkctld-check-incs index 1a1f5c3..3a420df 100755 --- a/lib/bkctld-check-incs +++ b/lib/bkctld-check-incs @@ -20,10 +20,10 @@ for jail_name in $("${LIBDIR}/bkctld-list"); do # Today in ISO format today_iso=$(date +"%Y-%m-%d") - # get jail last configuration date - jail_config_epoch=$(date --date "$(stat -c %y ${incs_policy_file})" +"%s") - if [ -n "${incs_policy_file}" ]; then + # get jail last configuration date + jail_config_epoch=$(date --date "$(stat -c %y ${incs_policy_file})" +"%s") + # loop for each line in jail configuration for line in $(cat ${incs_policy_file}); do # inc date in ISO format From 3215ab2fa3cf06ac92e70391462a16dc8e2eca7c Mon Sep 17 00:00:00 2001 From: Brice Waegeneire Date: Mon, 8 Feb 2021 11:38:56 +0100 Subject: [PATCH 07/13] bkctld-check-incs: Correct shellchek warnings - SC2013: To read lines rather than words, pipe/redirect to a 'while read' loop. - SC2086: Double quote to prevent globbing and word splitting. --- CHANGELOG.md | 2 ++ lib/bkctld-check-incs | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0da34b4..96cf67c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed +* bkctld-check-incs: Correct shellsheck warnings + ### Deprecated ### Removed diff --git a/lib/bkctld-check-incs b/lib/bkctld-check-incs index 3a420df..a395796 100755 --- a/lib/bkctld-check-incs +++ b/lib/bkctld-check-incs @@ -7,7 +7,7 @@ set -u # shellcheck source=./includes -LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" +LIBDIR="$(dirname "$0")" && . "${LIBDIR}/includes" # default return value is 0 (succes) rc=0 @@ -22,12 +22,12 @@ for jail_name in $("${LIBDIR}/bkctld-list"); do if [ -n "${incs_policy_file}" ]; then # get jail last configuration date - jail_config_epoch=$(date --date "$(stat -c %y ${incs_policy_file})" +"%s") + jail_config_epoch=$(date --date "$(stat -c %y "${incs_policy_file}")" +"%s") - # loop for each line in jail configuration - for line in $(cat ${incs_policy_file}); do + # read each line in jail configuration + while IFS= read -r line < "${incs_policy_file}"; do # inc date in ISO format - inc_iso=$(relative_date ${line}) + inc_iso=$(relative_date "${line}") # inc date in seconds from epoch inc_epoch=$(date --date "${inc_iso}" +"%s") From f84e9ec02db198524e5d420e6eb8aa92ef4a214a Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Mon, 8 Feb 2021 17:20:20 +0100 Subject: [PATCH 08/13] fix infinite loop --- lib/bkctld-check-incs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/bkctld-check-incs b/lib/bkctld-check-incs index a395796..14093fe 100755 --- a/lib/bkctld-check-incs +++ b/lib/bkctld-check-incs @@ -25,7 +25,7 @@ for jail_name in $("${LIBDIR}/bkctld-list"); do jail_config_epoch=$(date --date "$(stat -c %y "${incs_policy_file}")" +"%s") # read each line in jail configuration - while IFS= read -r line < "${incs_policy_file}"; do + while read line; do # inc date in ISO format inc_iso=$(relative_date "${line}") # inc date in seconds from epoch @@ -48,7 +48,7 @@ for jail_name in $("${LIBDIR}/bkctld-list"); do echo "INFO: ${jail_name} : no inc expected for ${inc_iso}" fi fi - done + done < "${incs_policy_file}" else echo "INFO: ${jail_name} : no inc expected at all" fi From eecd105d33f24e87caa8b6500cdc10c8b6789d94 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Mon, 8 Feb 2021 17:20:56 +0100 Subject: [PATCH 09/13] improve readability --- test/test_helper.bash | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/test_helper.bash b/test/test_helper.bash index d14c6ee..b0cf5d3 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -20,7 +20,8 @@ setup() { teardown() { remove_variable "/etc/default/bkctld" "BACKUP_DISK" - FORCE=1 /usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCSPATH}" "/etc/evobackup/${JAILNAME}" "/etc/evobackup/${JAILNAME}.d" + FORCE=1 /usr/lib/bkctld/bkctld-remove "${JAILNAME}" \ + && rm -rf "${INCSPATH}" "/etc/evobackup/${JAILNAME}" "/etc/evobackup/${JAILNAME}.d" } random_jail_name() { From 21f4544016d67e37e96f5ba49872766419fe31e9 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Mon, 22 Feb 2021 09:31:30 +0100 Subject: [PATCH 10/13] Install default check_policy file on init --- CHANGELOG.md | 1 + lib/includes | 13 ++++++++++--- test/main.bats | 10 ++++++++++ tpl/check_policy.tpl | 3 +++ 4 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 tpl/check_policy.tpl diff --git a/CHANGELOG.md b/CHANGELOG.md index 96cf67c..4e35f9d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added +* bkctld-init: install check_policy template * test: bkctld check-incs shouldn't fail without incs_policy file ### Changed diff --git a/lib/includes b/lib/includes index c5870d9..2d0e097 100755 --- a/lib/includes +++ b/lib/includes @@ -374,13 +374,20 @@ setup_jail_config() { info "4 - Copie default sshd_config" install -m 0640 "${sshd_config_tpl}" "${jail_sshd_config}" - inctpl="${TPLDIR}/inc.tpl" - test -f "${LOCALTPLDIR}/inc.tpl" && inctpl="${LOCALTPLDIR}/inc.tpl" info "5 - Copie default inc configuration" + inc_policy_tpl="${TPLDIR}/inc.tpl" + test -f "${LOCALTPLDIR}/inc.tpl" && inc_policy_tpl="${LOCALTPLDIR}/inc.tpl" jail_incs_policy_file=$(jail_incs_policy_file "${jail_name}") mkdir --parents "$(dirname "${jail_incs_policy_file}")" - install -m 0640 "${inctpl}" "${jail_incs_policy_file}" + install -m 0640 "${inc_policy_tpl}" "${jail_incs_policy_file}" + + check_policy_tpl="${TPLDIR}/check_policy.tpl" + test -f "${LOCALTPLDIR}/check_policy.tpl" && check_policy_tpl="${LOCALTPLDIR}/check_policy.tpl" + jail_check_policy_file=$(jail_check_policy_file "${jail_name}") + mkdir --parents "$(dirname "${jail_check_policy_file}")" + install -m 0640 "${check_policy_tpl}" "${jail_check_policy_file}" + "${LIBDIR}/bkctld-port" "${jail_name}" auto } diff --git a/test/main.bats b/test/main.bats index 7ebe490..7d7e7bb 100755 --- a/test/main.bats +++ b/test/main.bats @@ -15,6 +15,16 @@ load test_helper fi } +@test "New jail should have a incs_policy file" { + run test -f "/etc/evobackup/${JAILNAME}.d/incs_policy" + assert_success +} + +@test "New jail should have a check_policy file" { + run test -f "/etc/evobackup/${JAILNAME}.d/check_policy" + assert_success +} + @test "A jail should be able to be started" { /usr/lib/bkctld/bkctld-start "${JAILNAME}" pid=$(cat "${JAILPATH}/${SSHD_PID}") diff --git a/tpl/check_policy.tpl b/tpl/check_policy.tpl new file mode 100644 index 0000000..e462801 --- /dev/null +++ b/tpl/check_policy.tpl @@ -0,0 +1,3 @@ +## Uncomment and adapt thresholds (values are in hours) +# WARNING=24 +# CRITICAL=48 From 82dbb295117b0cf7687ea516df94ee279abe4ceb Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Mon, 22 Feb 2021 09:37:15 +0100 Subject: [PATCH 11/13] bkctld-upgrade-config: install check_policy template if missing --- CHANGELOG.md | 1 + lib/bkctld-upgrade-config | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e35f9d..a51c5dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added * bkctld-init: install check_policy template +* bkctld-upgrade-config: install check_policy template if missing * test: bkctld check-incs shouldn't fail without incs_policy file ### Changed diff --git a/lib/bkctld-upgrade-config b/lib/bkctld-upgrade-config index e835f7b..8d1b266 100755 --- a/lib/bkctld-upgrade-config +++ b/lib/bkctld-upgrade-config @@ -45,3 +45,13 @@ elif [ -f "${legacy_incs_policy_file}" ]; then info "${jail_name}: config has been upgraded" fi + +check_policy_file=$(jail_check_policy_file "${jail_name}") +if [ ! -f "${check_policy_file}" ]; then + check_policy_tpl="${TPLDIR}/check_policy.tpl" + test -f "${LOCALTPLDIR}/check_policy.tpl" && check_policy_tpl="${LOCALTPLDIR}/check_policy.tpl" + mkdir --parents "$(dirname "${check_policy_file}")" + install -m 0640 "${check_policy_tpl}" "${check_policy_file}" + + info "${jail_name}: check_policy template ha been installed" +fi From 937e75daa72f38f7179def183256f8a84b92659e Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Mon, 22 Feb 2021 10:15:53 +0100 Subject: [PATCH 12/13] Rename incs_policy template --- CHANGELOG.md | 1 + lib/bkctld-upgrade-config | 11 +++++++++++ lib/includes | 6 +++--- tpl/{inc.tpl => incs_policy.tpl} | 0 4 files changed, 15 insertions(+), 3 deletions(-) rename tpl/{inc.tpl => incs_policy.tpl} (100%) diff --git a/CHANGELOG.md b/CHANGELOG.md index a51c5dc..6266d1e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed +* Rename incs_policy template * bkctld-check-incs: Correct shellsheck warnings ### Deprecated diff --git a/lib/bkctld-upgrade-config b/lib/bkctld-upgrade-config index 8d1b266..a0905af 100755 --- a/lib/bkctld-upgrade-config +++ b/lib/bkctld-upgrade-config @@ -55,3 +55,14 @@ if [ ! -f "${check_policy_file}" ]; then info "${jail_name}: check_policy template ha been installed" fi + +legacy_incs_policy_tpl="${LOCALTPLDIR}/inc.tpl" +incs_policy_tpl="${LOCALTPLDIR}/incs_policy.tpl" +if [ -f "${legacy_incs_policy_tpl}" ]; then + # Create directory if missing + mkdir -p "$(jail_config_dir "${jail_name}")" + # move the main config file + mv -f "${legacy_incs_policy_tpl}" "${incs_policy_tpl}" + + info "${jail_name}: incs_policy local template has been renamed" +fi diff --git a/lib/includes b/lib/includes index 2d0e097..92621ae 100755 --- a/lib/includes +++ b/lib/includes @@ -376,11 +376,11 @@ setup_jail_config() { info "5 - Copie default inc configuration" - inc_policy_tpl="${TPLDIR}/inc.tpl" - test -f "${LOCALTPLDIR}/inc.tpl" && inc_policy_tpl="${LOCALTPLDIR}/inc.tpl" + incs_policy_tpl="${TPLDIR}/incs_policy.tpl" + test -f "${LOCALTPLDIR}/incs_policy.tpl" && incs_policy_tpl="${LOCALTPLDIR}/incs_policy.tpl" jail_incs_policy_file=$(jail_incs_policy_file "${jail_name}") mkdir --parents "$(dirname "${jail_incs_policy_file}")" - install -m 0640 "${inc_policy_tpl}" "${jail_incs_policy_file}" + install -m 0640 "${incs_policy_tpl}" "${jail_incs_policy_file}" check_policy_tpl="${TPLDIR}/check_policy.tpl" test -f "${LOCALTPLDIR}/check_policy.tpl" && check_policy_tpl="${LOCALTPLDIR}/check_policy.tpl" diff --git a/tpl/inc.tpl b/tpl/incs_policy.tpl similarity index 100% rename from tpl/inc.tpl rename to tpl/incs_policy.tpl From fe0f655f0756c42be8a3fc1dfb380de86eb12012 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Mon, 22 Feb 2021 12:14:19 +0100 Subject: [PATCH 13/13] Release 2.9.0 --- CHANGELOG.md | 20 ++++++++++++++------ lib/includes | 2 +- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6266d1e..b2f2728 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added +### Changed + +### Deprecated + +### Removed + +### Fixed + +### Security + +## [2.9.0] - 2021-02-22 + +### Added + * bkctld-init: install check_policy template * bkctld-upgrade-config: install check_policy template if missing * test: bkctld check-incs shouldn't fail without incs_policy file @@ -17,17 +31,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Rename incs_policy template * bkctld-check-incs: Correct shellsheck warnings -### Deprecated - -### Removed - ### Fixed * tests: clean jail configuration after each test * bkctld-check-incs: Protect `jail_config_epoch` -### Security - ## [2.8.0] - 2020-11-28 ### Added diff --git a/lib/includes b/lib/includes index 92621ae..f2aae3c 100755 --- a/lib/includes +++ b/lib/includes @@ -6,7 +6,7 @@ [ -f /etc/default/bkctld ] && . /etc/default/bkctld -VERSION="2.7.0" +VERSION="2.9.0" LIBDIR=${LIBDIR:-/usr/lib/bkctld} CONFDIR="${CONFDIR:-/etc/evobackup}"