Merge branch 'master' into debian
This commit is contained in:
commit
40882559d6
18
CHANGELOG.md
18
CHANGELOG.md
|
@ -18,6 +18,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
|
||||
### Security
|
||||
|
||||
## [2.9.0] - 2021-02-22
|
||||
|
||||
### Added
|
||||
|
||||
* bkctld-init: install check_policy template
|
||||
* bkctld-upgrade-config: install check_policy template if missing
|
||||
* test: bkctld check-incs shouldn't fail without incs_policy file
|
||||
|
||||
### Changed
|
||||
|
||||
* Rename incs_policy template
|
||||
* bkctld-check-incs: Correct shellsheck warnings
|
||||
|
||||
### Fixed
|
||||
|
||||
* tests: clean jail configuration after each test
|
||||
* bkctld-check-incs: Protect `jail_config_epoch`
|
||||
|
||||
## [2.8.0] - 2020-11-28
|
||||
|
||||
### Added
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
set -u
|
||||
|
||||
# shellcheck source=./includes
|
||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||
LIBDIR="$(dirname "$0")" && . "${LIBDIR}/includes"
|
||||
|
||||
# default return value is 0 (succes)
|
||||
rc=0
|
||||
|
@ -20,14 +20,14 @@ for jail_name in $("${LIBDIR}/bkctld-list"); do
|
|||
# Today in ISO format
|
||||
today_iso=$(date +"%Y-%m-%d")
|
||||
|
||||
# get jail last configuration date
|
||||
jail_config_epoch=$(date --date "$(stat -c %y ${incs_policy_file})" +"%s")
|
||||
|
||||
if [ -n "${incs_policy_file}" ]; then
|
||||
# loop for each line in jail configuration
|
||||
for line in $(cat ${incs_policy_file}); do
|
||||
# get jail last configuration date
|
||||
jail_config_epoch=$(date --date "$(stat -c %y "${incs_policy_file}")" +"%s")
|
||||
|
||||
# read each line in jail configuration
|
||||
while read line; do
|
||||
# inc date in ISO format
|
||||
inc_iso=$(relative_date ${line})
|
||||
inc_iso=$(relative_date "${line}")
|
||||
# inc date in seconds from epoch
|
||||
inc_epoch=$(date --date "${inc_iso}" +"%s")
|
||||
|
||||
|
@ -48,7 +48,7 @@ for jail_name in $("${LIBDIR}/bkctld-list"); do
|
|||
echo "INFO: ${jail_name} : no inc expected for ${inc_iso}"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
done < "${incs_policy_file}"
|
||||
else
|
||||
echo "INFO: ${jail_name} : no inc expected at all"
|
||||
fi
|
||||
|
|
|
@ -45,3 +45,24 @@ elif [ -f "${legacy_incs_policy_file}" ]; then
|
|||
|
||||
info "${jail_name}: config has been upgraded"
|
||||
fi
|
||||
|
||||
check_policy_file=$(jail_check_policy_file "${jail_name}")
|
||||
if [ ! -f "${check_policy_file}" ]; then
|
||||
check_policy_tpl="${TPLDIR}/check_policy.tpl"
|
||||
test -f "${LOCALTPLDIR}/check_policy.tpl" && check_policy_tpl="${LOCALTPLDIR}/check_policy.tpl"
|
||||
mkdir --parents "$(dirname "${check_policy_file}")"
|
||||
install -m 0640 "${check_policy_tpl}" "${check_policy_file}"
|
||||
|
||||
info "${jail_name}: check_policy template ha been installed"
|
||||
fi
|
||||
|
||||
legacy_incs_policy_tpl="${LOCALTPLDIR}/inc.tpl"
|
||||
incs_policy_tpl="${LOCALTPLDIR}/incs_policy.tpl"
|
||||
if [ -f "${legacy_incs_policy_tpl}" ]; then
|
||||
# Create directory if missing
|
||||
mkdir -p "$(jail_config_dir "${jail_name}")"
|
||||
# move the main config file
|
||||
mv -f "${legacy_incs_policy_tpl}" "${incs_policy_tpl}"
|
||||
|
||||
info "${jail_name}: incs_policy local template has been renamed"
|
||||
fi
|
||||
|
|
15
lib/includes
15
lib/includes
|
@ -6,7 +6,7 @@
|
|||
|
||||
[ -f /etc/default/bkctld ] && . /etc/default/bkctld
|
||||
|
||||
VERSION="2.7.0"
|
||||
VERSION="2.9.0"
|
||||
|
||||
LIBDIR=${LIBDIR:-/usr/lib/bkctld}
|
||||
CONFDIR="${CONFDIR:-/etc/evobackup}"
|
||||
|
@ -374,13 +374,20 @@ setup_jail_config() {
|
|||
info "4 - Copie default sshd_config"
|
||||
install -m 0640 "${sshd_config_tpl}" "${jail_sshd_config}"
|
||||
|
||||
inctpl="${TPLDIR}/inc.tpl"
|
||||
test -f "${LOCALTPLDIR}/inc.tpl" && inctpl="${LOCALTPLDIR}/inc.tpl"
|
||||
|
||||
info "5 - Copie default inc configuration"
|
||||
incs_policy_tpl="${TPLDIR}/incs_policy.tpl"
|
||||
test -f "${LOCALTPLDIR}/incs_policy.tpl" && incs_policy_tpl="${LOCALTPLDIR}/incs_policy.tpl"
|
||||
jail_incs_policy_file=$(jail_incs_policy_file "${jail_name}")
|
||||
mkdir --parents "$(dirname "${jail_incs_policy_file}")"
|
||||
install -m 0640 "${inctpl}" "${jail_incs_policy_file}"
|
||||
install -m 0640 "${incs_policy_tpl}" "${jail_incs_policy_file}"
|
||||
|
||||
check_policy_tpl="${TPLDIR}/check_policy.tpl"
|
||||
test -f "${LOCALTPLDIR}/check_policy.tpl" && check_policy_tpl="${LOCALTPLDIR}/check_policy.tpl"
|
||||
jail_check_policy_file=$(jail_check_policy_file "${jail_name}")
|
||||
mkdir --parents "$(dirname "${jail_check_policy_file}")"
|
||||
install -m 0640 "${check_policy_tpl}" "${jail_check_policy_file}"
|
||||
|
||||
"${LIBDIR}/bkctld-port" "${jail_name}" auto
|
||||
}
|
||||
|
||||
|
|
|
@ -235,4 +235,18 @@ OUT
|
|||
run /usr/lib/bkctld/bkctld-check-incs
|
||||
assert_equal "0" "$status"
|
||||
}
|
||||
|
||||
@test "Check-incs doesn't fail without incs_policy file" {
|
||||
# Delete all possible incs polixy files
|
||||
rm -f /etc/evobackup/${JAILNAME}
|
||||
rm -rf /etc/evobackup/${JAILNAME}.d/incs_policy
|
||||
|
||||
# Run bkctld-check-incs and store stderr in a file
|
||||
local stderrPath="${BATS_TMPDIR}/${BATS_TEST_NAME}.stderr"
|
||||
/usr/lib/bkctld/bkctld-check-incs 2> ${stderrPath}
|
||||
|
||||
# Verify if
|
||||
run grep -E "^stat:" ${stderrPath}
|
||||
assert_failure
|
||||
}
|
||||
# TODO: write many more tests for bkctld-check-incs
|
||||
|
|
|
@ -15,6 +15,16 @@ load test_helper
|
|||
fi
|
||||
}
|
||||
|
||||
@test "New jail should have a incs_policy file" {
|
||||
run test -f "/etc/evobackup/${JAILNAME}.d/incs_policy"
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "New jail should have a check_policy file" {
|
||||
run test -f "/etc/evobackup/${JAILNAME}.d/check_policy"
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "A jail should be able to be started" {
|
||||
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
||||
pid=$(cat "${JAILPATH}/${SSHD_PID}")
|
||||
|
|
|
@ -20,7 +20,8 @@ setup() {
|
|||
|
||||
teardown() {
|
||||
remove_variable "/etc/default/bkctld" "BACKUP_DISK"
|
||||
FORCE=1 /usr/lib/bkctld/bkctld-remove "${JAILNAME}" && rm -rf "${INCSPATH}"
|
||||
FORCE=1 /usr/lib/bkctld/bkctld-remove "${JAILNAME}" \
|
||||
&& rm -rf "${INCSPATH}" "/etc/evobackup/${JAILNAME}" "/etc/evobackup/${JAILNAME}.d"
|
||||
}
|
||||
|
||||
random_jail_name() {
|
||||
|
|
3
tpl/check_policy.tpl
Normal file
3
tpl/check_policy.tpl
Normal file
|
@ -0,0 +1,3 @@
|
|||
## Uncomment and adapt thresholds (values are in hours)
|
||||
# WARNING=24
|
||||
# CRITICAL=48
|
|
@ -32,17 +32,18 @@ SERVERS_FALLBACK=${SERVERS_FALLBACK:-1}
|
|||
# timeout (in seconds) for SSH connections
|
||||
SSH_CONNECT_TIMEOUT=${SSH_CONNECT_TIMEOUT:-90}
|
||||
|
||||
## We use /home/backup : feel free to use your own dir
|
||||
# We use /home/backup : feel free to use your own dir
|
||||
LOCAL_BACKUP_DIR="/home/backup"
|
||||
|
||||
# You can set "linux" or "bsd" manually or let it choose automatically
|
||||
SYSTEM=$(uname | tr '[:upper:]' '[:lower:]')
|
||||
|
||||
# Change these 2 variables if you have more than one backup cron
|
||||
PIDFILE="/var/run/evobackup.pid"
|
||||
LOGFILE="/var/log/evobackup.log"
|
||||
# Store pid and logs in a file named after this program's name
|
||||
PROGNAME=$(basename $0)
|
||||
PIDFILE="/var/run/${PROGNAME}.pid"
|
||||
LOGFILE="/var/log/${PROGNAME}.log"
|
||||
|
||||
## Enable/Disable tasks
|
||||
# Enable/Disable tasks
|
||||
LOCAL_TASKS=${LOCAL_TASKS:-1}
|
||||
SYNC_TASKS=${SYNC_TASKS:-1}
|
||||
|
||||
|
@ -145,6 +146,8 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
|||
# You can comment or uncomment sections below to customize the backup
|
||||
|
||||
## OpenLDAP : example with slapcat
|
||||
# slapcat -n 0 -l ${LOCAL_BACKUP_DIR}/config.ldap.bak
|
||||
# slapcat -n 1 -l ${LOCAL_BACKUP_DIR}/data.ldap.bak
|
||||
# slapcat -l ${LOCAL_BACKUP_DIR}/ldap.bak
|
||||
|
||||
## MySQL
|
||||
|
@ -403,6 +406,7 @@ if [ "${SYNC_TASKS}" = "1" ]; then
|
|||
--exclude "/var/log/evobackup*" \
|
||||
--exclude "/var/run" \
|
||||
--exclude "/var/spool/postfix" \
|
||||
--exclude "/var/spool/smtpd" \
|
||||
--exclude "/var/spool/squid" \
|
||||
--exclude "/var/state" \
|
||||
--exclude "lxc/*/rootfs/usr/doc" \
|
||||
|
|
Loading…
Reference in a new issue