]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - config/backup/backup.pl
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
backup.pl: Run convert-ids-backend-files converter.
[people/pmueller/ipfire-2.x.git] / config / backup / backup.pl
1 #!/bin/bash
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 NOW="$(date "+%Y-%m-%d-%H:%M")"
23
24 list_addons() {
25 local file
26 for file in /var/ipfire/backup/addons/includes/*; do
27 if [ -f "${file}" ]; then
28 basename "${file}"
29 fi
30 done
31
32 return 0
33 }
34
35 process_includes() {
36 local include
37
38 for include in $@; do
39 local file
40 while read -r file; do
41 for file in ${file}; do
42 if [ -e "/${file}" ]; then
43 echo "${file}"
44 fi
45 done
46 done < "${include}"
47 done | sort -u
48 }
49
50 make_backup() {
51 local filename="${1}"
52 shift
53
54 # Backup all addons first
55 local addon
56 for addon in $(list_addons); do
57 make_addon_backup "${addon}"
58 done
59
60 # Backup using global exclude/include definitions
61 tar cvfz "${filename}" -C / \
62 --exclude-from="/var/ipfire/backup/exclude" \
63 --exclude-from="/var/ipfire/backup/exclude.user" \
64 $(process_includes "/var/ipfire/backup/include") \
65 $(process_includes "/var/ipfire/backup/include.user") \
66 "$@"
67
68 return 0
69 }
70
71 restore_backup() {
72 local filename="${1}"
73
74 # Extract backup
75 if ! tar xvzpf "${filename}" -C / \
76 --exclude-from="/var/ipfire/backup/exclude" \
77 --exclude-from="/var/ipfire/backup/exclude.user"; then
78 echo "Could not extract backup" >&2
79 return 1
80 fi
81
82 # Restart syslogd, httpd and suricata in case we've just loaded old logs
83 apachectl -k graceful
84 /bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null
85 /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null
86
87 # remove wrong vnstat tag file
88 rm -f /var/log/vnstat/tag
89
90 # create dhcpcd user
91 groupadd -g 52 dhcpcd
92 useradd -c 'dhcpcd privsep user' \
93 -d /run/dhcpcd/chroot \
94 -g dhcpcd \
95 -s /bin/false \
96 -u 52 dhcpcd
97
98 # Run converters
99
100 # Outgoing Firewall
101 if [ -d "/var/ipfire/outgoing" ]; then
102 # Reset files
103 local file
104 for file in /var/ipfire/firewall/{config,outgoing} \
105 /var/ipfire/fwhosts/custom{hosts,groups,networks}; do
106 : > "${file}"
107 chown nobody:nobody "${file}"
108 done
109
110 # Run converter
111 convert-outgoingfw
112
113 # Remove old configuration
114 rm -rf "/var/ipfire/outgoing"
115 fi
116
117 # External Access
118 if [ -d "/var/ipfire/xtaccess" ]; then
119 : > /var/ipfire/firewall/config
120 chown nobody:nobody "/var/ipfire/firewall/config"
121
122 # Run converter
123 convert-xtaccess
124
125 # Remove old configuration
126 rm -rf "/var/ipfire/xtaccess"
127 fi
128
129 # DMZ Holes
130 if [ -d "/var/ipfire/dmzholes" ] || [ -d "/var/ipfire/portfw" ]; then
131 : > /var/ipfire/firewall/config
132 chown nobody:nobody "/var/ipfire/firewall/config"
133
134 # Run converter
135 convert-dmz
136
137 # Remove old configuration
138 rm -rf "/var/ipfire/dmzholes"
139 fi
140
141 # Port Forwardings
142 if [ -d "/var/ipfire/portfw" ]; then
143 # Run converter
144 convert-portfw
145
146 # Remove old configuration
147 rm -rf "/var/ipfire/portfw"
148 fi
149
150 # Convert location
151 convert-to-location
152
153 # Reload firewall
154 firewallctrl
155
156 # Convert old OpenVPN CCD files (CN change, Core Update 75)
157 convert-ovpn
158
159 # Snort to suricata converter.
160 if [ -d "/var/ipfire/snort" ]; then
161 # Run converter
162 convert-snort
163
164 # Remove old configuration directory.
165 rm -rf "/var/ipfire/snort"
166 fi
167
168 # IDS multiple providers converter.
169 if [ -e "/var/ipfire/suricata/rules-settings" ]; then
170 # Run the converter
171 convert-ids-multiple-providers
172 fi
173
174 # IDS backend converter.
175 if [ -e "/var/ipfire/suricata/oinkmaster.conf" ]; then
176 # Run the converter
177 convert-ids-backend-files
178 fi
179
180 # Convert DNS settings
181 convert-dns-settings
182
183 # move nobeeps if exist
184 [ -e "/var/ipfire/ppp/nobeeps" ] && mv /var/ipfire/ppp/nobeeps /var/ipfire/red/nobeeps
185
186 return 0
187 }
188
189 find_logfiles() {
190 local filelist=( /var/log/messages* /var/log/*.log /var/log/**/*.log )
191
192 echo "${filelist[@]}"
193 }
194
195 make_addon_backup() {
196 local name="${1}"
197 shift
198
199 if [ ! -f "/var/ipfire/backup/addons/includes/${name}" ]; then
200 echo "${name} does not have any backup includes" >&2
201 return 1
202 fi
203
204 local filename="/var/ipfire/backup/addons/backup/${name}.ipf"
205
206 tar cvzf "${filename}" \
207 $(process_includes "/var/ipfire/backup/addons/includes/${name}")
208 }
209
210 restore_addon_backup() {
211 local name="${1}"
212
213 if [ -d "/tmp/${name}.ipf" ]; then
214 mv "/tmp/${name}.ipf" "/var/ipfire/backup/addons/backup/${name}.ipf"
215 fi
216
217 # Extract backup
218 if ! tar xvzpf "/var/ipfire/backup/addons/backup/${name}.ipf" -C /; then
219 echo "Could not extract backup" >&2
220 return 1
221 fi
222 }
223
224 main() {
225 local command="${1}"
226 shift
227
228 case "${command}" in
229 include)
230 local filename="${1}"
231
232 if [ -z "${filename}" ]; then
233 filename="/var/ipfire/backup/${NOW}.ipf"
234 fi
235
236 make_backup "${filename}" $(find_logfiles)
237 ;;
238
239 exclude)
240 local filename="${1}"
241
242 if [ -z "${filename}" ]; then
243 filename="/var/ipfire/backup/${NOW}.ipf"
244 fi
245
246 make_backup "${filename}"
247 ;;
248
249 restore)
250 local filename="${1}"
251
252 if [ -z "${filename}" ]; then
253 filename="/tmp/restore.ipf"
254 fi
255
256 restore_backup "${filename}"
257 ;;
258
259 addonbackup)
260 make_addon_backup "$@"
261 ;;
262
263 restoreaddon)
264 restore_addon_backup "${1/.ipf/}"
265 ;;
266
267 iso)
268 # Desired backup filename
269 local filename="/var/ipfire/backup/${NOW}.ipf"
270
271 if make_backup "${filename}"; then
272 /usr/local/bin/backupiso "${NOW}"
273 fi
274 ;;
275
276 makedirs)
277 mkdir -p /var/ipfire/backup/addons/{backup,includes}
278 ;;
279
280 list)
281 process_includes "/var/ipfire/backup/include" "/var/ipfire/backup/include.user"
282 ;;
283
284 /var/ipfire/backup/*.ipf|/var/ipfire/backup/addons/backup/*.ipf|/var/tmp/backupiso/*.iso)
285 unlink "${command}"
286 ;;
287
288 *)
289 echo "${0}: [include|exclude|restore|addonbackup <addon>|restoreaddon <addon>|iso]" >&2
290 return 2
291 ;;
292 esac
293
294 return $?
295 }
296
297 main "$@" || exit $?
Peter's tree of IPFire 2.x