Update upstream source from tag 'upstream/22.04'
Update to upstream version '22.04'
with Debian dir 1e633cf4f6
This commit is contained in:
commit
a177193d11
41
.drone.yml
41
.drone.yml
|
@ -1,41 +0,0 @@
|
||||||
kind: pipeline
|
|
||||||
name: default
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: build debian package
|
|
||||||
image: evolix/gbp:latest
|
|
||||||
branches:
|
|
||||||
- debian
|
|
||||||
commands:
|
|
||||||
- mk-build-deps --install --remove debian/control
|
|
||||||
- git clean --force
|
|
||||||
- gbp buildpackage
|
|
||||||
volumes:
|
|
||||||
- name: tmp
|
|
||||||
path: /tmp
|
|
||||||
when:
|
|
||||||
branch:
|
|
||||||
- debian
|
|
||||||
|
|
||||||
- name: upload debian package
|
|
||||||
image: drillster/drone-rsync
|
|
||||||
settings:
|
|
||||||
hosts: ["pub.evolix.net"]
|
|
||||||
port: 22
|
|
||||||
user: droneci
|
|
||||||
key:
|
|
||||||
from_secret: drone_private_key
|
|
||||||
target: /home/droneci/bkctld/
|
|
||||||
source: /tmp/bkctld/
|
|
||||||
delete: true
|
|
||||||
volumes:
|
|
||||||
- name: tmp
|
|
||||||
path: /tmp
|
|
||||||
when:
|
|
||||||
branch:
|
|
||||||
- debian
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
- name: tmp
|
|
||||||
host:
|
|
||||||
path: /tmp
|
|
27
client/CHANGELOG.md
Normal file
27
client/CHANGELOG.md
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
# Changelog
|
||||||
|
All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||||
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||||
|
|
||||||
|
## [Unreleased]
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
* Use --dump-dir instead of --backup-dir to supress dump-server-state warning
|
||||||
|
|
||||||
|
### Deprecated
|
||||||
|
|
||||||
|
### Removed
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
* Make start_time and stop_time compatible with OpenBSD
|
||||||
|
|
||||||
|
### Security
|
||||||
|
|
||||||
|
## [22.03]
|
||||||
|
|
||||||
|
Split client and server parts of the project
|
|
@ -20,6 +20,8 @@ set -u
|
||||||
|
|
||||||
##### Configuration ###################################################
|
##### Configuration ###################################################
|
||||||
|
|
||||||
|
VERSION="22.03"
|
||||||
|
|
||||||
# email adress for notifications
|
# email adress for notifications
|
||||||
MAIL=jdoe@example.com
|
MAIL=jdoe@example.com
|
||||||
|
|
||||||
|
@ -38,18 +40,23 @@ LOCAL_BACKUP_DIR="/home/backup"
|
||||||
# You can set "linux" or "bsd" manually or let it choose automatically
|
# You can set "linux" or "bsd" manually or let it choose automatically
|
||||||
SYSTEM=$(uname | tr '[:upper:]' '[:lower:]')
|
SYSTEM=$(uname | tr '[:upper:]' '[:lower:]')
|
||||||
|
|
||||||
# Store pid and logs in a file named after this program's name
|
# Store pid in a file named after this program's name
|
||||||
PROGNAME=$(basename $0)
|
PROGNAME=$(basename "$0")
|
||||||
PIDFILE="/var/run/${PROGNAME}.pid"
|
PIDFILE="/var/run/${PROGNAME}.pid"
|
||||||
LOGFILE="/var/log/${PROGNAME}.log"
|
|
||||||
|
# Customize the log path if you have multiple scripts and with separate logs
|
||||||
|
LOGFILE="/var/log/evobackup.log"
|
||||||
|
|
||||||
# Enable/Disable tasks
|
# Enable/Disable tasks
|
||||||
LOCAL_TASKS=${LOCAL_TASKS:-1}
|
LOCAL_TASKS=${LOCAL_TASKS:-1}
|
||||||
SYNC_TASKS=${SYNC_TASKS:-1}
|
SYNC_TASKS=${SYNC_TASKS:-1}
|
||||||
|
|
||||||
|
HOSTNAME=$(hostname)
|
||||||
|
|
||||||
##### SETUP AND FUNCTIONS #############################################
|
##### SETUP AND FUNCTIONS #############################################
|
||||||
|
|
||||||
BEGINNING=$(/bin/date +"%d-%m-%Y ; %H:%M")
|
START_EPOCH=$(/bin/date +%s)
|
||||||
|
DATE_FORMAT="%Y-%m-%d %H:%M:%S"
|
||||||
|
|
||||||
# shellcheck disable=SC2174
|
# shellcheck disable=SC2174
|
||||||
mkdir -p -m 700 ${LOCAL_BACKUP_DIR}
|
mkdir -p -m 700 ${LOCAL_BACKUP_DIR}
|
||||||
|
@ -84,6 +91,7 @@ test_server() {
|
||||||
else
|
else
|
||||||
# SSH connection failed
|
# SSH connection failed
|
||||||
new_error=$(printf "Failed to connect to \`%s' within %s seconds" "${item}" "${SSH_CONNECT_TIMEOUT}")
|
new_error=$(printf "Failed to connect to \`%s' within %s seconds" "${item}" "${SSH_CONNECT_TIMEOUT}")
|
||||||
|
log "${new_error}"
|
||||||
SERVERS_SSH_ERRORS=$(printf "%s\\n%s" "${SERVERS_SSH_ERRORS}" "${new_error}" | sed -e '/^$/d')
|
SERVERS_SSH_ERRORS=$(printf "%s\\n%s" "${SERVERS_SSH_ERRORS}" "${new_error}" | sed -e '/^$/d')
|
||||||
|
|
||||||
return 1
|
return 1
|
||||||
|
@ -97,17 +105,16 @@ pick_server() {
|
||||||
if [ "${increment}" -ge "${list_length}" ]; then
|
if [ "${increment}" -ge "${list_length}" ]; then
|
||||||
# We've reached the end of the list
|
# We've reached the end of the list
|
||||||
new_error="No more server available"
|
new_error="No more server available"
|
||||||
|
log "${new_error}"
|
||||||
SERVERS_SSH_ERRORS=$(printf "%s\\n%s" "${SERVERS_SSH_ERRORS}" "${new_error}" | sed -e '/^$/d')
|
SERVERS_SSH_ERRORS=$(printf "%s\\n%s" "${SERVERS_SSH_ERRORS}" "${new_error}" | sed -e '/^$/d')
|
||||||
|
|
||||||
# Log errors to stderr
|
# Log errors to stderr
|
||||||
printf "%s\\n" "${SERVERS_SSH_ERRORS}" >&2
|
printf "%s\\n" "${SERVERS_SSH_ERRORS}" >&2
|
||||||
# Log errors to logfile
|
|
||||||
printf "%s\\n" "${SERVERS_SSH_ERRORS}" >> $LOGFILE
|
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Extract the day of month, without leading 0 (which would give an octal based number)
|
# Extract the day of month, without leading 0 (which would give an octal based number)
|
||||||
today=$(date +%e)
|
today=$(/bin/date +%e)
|
||||||
# A salt is useful to randomize the starting point in the list
|
# A salt is useful to randomize the starting point in the list
|
||||||
# but stay identical each time it's called for a server (based on hostname).
|
# but stay identical each time it's called for a server (based on hostname).
|
||||||
salt=$(hostname | cksum | cut -d' ' -f1)
|
salt=$(hostname | cksum | cut -d' ' -f1)
|
||||||
|
@ -119,6 +126,15 @@ pick_server() {
|
||||||
|
|
||||||
echo "${SERVERS}" | cut -d' ' -f${field}
|
echo "${SERVERS}" | cut -d' ' -f${field}
|
||||||
}
|
}
|
||||||
|
log() {
|
||||||
|
msg="${1:-$(cat /dev/stdin)}"
|
||||||
|
pid=$$
|
||||||
|
printf "[%s] %s[%s]: %s\\n" \
|
||||||
|
"$(/bin/date +"${DATE_FORMAT}")" "${PROGNAME}" "${pid}" "${msg}" \
|
||||||
|
>> "${LOGFILE}"
|
||||||
|
}
|
||||||
|
|
||||||
|
log "START GLOBAL - VERSION=${VERSION} LOCAL_TASKS=${LOCAL_TASKS} SYNC_TASKS=${SYNC_TASKS}"
|
||||||
|
|
||||||
## Verify other evobackup process and kill if needed
|
## Verify other evobackup process and kill if needed
|
||||||
if [ -e "${PIDFILE}" ]; then
|
if [ -e "${PIDFILE}" ]; then
|
||||||
|
@ -133,16 +149,18 @@ if [ -e "${PIDFILE}" ]; then
|
||||||
kill -9 "${pid}"
|
kill -9 "${pid}"
|
||||||
printf "%s is still running (PID %s). Process has been killed" "$0" "${pid}\\n" >&2
|
printf "%s is still running (PID %s). Process has been killed" "$0" "${pid}\\n" >&2
|
||||||
else
|
else
|
||||||
rm -f ${PIDFILE}
|
rm -f "${PIDFILE}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
echo "$$" > ${PIDFILE}
|
echo "$$" > "${PIDFILE}"
|
||||||
# shellcheck disable=SC2064
|
# shellcheck disable=SC2064
|
||||||
trap "rm -f ${PIDFILE}" EXIT
|
trap "rm -f ${PIDFILE}" EXIT
|
||||||
|
|
||||||
##### LOCAL BACKUP ####################################################
|
##### LOCAL BACKUP ####################################################
|
||||||
|
|
||||||
if [ "${LOCAL_TASKS}" = "1" ]; then
|
if [ "${LOCAL_TASKS}" = "1" ]; then
|
||||||
|
log "START LOCAL_TASKS"
|
||||||
|
|
||||||
# You can comment or uncomment sections below to customize the backup
|
# You can comment or uncomment sections below to customize the backup
|
||||||
|
|
||||||
## OpenLDAP : example with slapcat
|
## OpenLDAP : example with slapcat
|
||||||
|
@ -173,6 +191,9 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
||||||
# mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/mysql/
|
# mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/mysql/
|
||||||
# pt-show-grants --flush --no-header > ${LOCAL_BACKUP_DIR}/mysql/all_grants.sql
|
# pt-show-grants --flush --no-header > ${LOCAL_BACKUP_DIR}/mysql/all_grants.sql
|
||||||
|
|
||||||
|
# Dump all variables
|
||||||
|
# mysql -A -e"SHOW GLOBAL VARIABLES;" > ${LOCAL_BACKUP_DIR}/MySQLCurrentSettings.txt
|
||||||
|
|
||||||
## example with SQL dump (schema only, no data) for each databases
|
## example with SQL dump (schema only, no data) for each databases
|
||||||
# mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/mysql/
|
# mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/mysql/
|
||||||
# for i in $(mysql --defaults-extra-file=/etc/mysql/debian.cnf -P 3306 -e 'show databases' -s --skip-column-names \
|
# for i in $(mysql --defaults-extra-file=/etc/mysql/debian.cnf -P 3306 -e 'show databases' -s --skip-column-names \
|
||||||
|
@ -210,9 +231,9 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
||||||
## PostgreSQL
|
## PostgreSQL
|
||||||
|
|
||||||
## Purge previous dumps
|
## Purge previous dumps
|
||||||
# rm ${LOCAL_BACKUP_DIR}/pg.*.gz
|
# rm -rf ${LOCAL_BACKUP_DIR}/pg.*.gz
|
||||||
# rm ${LOCAL_BACKUP_DIR}/pg-backup.tar
|
# rm -rf ${LOCAL_BACKUP_DIR}/pg-backup.tar
|
||||||
# rm ${LOCAL_BACKUP_DIR}/postgresql/*
|
# rm -rf ${LOCAL_BACKUP_DIR}/postgresql/*
|
||||||
## example with pg_dumpall (warning: you need space in ~postgres)
|
## example with pg_dumpall (warning: you need space in ~postgres)
|
||||||
# su - postgres -c "pg_dumpall > ~/pg.dump.bak"
|
# su - postgres -c "pg_dumpall > ~/pg.dump.bak"
|
||||||
# mv ~postgres/pg.dump.bak ${LOCAL_BACKUP_DIR}/
|
# mv ~postgres/pg.dump.bak ${LOCAL_BACKUP_DIR}/
|
||||||
|
@ -283,7 +304,7 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
||||||
# for snapshot in $(curl -s -XGET "localhost:9200/_snapshot/snaprepo/_all?pretty=true" | grep -Eo 'snapshot_[0-9]{4}-[0-9]{2}-[0-9]{2}' | head -n -10); do
|
# for snapshot in $(curl -s -XGET "localhost:9200/_snapshot/snaprepo/_all?pretty=true" | grep -Eo 'snapshot_[0-9]{4}-[0-9]{2}-[0-9]{2}' | head -n -10); do
|
||||||
# curl -s -XDELETE "localhost:9200/_snapshot/snaprepo/${snapshot}" | grep -v -Fx '{"acknowledged":true}'
|
# curl -s -XDELETE "localhost:9200/_snapshot/snaprepo/${snapshot}" | grep -v -Fx '{"acknowledged":true}'
|
||||||
# done
|
# done
|
||||||
# date=$(date +%F)
|
# date=$(/bin/date +%F)
|
||||||
# curl -s -XPUT "localhost:9200/_snapshot/snaprepo/snapshot_${date}?wait_for_completion=true" -o /tmp/es_snapshot_${date}.log
|
# curl -s -XPUT "localhost:9200/_snapshot/snaprepo/snapshot_${date}?wait_for_completion=true" -o /tmp/es_snapshot_${date}.log
|
||||||
|
|
||||||
## RabbitMQ
|
## RabbitMQ
|
||||||
|
@ -295,71 +316,95 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
||||||
|
|
||||||
#megacli -CfgSave -f ${LOCAL_BACKUP_DIR}/megacli_conf.dump -a0 >/dev/null
|
#megacli -CfgSave -f ${LOCAL_BACKUP_DIR}/megacli_conf.dump -a0 >/dev/null
|
||||||
|
|
||||||
## Dump system and kernel versions
|
|
||||||
uname -a > ${LOCAL_BACKUP_DIR}/uname
|
|
||||||
|
|
||||||
## Dump network routes with mtr and traceroute (warning: could be long with aggressive firewalls)
|
## Dump network routes with mtr and traceroute (warning: could be long with aggressive firewalls)
|
||||||
for addr in 8.8.8.8 www.evolix.fr travaux.evolix.net; do
|
for addr in 8.8.8.8 www.evolix.fr travaux.evolix.net; do
|
||||||
mtr -r ${addr} > ${LOCAL_BACKUP_DIR}/mtr-${addr}
|
mtr -r ${addr} > ${LOCAL_BACKUP_DIR}/mtr-${addr}
|
||||||
traceroute -n ${addr} > ${LOCAL_BACKUP_DIR}/traceroute-${addr} 2>&1
|
traceroute -n ${addr} > ${LOCAL_BACKUP_DIR}/traceroute-${addr} 2>&1
|
||||||
done
|
done
|
||||||
|
|
||||||
## Dump process with ps
|
server_state_dir="${LOCAL_BACKUP_DIR}/server-state"
|
||||||
ps auwwx >${LOCAL_BACKUP_DIR}/ps.out
|
|
||||||
|
dump_server_state_bin=$(command -v dump-server-state)
|
||||||
|
|
||||||
if [ "${SYSTEM}" = "linux" ]; then
|
if [ "${SYSTEM}" = "linux" ]; then
|
||||||
|
if [ -n "${dump_server_state_bin}" ]; then
|
||||||
|
${dump_server_state_bin} --all --force --dump-dir "${server_state_dir}"
|
||||||
|
else
|
||||||
|
mkdir -p "${server_state_dir}"
|
||||||
|
|
||||||
|
## Dump system and kernel versions
|
||||||
|
uname -a > ${server_state_dir}/uname.txt
|
||||||
|
|
||||||
|
## Dump process with ps
|
||||||
|
ps auwwx > ${server_state_dir}/ps.txt
|
||||||
|
|
||||||
## Dump network connections with ss
|
## Dump network connections with ss
|
||||||
ss -taupen > ${LOCAL_BACKUP_DIR}/netstat.out
|
ss -taupen > ${server_state_dir}/netstat.txt
|
||||||
|
|
||||||
## List Debian packages
|
## List Debian packages
|
||||||
dpkg -l > ${LOCAL_BACKUP_DIR}/packages
|
dpkg -l > ${server_state_dir}/packages
|
||||||
dpkg --get-selections > ${LOCAL_BACKUP_DIR}/packages.getselections
|
dpkg --get-selections > ${server_state_dir}/packages.getselections
|
||||||
apt-cache dumpavail > ${LOCAL_BACKUP_DIR}/packages.available
|
apt-cache dumpavail > ${server_state_dir}/packages.available
|
||||||
|
|
||||||
## Dump MBR / table partitions
|
|
||||||
disks=$(lsblk -l | grep disk | grep -v -E '(drbd|fd[0-9]+)' | awk '{print $1}')
|
|
||||||
for disk in ${disks}; do
|
|
||||||
dd if="/dev/${disk}" of="${LOCAL_BACKUP_DIR}/MBR-${disk}" bs=512 count=1 2>&1 | grep -Ev "(records in|records out|512 bytes)"
|
|
||||||
fdisk -l "/dev/${disk}" > "${LOCAL_BACKUP_DIR}/partitions-${disk}" 2>&1
|
|
||||||
done
|
|
||||||
cat ${LOCAL_BACKUP_DIR}/partitions-* > ${LOCAL_BACKUP_DIR}/partitions
|
|
||||||
|
|
||||||
## Dump iptables
|
## Dump iptables
|
||||||
if [ -x /sbin/iptables ]; then
|
if [ -x /sbin/iptables ]; then
|
||||||
{ /sbin/iptables -L -n -v; /sbin/iptables -t filter -L -n -v; } > ${LOCAL_BACKUP_DIR}/iptables.txt
|
{ /sbin/iptables -L -n -v; /sbin/iptables -t filter -L -n -v; } > ${server_state_dir}/iptables.txt
|
||||||
fi
|
fi
|
||||||
|
|
||||||
## Dump findmnt(8) output
|
## Dump findmnt(8) output
|
||||||
FINDMNT_BIN=$(command -v findmnt)
|
FINDMNT_BIN=$(command -v findmnt)
|
||||||
if [ -x "${FINDMNT_BIN}" ]; then
|
if [ -x "${FINDMNT_BIN}" ]; then
|
||||||
${FINDMNT_BIN} > ${LOCAL_BACKUP_DIR}/findmnt.txt
|
${FINDMNT_BIN} > ${server_state_dir}/findmnt.txt
|
||||||
fi
|
fi
|
||||||
else
|
|
||||||
## Dump network connections with fstat
|
|
||||||
fstat | head -1 > ${LOCAL_BACKUP_DIR}/netstat.out
|
|
||||||
fstat | grep internet >> ${LOCAL_BACKUP_DIR}/netstat.out
|
|
||||||
|
|
||||||
## List OpenBSD packages
|
|
||||||
pkg_info -m > ${LOCAL_BACKUP_DIR}/packages
|
|
||||||
|
|
||||||
## Dump MBR / table partitions
|
## Dump MBR / table partitions
|
||||||
disklabel sd0 > ${LOCAL_BACKUP_DIR}/partitions
|
disks=$(lsblk -l | grep disk | grep -v -E '(drbd|fd[0-9]+)' | awk '{print $1}')
|
||||||
|
for disk in ${disks}; do
|
||||||
|
dd if="/dev/${disk}" of="${server_state_dir}/MBR-${disk}" bs=512 count=1 2>&1 | grep -Ev "(records in|records out|512 bytes)"
|
||||||
|
fdisk -l "/dev/${disk}" > "${server_state_dir}/partitions-${disk}" 2>&1
|
||||||
|
done
|
||||||
|
cat ${server_state_dir}/partitions-* > ${server_state_dir}/partitions
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ -n "${dump_server_state_bin}" ]; then
|
||||||
|
${dump_server_state_bin} --all --force --backup-dir "${server_state_dir}"
|
||||||
|
else
|
||||||
|
mkdir -p "${server_state_dir}"
|
||||||
|
|
||||||
|
## Dump system and kernel versions
|
||||||
|
uname -a > ${server_state_dir}/uname
|
||||||
|
|
||||||
|
## Dump process with ps
|
||||||
|
ps auwwx > ${server_state_dir}/ps.out
|
||||||
|
|
||||||
|
## Dump network connections with fstat
|
||||||
|
fstat | head -1 > ${server_state_dir}/netstat.out
|
||||||
|
fstat | grep internet >> ${server_state_dir}/netstat.out
|
||||||
|
|
||||||
|
## List OpenBSD packages
|
||||||
|
pkg_info -m > ${server_state_dir}/packages
|
||||||
|
|
||||||
|
## Dump MBR / table partitions
|
||||||
|
disklabel sd0 > ${server_state_dir}/partitions
|
||||||
|
|
||||||
## Dump pf infos
|
## Dump pf infos
|
||||||
pfctl -sa > ${LOCAL_BACKUP_DIR}/pfctl-sa.txt
|
pfctl -sa > ${server_state_dir}/pfctl-sa.txt
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
## Dump rights
|
## Dump rights
|
||||||
#getfacl -R /var > ${LOCAL_BACKUP_DIR}/rights-var.txt
|
#getfacl -R /var > ${server_state_dir}/rights-var.txt
|
||||||
#getfacl -R /etc > ${LOCAL_BACKUP_DIR}/rights-etc.txt
|
#getfacl -R /etc > ${server_state_dir}/rights-etc.txt
|
||||||
#getfacl -R /usr > ${LOCAL_BACKUP_DIR}/rights-usr.txt
|
#getfacl -R /usr > ${server_state_dir}/rights-usr.txt
|
||||||
#getfacl -R /home > ${LOCAL_BACKUP_DIR}/rights-home.txt
|
#getfacl -R /home > ${server_state_dir}/rights-home.txt
|
||||||
|
|
||||||
|
log "STOP LOCAL_TASKS"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
##### REMOTE BACKUP ###################################################
|
##### REMOTE BACKUP ###################################################
|
||||||
|
|
||||||
|
|
||||||
|
if [ "${SYNC_TASKS}" = "1" ]; then
|
||||||
n=0
|
n=0
|
||||||
server=""
|
server=""
|
||||||
if [ "${SERVERS_FALLBACK}" = "1" ]; then
|
if [ "${SERVERS_FALLBACK}" = "1" ]; then
|
||||||
|
@ -383,16 +428,14 @@ fi
|
||||||
SSH_SERVER=$(echo "${server}" | cut -d':' -f1)
|
SSH_SERVER=$(echo "${server}" | cut -d':' -f1)
|
||||||
SSH_PORT=$(echo "${server}" | cut -d':' -f2)
|
SSH_PORT=$(echo "${server}" | cut -d':' -f2)
|
||||||
|
|
||||||
HOSTNAME=$(hostname)
|
|
||||||
|
|
||||||
if [ "${SYSTEM}" = "linux" ]; then
|
if [ "${SYSTEM}" = "linux" ]; then
|
||||||
rep="/bin /boot /lib /opt /sbin /usr"
|
rep="/bin /boot /lib /opt /sbin /usr"
|
||||||
else
|
else
|
||||||
rep="/bsd /bin /sbin /usr"
|
rep="/bsd /bin /sbin /usr"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
log "START SYNC_TASKS - server=${server}"
|
||||||
|
|
||||||
if [ "${SYNC_TASKS}" = "1" ]; then
|
|
||||||
# /!\ DO NOT USE COMMENTS in the rsync command /!\
|
# /!\ DO NOT USE COMMENTS in the rsync command /!\
|
||||||
# It breaks the command and destroys data, simply remove (or add) lines.
|
# It breaks the command and destroys data, simply remove (or add) lines.
|
||||||
|
|
||||||
|
@ -425,13 +468,13 @@ if [ "${SYNC_TASKS}" = "1" ]; then
|
||||||
--exclude "/var/lib/postgresql" \
|
--exclude "/var/lib/postgresql" \
|
||||||
--exclude "/var/lib/sympa" \
|
--exclude "/var/lib/sympa" \
|
||||||
--exclude "/var/lock" \
|
--exclude "/var/lock" \
|
||||||
--exclude "/var/log" \
|
|
||||||
--exclude "/var/log/evobackup*" \
|
|
||||||
--exclude "/var/run" \
|
--exclude "/var/run" \
|
||||||
--exclude "/var/spool/postfix" \
|
--exclude "/var/spool/postfix" \
|
||||||
--exclude "/var/spool/smtpd" \
|
--exclude "/var/spool/smtpd" \
|
||||||
--exclude "/var/spool/squid" \
|
--exclude "/var/spool/squid" \
|
||||||
--exclude "/var/state" \
|
--exclude "/var/state" \
|
||||||
|
--exclude "/var/tmp" \
|
||||||
|
--exclude "lxc/*/rootfs/tmp" \
|
||||||
--exclude "lxc/*/rootfs/usr/doc" \
|
--exclude "lxc/*/rootfs/usr/doc" \
|
||||||
--exclude "lxc/*/rootfs/usr/obj" \
|
--exclude "lxc/*/rootfs/usr/obj" \
|
||||||
--exclude "lxc/*/rootfs/usr/share/doc" \
|
--exclude "lxc/*/rootfs/usr/share/doc" \
|
||||||
|
@ -444,6 +487,7 @@ if [ "${SYNC_TASKS}" = "1" ]; then
|
||||||
--exclude "lxc/*/rootfs/var/log" \
|
--exclude "lxc/*/rootfs/var/log" \
|
||||||
--exclude "lxc/*/rootfs/var/run" \
|
--exclude "lxc/*/rootfs/var/run" \
|
||||||
--exclude "lxc/*/rootfs/var/state" \
|
--exclude "lxc/*/rootfs/var/state" \
|
||||||
|
--exclude "lxc/*/rootfs/var/tmp" \
|
||||||
--exclude "/home/mysqltmp" \
|
--exclude "/home/mysqltmp" \
|
||||||
${rep} \
|
${rep} \
|
||||||
/etc \
|
/etc \
|
||||||
|
@ -453,20 +497,24 @@ if [ "${SYNC_TASKS}" = "1" ]; then
|
||||||
-e "${RSH_COMMAND}" \
|
-e "${RSH_COMMAND}" \
|
||||||
"root@${SSH_SERVER}:/var/backup/" \
|
"root@${SSH_SERVER}:/var/backup/" \
|
||||||
| tail -30 >> $LOGFILE
|
| tail -30 >> $LOGFILE
|
||||||
|
|
||||||
|
log "STOP SYNC_TASKS - server=${server}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
##### REPORTING #######################################################
|
##### REPORTING #######################################################
|
||||||
|
|
||||||
END=$(/bin/date +"%d-%m-%Y ; %H:%M")
|
STOP_EPOCH=$(/bin/date +%s)
|
||||||
|
|
||||||
printf "EvoBackup - %s - START %s ON %s (LOCAL_TASKS=%s SYNC_TASKS=%s)\\n" \
|
if [ "${SYSTEM}" = "openbsd" ]; then
|
||||||
"${HOSTNAME}" "${BEGINNING}" "${SSH_SERVER}" "${LOCAL_TASKS}" "${SYNC_TASKS}" \
|
start_time=$(/bin/date -f "%s" -j "${START_EPOCH}" +"${DATE_FORMAT}")
|
||||||
>> $LOGFILE
|
stop_time=$(/bin/date -f "%s" -j "${STOP_EPOCH}" +"${DATE_FORMAT}")
|
||||||
|
else
|
||||||
|
start_time=$(/bin/date --date="@${START_EPOCH}" +"${DATE_FORMAT}")
|
||||||
|
stop_time=$(/bin/date --date="@${STOP_EPOCH}" +"${DATE_FORMAT}")
|
||||||
|
fi
|
||||||
|
duration=$(( STOP_EPOCH - START_EPOCH ))
|
||||||
|
|
||||||
printf "EvoBackup - %s - STOP %s ON %s (LOCAL_TASKS=%s SYNC_TASKS=%s)\\n" \
|
log "STOP GLOBAL - start='${start_time}' stop='${stop_time}' duration=${duration}s"
|
||||||
"${HOSTNAME}" "${END}" "${SSH_SERVER}" "${LOCAL_TASKS}" "${SYNC_TASKS}" \
|
|
||||||
>> $LOGFILE
|
|
||||||
|
|
||||||
tail -10 $LOGFILE | \
|
tail -20 "${LOGFILE}" \
|
||||||
mail -s "[info] EvoBackup - Client ${HOSTNAME}" \
|
| mail -s "[info] EvoBackup - Client ${HOSTNAME}" ${MAIL}
|
||||||
${MAIL}
|
|
0
.gitignore → server/.gitignore
vendored
0
.gitignore → server/.gitignore
vendored
|
@ -6,10 +6,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
### Added
|
|
||||||
|
|
||||||
### Changed
|
|
||||||
|
|
||||||
### Deprecated
|
### Deprecated
|
||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
|
@ -18,6 +14,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
## [22.04] - 2022-04-20
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
* Run the test suite on Bullseye (ext4/btrfs) in addition of Stretch and Buster (ext4/btrfs)
|
||||||
|
* Tell sed to follow symlinks
|
||||||
|
* Add a header in `bkctld status` output and improved columns width.
|
||||||
|
* bkctld-check-setup: compatibility with minifirewall 22.03+
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
* change versioning pattern
|
||||||
|
|
||||||
## [2.12.0] - 2021-11-02
|
## [2.12.0] - 2021-11-02
|
||||||
|
|
||||||
### Changed
|
### Changed
|
4
Vagrantfile → server/Vagrantfile
vendored
4
Vagrantfile → server/Vagrantfile
vendored
|
@ -28,8 +28,8 @@ DEBIAN_FRONTEND=noninteractive apt-get -yq install openssh-server btrfs-progs rs
|
||||||
SCRIPT
|
SCRIPT
|
||||||
|
|
||||||
$pre_part = <<SCRIPT
|
$pre_part = <<SCRIPT
|
||||||
sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
|
sed --follow-symlinks --in-place -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
|
||||||
sed -i -e 's/# fr_FR.UTF-8 UTF-8/fr_FR.UTF-8 UTF-8/' /etc/locale.gen && \
|
sed --follow-symlinks --in-place -e 's/# fr_FR.UTF-8 UTF-8/fr_FR.UTF-8 UTF-8/' /etc/locale.gen && \
|
||||||
echo 'LANG="fr_FR.UTF-8"'>/etc/default/locale && \
|
echo 'LANG="fr_FR.UTF-8"'>/etc/default/locale && \
|
||||||
dpkg-reconfigure --frontend=noninteractive locales && \
|
dpkg-reconfigure --frontend=noninteractive locales && \
|
||||||
update-locale LANG=fr_FR.UTF-8
|
update-locale LANG=fr_FR.UTF-8
|
|
@ -116,6 +116,7 @@ case "${subcommand}" in
|
||||||
;;
|
;;
|
||||||
"status")
|
"status")
|
||||||
jail_name="${2:-}"
|
jail_name="${2:-}"
|
||||||
|
printf '%-30s %-10s %-10s %-25s %-20s\n' 'JAIL NAME' 'STATUS' 'PORT' 'RETENTION (DAY/MONTH)' 'IP'
|
||||||
if [ "${jail_name}" = "all" ] || [ -z "${jail_name}" ]; then
|
if [ "${jail_name}" = "all" ] || [ -z "${jail_name}" ]; then
|
||||||
for jail in $("${LIBDIR}/bkctld-list"); do
|
for jail in $("${LIBDIR}/bkctld-list"); do
|
||||||
"${LIBDIR}/bkctld-${subcommand}" "${jail}"
|
"${LIBDIR}/bkctld-${subcommand}" "${jail}"
|
|
@ -8,7 +8,7 @@ this git repository with git-buildpackage and sbuild.
|
||||||
Install Debian dependencies :
|
Install Debian dependencies :
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
apt install git-buildpackage sbuild dh-exec
|
apt install git-buildpackage sbuild
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
Add your user to sbuild :
|
Add your user to sbuild :
|
||||||
|
@ -50,4 +50,5 @@ Launch git-buildpackage :
|
||||||
gbp buildpackage
|
gbp buildpackage
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
To update the debian changelog, use the command `debchange`
|
The generated build files (including the `.deb`) are located in the `/tmp/bkctld/` directory.
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
A Debian package is available in the Evolix repository
|
A Debian package is available in the Evolix repository
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
echo "http://pub.evolix.net/jessie/" >> /etc/apt/sources.list
|
echo "deb http://pub.evolix.net/ stretch" >> /etc/apt/sources.list
|
||||||
apt update
|
apt update
|
||||||
apt install bkctld
|
apt install bkctld
|
||||||
~~~
|
~~~
|
|
@ -26,6 +26,9 @@ for jail_name in $("${LIBDIR}/bkctld-list"); do
|
||||||
|
|
||||||
# read each line in jail configuration
|
# read each line in jail configuration
|
||||||
while read line; do
|
while read line; do
|
||||||
|
## TODO
|
||||||
|
# deal with empty lines
|
||||||
|
|
||||||
# inc date in ISO format
|
# inc date in ISO format
|
||||||
inc_iso=$(relative_date "${line}")
|
inc_iso=$(relative_date "${line}")
|
||||||
# inc date in seconds from epoch
|
# inc date in seconds from epoch
|
|
@ -29,10 +29,16 @@ fi
|
||||||
# Check if the firewall file is sourced
|
# Check if the firewall file is sourced
|
||||||
|
|
||||||
minifirewall_config=/etc/default/minifirewall
|
minifirewall_config=/etc/default/minifirewall
|
||||||
|
minifirewall_version=$(/etc/init.d/minifirewall status | head -1 | cut -d ' ' -f 3)
|
||||||
|
|
||||||
if [ -n "${FIREWALL_RULES}" ] \
|
if [ -n "${FIREWALL_RULES}" ] \
|
||||||
&& [ -r "${FIREWALL_RULES}" ] \
|
&& [ -r "${FIREWALL_RULES}" ] \
|
||||||
&& [ -f "${minifirewall_config}" ]; then
|
&& [ -f "${minifirewall_config}" ]; then
|
||||||
|
if [ -n "${minifirewall_version}" ] && dpkg --compare-versions "${minifirewall_version}" ge "22.03"; then
|
||||||
|
# Minifirewall 22.03+ includes files automatically
|
||||||
|
nb_ok=$((nb_ok + 1))
|
||||||
|
output="${output}OK - Firewall file \`${FIREWALL_RULES}' is present.\n"
|
||||||
|
else
|
||||||
if grep -qE "^(\.|source) ${FIREWALL_RULES}" "${minifirewall_config}"; then
|
if grep -qE "^(\.|source) ${FIREWALL_RULES}" "${minifirewall_config}"; then
|
||||||
nb_ok=$((nb_ok + 1))
|
nb_ok=$((nb_ok + 1))
|
||||||
output="${output}OK - Firewall file \`${FIREWALL_RULES}' is sourced by \`${minifirewall_config}'.\n"
|
output="${output}OK - Firewall file \`${FIREWALL_RULES}' is sourced by \`${minifirewall_config}'.\n"
|
||||||
|
@ -42,6 +48,7 @@ if [ -n "${FIREWALL_RULES}" ] \
|
||||||
[ "${return}" -le 1 ] && return=1
|
[ "${return}" -le 1 ] && return=1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# Check if jails are started
|
# Check if jails are started
|
||||||
nb_on=0
|
nb_on=0
|
|
@ -25,7 +25,7 @@ iptables_input_accept() {
|
||||||
|
|
||||||
if [ -n "${FIREWALL_RULES}" ]; then
|
if [ -n "${FIREWALL_RULES}" ]; then
|
||||||
# remove existing rules for this jail
|
# remove existing rules for this jail
|
||||||
[ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail_name}$/d" "${FIREWALL_RULES}"
|
[ -f "${FIREWALL_RULES}" ] && sed --follow-symlinks --in-place "/#${jail_name}$/d" "${FIREWALL_RULES}"
|
||||||
if [ -d "${jail_path}" ]; then
|
if [ -d "${jail_path}" ]; then
|
||||||
port=$("${LIBDIR}/bkctld-port" "${jail_name}")
|
port=$("${LIBDIR}/bkctld-port" "${jail_name}")
|
||||||
# Add a rule for each IP
|
# Add a rule for each IP
|
|
@ -16,7 +16,7 @@ create_inc_btrfs() {
|
||||||
|
|
||||||
btrfs_bin=$(command -v btrfs)
|
btrfs_bin=$(command -v btrfs)
|
||||||
if [ -z "${btrfs_bin}" ]; then
|
if [ -z "${btrfs_bin}" ]; then
|
||||||
error "btrfs not found. Please install brtfs-progs."
|
error "btrfs not found. Please install btrfs-progs."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if dry_run; then
|
if dry_run; then
|
|
@ -13,8 +13,8 @@ target_path="${2:?}"
|
||||||
lock_target() {
|
lock_target() {
|
||||||
target="${1:?}"
|
target="${1:?}"
|
||||||
btrfs_bin=$(command -v btrfs)
|
btrfs_bin=$(command -v btrfs)
|
||||||
if [ -z ${btrfs_bin} ]; then
|
if [ -z ${btrfs_bin} ]; then
|
||||||
error "btrfs not found. Please install brtfs-progs."
|
error "btrfs not found. Please install btrfs-progs."
|
||||||
fi
|
fi
|
||||||
if is_btrfs "${target}"; then
|
if is_btrfs "${target}"; then
|
||||||
${btrfs_bin} property set -ts "${target}" ro true
|
${btrfs_bin} property set -ts "${target}" ro true
|
||||||
|
@ -26,7 +26,7 @@ lock_target() {
|
||||||
unlock_target() {
|
unlock_target() {
|
||||||
target="${1:?}"
|
target="${1:?}"
|
||||||
btrfs_bin=$(command -v btrfs)
|
btrfs_bin=$(command -v btrfs)
|
||||||
if [ -z ${btrfs_bin} ]; then
|
if [ -z ${btrfs_bin} ]; then
|
||||||
error "btrfs not found. Please install brtfs-progs."
|
error "btrfs not found. Please install brtfs-progs."
|
||||||
fi
|
fi
|
||||||
if is_btrfs "${target}"; then
|
if is_btrfs "${target}"; then
|
|
@ -18,12 +18,11 @@ test -d "${jail_path}" && error "Skip jail \`${jail_name}' : it already exists"
|
||||||
# Create config and jails directory
|
# Create config and jails directory
|
||||||
mkdir --parents "${CONFDIR}" "${JAILDIR}"
|
mkdir --parents "${CONFDIR}" "${JAILDIR}"
|
||||||
|
|
||||||
btrfs_bin=$(command -v btrfs)
|
|
||||||
if [ -z ${btrfs_bin} ]; then
|
|
||||||
error "btrfs not found. Please install brtfs-progs."
|
|
||||||
fi
|
|
||||||
|
|
||||||
if is_btrfs "$(dirname "${JAILDIR}")" || is_btrfs "${JAILDIR}"; then
|
if is_btrfs "$(dirname "${JAILDIR}")" || is_btrfs "${JAILDIR}"; then
|
||||||
|
btrfs_bin=$(command -v btrfs)
|
||||||
|
if [ -z ${btrfs_bin} ]; then
|
||||||
|
error "btrfs not found. Please install btrfs-progs."
|
||||||
|
fi
|
||||||
${btrfs_bin} subvolume create "${jail_path}"
|
${btrfs_bin} subvolume create "${jail_path}"
|
||||||
else
|
else
|
||||||
mkdir --parents "${jail_path}"
|
mkdir --parents "${jail_path}"
|
|
@ -38,7 +38,7 @@ else
|
||||||
allow_users="${allow_users} root@${new_ip}"
|
allow_users="${allow_users} root@${new_ip}"
|
||||||
done
|
done
|
||||||
if grep -q -E "^AllowUsers" "${jail_sshd_config}"; then
|
if grep -q -E "^AllowUsers" "${jail_sshd_config}"; then
|
||||||
sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_sshd_config}"
|
sed --follow-symlinks --in-place "s~^AllowUsers .*~${allow_users}~" "${jail_sshd_config}"
|
||||||
else
|
else
|
||||||
error "No \`AllowUsers' directive found in \`${jail_sshd_config}'"
|
error "No \`AllowUsers' directive found in \`${jail_sshd_config}'"
|
||||||
fi
|
fi
|
|
@ -27,7 +27,7 @@ else
|
||||||
port=$((port+1))
|
port=$((port+1))
|
||||||
[ "${port}" -le 1 ] && port=2222
|
[ "${port}" -le 1 ] && port=2222
|
||||||
fi
|
fi
|
||||||
sed -i "s/^Port .*/Port ${port}/" "${jail_sshd_config}"
|
sed --follow-symlinks --in-place "s/^Port .*/Port ${port}/" "${jail_sshd_config}"
|
||||||
|
|
||||||
notice "Update SSH port \`${port}' for jail \`${jail_name}' : OK"
|
notice "Update SSH port \`${port}' for jail \`${jail_name}' : OK"
|
||||||
|
|
|
@ -53,8 +53,8 @@ rm -f "${CONFDIR}/${jail_name}"
|
||||||
rm -rf "$(jail_config_dir "${jail_name}")"
|
rm -rf "$(jail_config_dir "${jail_name}")"
|
||||||
|
|
||||||
btrfs_bin=$(command -v btrfs)
|
btrfs_bin=$(command -v btrfs)
|
||||||
if [ -z ${btrfs_bin} ]; then
|
if [ -z ${btrfs_bin} ]; then
|
||||||
error "btrfs not found. Please install brtfs-progs."
|
error "btrfs not found. Please install btrfs-progs."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if is_btrfs "${jail_path}"; then
|
if is_btrfs "${jail_path}"; then
|
|
@ -63,8 +63,8 @@ delete_inc_btrfs() {
|
||||||
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
||||||
btrfs_bin=$(command -v btrfs)
|
btrfs_bin=$(command -v btrfs)
|
||||||
|
|
||||||
if [ -z ${btrfs_bin} ]; then
|
if [ -z ${btrfs_bin} ]; then
|
||||||
error "btrfs not found. Please install brtfs-progs."
|
error "btrfs not found. Please install btrfs-progs."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if dry_run; then
|
if dry_run; then
|
|
@ -27,4 +27,4 @@ status="OFF"
|
||||||
port=$("${LIBDIR}/bkctld-port" "${jail_name}")
|
port=$("${LIBDIR}/bkctld-port" "${jail_name}")
|
||||||
ip=$("${LIBDIR}/bkctld-ip" "${jail_name}" | xargs | tr -s ' ' ',')
|
ip=$("${LIBDIR}/bkctld-ip" "${jail_name}" | xargs | tr -s ' ' ',')
|
||||||
|
|
||||||
echo "${jail_name} ${status} ${port} ${incs_policy} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
|
echo "${jail_name} ${status} ${port} ${incs_policy} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 25s %- 20s\n", $1, $2, $3, $4, $5); }'
|
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
[ -f /etc/default/bkctld ] && . /etc/default/bkctld
|
[ -f /etc/default/bkctld ] && . /etc/default/bkctld
|
||||||
|
|
||||||
VERSION="2.11.1"
|
VERSION="22.04"
|
||||||
|
|
||||||
LIBDIR=${LIBDIR:-/usr/lib/bkctld}
|
LIBDIR=${LIBDIR:-/usr/lib/bkctld}
|
||||||
CONFDIR="${CONFDIR:-/etc/evobackup}"
|
CONFDIR="${CONFDIR:-/etc/evobackup}"
|
||||||
|
@ -34,7 +34,7 @@ show_version() {
|
||||||
cat <<END
|
cat <<END
|
||||||
bkctld version ${VERSION}
|
bkctld version ${VERSION}
|
||||||
|
|
||||||
Copyright 2004-2021 Evolix <info@evolix.fr>,
|
Copyright 2004-2022 Evolix <info@evolix.fr>,
|
||||||
Victor Laborie <vlaborie@evolix.fr>,
|
Victor Laborie <vlaborie@evolix.fr>,
|
||||||
Jérémy Lecour <jlecour@evolix.fr>
|
Jérémy Lecour <jlecour@evolix.fr>
|
||||||
and others.
|
and others.
|
|
@ -144,7 +144,8 @@ OUT
|
||||||
@test "Check setup WARNING if firewall rules are not sourced" {
|
@test "Check setup WARNING if firewall rules are not sourced" {
|
||||||
/usr/lib/bkctld/bkctld-start ${JAILNAME}
|
/usr/lib/bkctld/bkctld-start ${JAILNAME}
|
||||||
|
|
||||||
firewall_rules_file="/etc/firewall.rc.jails"
|
mkdir /etc/minifirewall.d/
|
||||||
|
firewall_rules_file="/etc/minifirewall.d/bkctld"
|
||||||
set_variable "/etc/default/bkctld" "FIREWALL_RULES" "${firewall_rules_file}"
|
set_variable "/etc/default/bkctld" "FIREWALL_RULES" "${firewall_rules_file}"
|
||||||
echo "" > "${firewall_rules_file}"
|
echo "" > "${firewall_rules_file}"
|
||||||
|
|
||||||
|
@ -158,7 +159,8 @@ OUT
|
||||||
@test "Check setup OK if firewall rules are sourced" {
|
@test "Check setup OK if firewall rules are sourced" {
|
||||||
/usr/lib/bkctld/bkctld-start ${JAILNAME}
|
/usr/lib/bkctld/bkctld-start ${JAILNAME}
|
||||||
|
|
||||||
firewall_rules_file="/etc/firewall.rc.jails"
|
mkdir /etc/minifirewall.d/
|
||||||
|
firewall_rules_file="/etc/minifirewall.d/bkctld"
|
||||||
set_variable "/etc/default/bkctld" "FIREWALL_RULES" "${firewall_rules_file}"
|
set_variable "/etc/default/bkctld" "FIREWALL_RULES" "${firewall_rules_file}"
|
||||||
echo "" > "${firewall_rules_file}"
|
echo "" > "${firewall_rules_file}"
|
||||||
|
|
|
@ -61,7 +61,7 @@ load test_helper
|
||||||
|
|
||||||
@test "Missing AllowUsers" {
|
@test "Missing AllowUsers" {
|
||||||
# Remove AllowUsers directive in SSH config
|
# Remove AllowUsers directive in SSH config
|
||||||
sed -i '/^AllowUsers/d' "${JAILPATH}/etc/ssh/sshd_config"
|
sed --follow-symlinks --in-place '/^AllowUsers/d' "${JAILPATH}/etc/ssh/sshd_config"
|
||||||
# An error should be raised when trying to add an IP restriction
|
# An error should be raised when trying to add an IP restriction
|
||||||
run /usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
|
run /usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
|
||||||
assert_failure
|
assert_failure
|
|
@ -40,7 +40,7 @@ set_variable() {
|
||||||
var_value=${3:-}
|
var_value=${3:-}
|
||||||
|
|
||||||
if grep -qE "^\s*${var_name}=" "${file}"; then
|
if grep -qE "^\s*${var_name}=" "${file}"; then
|
||||||
sed -i "s|^\s*${var_name}=.*|${var_name}=${var_value}|" "${file}"
|
sed --follow-symlinks --in-place "s|^\s*${var_name}=.*|${var_name}=${var_value}|" "${file}"
|
||||||
else
|
else
|
||||||
echo "${var_name}=${var_value}" >> "${file}"
|
echo "${var_name}=${var_value}" >> "${file}"
|
||||||
fi
|
fi
|
||||||
|
@ -49,7 +49,7 @@ remove_variable() {
|
||||||
file=${1:?}
|
file=${1:?}
|
||||||
var_name=${2:?}
|
var_name=${2:?}
|
||||||
|
|
||||||
sed -i "s|^\s*${var_name}=.*|d" "${file}"
|
sed --follow-symlinks --in-place "s|^\s*${var_name}=.*|d" "${file}"
|
||||||
}
|
}
|
||||||
|
|
||||||
is_btrfs() {
|
is_btrfs() {
|
Loading…
Reference in a new issue