[people/pmueller/ipfire-2.x.git] / config / backup / backup.pl

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2014  IPFire Team  <info@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

NOW="$(date "+%Y-%m-%d-%H:%M")"

list_addons() {
	local file
	for file in /var/ipfire/backup/addons/includes/*; do
		if [ -f "${file}" ]; then
			basename "${file}"
		fi
	done

	return 0
}

process_includes() {
	local include

	for include in $@; do
		local file
		while read -r file; do
			for file in ${file}; do
				if [ -e "${file}" ]; then
					echo "${file}"
				fi
			done
		done < "${include}"
	done | sort -u
}

make_backup() {
	local filename="${1}"
	shift

	# Backup all addons first
	local addon
	for addon in $(list_addons); do
		make_addon_backup "${addon}"
	done

	# Backup using global exclude/include definitions
	tar cvf "${filename}" \
		--exclude-from="/var/ipfire/backup/exclude" \
		$(process_includes "/var/ipfire/backup/include") \
		"$@"

	# Backup using user exclude/include definitions and append to global backup
	tar rvf "${filename}" \
		--exclude-from="/var/ipfire/backup/exclude.user" \
		$(process_includes "/var/ipfire/backup/include.user") \
		"$@"

	# gzip the combined global/user backup and use .ipf suffix
	gzip --suffix .ipf "${filename}"

	return 0
}

restore_backup() {
	local filename="${1}"

	tar xvzpf "${filename}" -C /

	# Restart syslogd, httpd and suricata in case we've just loaded old logs
	apachectl -k graceful
	/bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null
	/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null

	# remove wrong vnstat tag file
	rm -f /var/log/vnstat/tag

	# create dhcpcd user
	groupadd -g 52 dhcpcd
	useradd -c 'dhcpcd privsep user'	\
		-d /run/dhcpcd/chroot		\
		-g dhcpcd			\
		-s /bin/false			\
		-u 52 dhcpcd

	# Run converters

	# Outgoing Firewall
	if [ -d "/var/ipfire/outgoing" ]; then
		# Reset files
		local file
		for file in /var/ipfire/firewall/{config,outgoing} \
				/var/ipfire/fwhosts/custom{hosts,groups,networks}; do
			: > "${file}"
			chown nobody:nobody "${file}"
		done

		# Run converter
		convert-outgoingfw

		# Remove old configuration
		rm -rf "/var/ipfire/outgoing"
	fi

	# External Access
	if [ -d "/var/ipfire/xtaccess" ]; then
		: > /var/ipfire/firewall/config
		chown nobody:nobody "/var/ipfire/firewall/config"

		# Run converter
		convert-xtaccess

		# Remove old configuration
		rm -rf "/var/ipfire/xtaccess"
	fi

	# DMZ Holes
	if [ -d "/var/ipfire/dmzholes" ] || [ -d "/var/ipfire/portfw" ]; then
		: > /var/ipfire/firewall/config
		chown nobody:nobody "/var/ipfire/firewall/config"

		# Run converter
		convert-dmz

		# Remove old configuration
		rm -rf "/var/ipfire/dmzholes"
	fi

	# Port Forwardings
	if [ -d "/var/ipfire/portfw" ]; then
		# Run converter
		convert-portfw

		# Remove old configuration
		rm -rf "/var/ipfire/portfw"
	fi

	# Convert location
	convert-to-location

	# Reload firewall
	firewallctrl

	# Convert old OpenVPN CCD files (CN change, Core Update 75)
	convert-ovpn

	# Snort to suricata converter.
	if [ -d "/var/ipfire/snort" ]; then
		# Run converter
		convert-snort

		# Remove old configuration directory.
		rm -rf "/var/ipfire/snort"
	fi

	# Convert DNS settings
	convert-dns-settings

	# move nobeeps if exist
	[ -e "/var/ipfire/ppp/nobeeps" ] && mv /var/ipfire/ppp/nobeeps /var/ipfire/red/nobeeps

	return 0
}

find_logfiles() {
	local filelist=( /var/log/messages* /var/log/*.log /var/log/**/*.log )

	echo "${filelist[@]}"
}

make_addon_backup() {
	local name="${1}"
	shift

	if [ ! -f "/var/ipfire/backup/addons/includes/${name}" ]; then
		echo "${name} does not have any backup includes" >&2
		return 1
	fi

	local filename="/var/ipfire/backup/addons/backup/${name}.ipf"

	tar cvzf "${filename}" \
		$(process_includes "/var/ipfire/backup/addons/includes/${name}")
}

restore_addon_backup() {
	local name="${1}"

	if [ -d "/tmp/${name}.ipf" ]; then
		mv "/tmp/${name}.ipf" "/var/ipfire/backup/addons/backup/${name}.ipf"
	fi

	tar xvzpf "/var/ipfire/backup/addons/backup/${name}.ipf" -C /
}

main() {
	local command="${1}"
	shift

	case "${command}" in
		include)
			local filename="${1}"

			if [ -z "${filename}" ]; then
				filename="/var/ipfire/backup/${NOW}"
			fi

			make_backup "${filename}" $(find_logfiles)
			;;

		exclude)
			local filename="${1}"

			if [ -z "${filename}" ]; then
				filename="/var/ipfire/backup/${NOW}"
			fi

			make_backup "${filename}"
			;;

		restore)
			local filename="${1}"

			if [ -z "${filename}" ]; then
				filename="/tmp/restore.ipf"
			fi

			restore_backup "/tmp/restore.ipf"
			;;

		addonbackup)
			make_addon_backup "$@"
			;;

		restoreaddon)
			restore_addon_backup "${1/.ipf/}"
			;;

		iso)
			# Desired backup filename
			local filename="/var/ipfire/backup/${NOW}.ipf"

			if make_backup "${filename}"; then
				/usr/local/bin/backupiso "${NOW}" &
			fi
			;;

		makedirs)
			mkdir -p /var/ipfire/backup/addons/{backup,includes}
			;;

		list)
			process_includes "/var/ipfire/backup/include" "/var/ipfire/backup/include.user"
			;;

		/var/ipfire/backup/*.ipf|/var/ipfire/backup/addons/backup/*.ipf|/var/tmp/backupiso/*.iso)
			unlink "${command}"
			;;

		*)
			echo "${0}: [include|exclude|restore|addonbackup <addon>|restoreaddon <addon>|iso]" >&2
			return 2
			;;
	esac

	return $?
}

main "$@" || exit $?
Commit	Line	Data
c7b7a70d	1	#!/bin/bash
70df8302 MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
2b4593b2	5	# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
70df8302 MT	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
cf29614f	21
c7b7a70d MT	22	NOW="$(date "+%Y-%m-%d-%H:%M")"
	23
	24	list_addons() {
	25	local file
	26	for file in /var/ipfire/backup/addons/includes/*; do
	27	if [ -f "${file}" ]; then
	28	basename "${file}"
	29	fi
	30	done
	31
	32	return 0
8e8bbd9d	33	}
c7b7a70d MT	34
	35	process_includes() {
	36	local include
	37
	38	for include in $@; do
	39	local file
	40	while read -r file; do
4f10c0b3	41	for file in ${file}; do
c7b7a70d MT	42	if [ -e "${file}" ]; then
	43	echo "${file}"
	44	fi
4f10c0b3	45	done
c7b7a70d MT	46	done < "${include}"
c7b7a70d MT	47	done \| sort -u
5ad5a6bc	48	}
c7b7a70d MT	49
	50	make_backup() {
	51	local filename="${1}"
	52	shift
	53
	54	# Backup all addons first
	55	local addon
	56	for addon in $(list_addons); do
	57	make_addon_backup "${addon}"
	58	done
	59
e5f3e039 AB	60	# Backup using global exclude/include definitions
e5f3e039 AB	61	tar cvf "${filename}" \
c7b7a70d	62	--exclude-from="/var/ipfire/backup/exclude" \
e5f3e039 AB	63	$(process_includes "/var/ipfire/backup/include") \
	64	"$@"
	65
	66	# Backup using user exclude/include definitions and append to global backup
	67	tar rvf "${filename}" \
c7b7a70d	68	--exclude-from="/var/ipfire/backup/exclude.user" \
e5f3e039	69	$(process_includes "/var/ipfire/backup/include.user") \
c7b7a70d MT	70	"$@"
c7b7a70d MT	71
e5f3e039 AB	72	# gzip the combined global/user backup and use .ipf suffix
	73	gzip --suffix .ipf "${filename}"
	74
c7b7a70d	75	return 0
cf29614f	76	}
c7b7a70d MT	77
	78	restore_backup() {
	79	local filename="${1}"
	80
	81	tar xvzpf "${filename}" -C /
	82
28797d48 TF	83	# Restart syslogd, httpd and suricata in case we've just loaded old logs
	84	apachectl -k graceful
	85	/bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null
	86	/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null
	87
5562f26f AF	88	# remove wrong vnstat tag file
	89	rm -f /var/log/vnstat/tag
	90
34b7b986 AF	91	# create dhcpcd user
	92	groupadd -g 52 dhcpcd
	93	useradd -c 'dhcpcd privsep user' \
	94	-d /run/dhcpcd/chroot \
	95	-g dhcpcd \
	96	-s /bin/false \
	97	-u 52 dhcpcd
	98
c7b7a70d MT	99	# Run converters
	100
	101	# Outgoing Firewall
	102	if [ -d "/var/ipfire/outgoing" ]; then
	103	# Reset files
	104	local file
	105	for file in /var/ipfire/firewall/{config,outgoing} \
	106	/var/ipfire/fwhosts/custom{hosts,groups,networks}; do
	107	: > "${file}"
	108	chown nobody:nobody "${file}"
	109	done
	110
	111	# Run converter
	112	convert-outgoingfw
	113
	114	# Remove old configuration
	115	rm -rf "/var/ipfire/outgoing"
	116	fi
	117
	118	# External Access
	119	if [ -d "/var/ipfire/xtaccess" ]; then
	120	: > /var/ipfire/firewall/config
	121	chown nobody:nobody "/var/ipfire/firewall/config"
	122
	123	# Run converter
	124	convert-xtaccess
	125
	126	# Remove old configuration
	127	rm -rf "/var/ipfire/xtaccess"
	128	fi
	129
	130	# DMZ Holes
	131	if [ -d "/var/ipfire/dmzholes" ] \|\| [ -d "/var/ipfire/portfw" ]; then
	132	: > /var/ipfire/firewall/config
	133	chown nobody:nobody "/var/ipfire/firewall/config"
	134
	135	# Run converter
	136	convert-dmz
	137
	138	# Remove old configuration
	139	rm -rf "/var/ipfire/dmzholes"
	140	fi
	141
	142	# Port Forwardings
	143	if [ -d "/var/ipfire/portfw" ]; then
	144	# Run converter
	145	convert-portfw
	146
	147	# Remove old configuration
	148	rm -rf "/var/ipfire/portfw"
	149	fi
	150
f1d982cc SS	151	# Convert location
	152	convert-to-location
	153
c7b7a70d MT	154	# Reload firewall
	155	firewallctrl
	156
	157	# Convert old OpenVPN CCD files (CN change, Core Update 75)
	158	convert-ovpn
	159
8c273724 SS	160	# Snort to suricata converter.
	161	if [ -d "/var/ipfire/snort" ]; then
	162	# Run converter
	163	convert-snort
	164
	165	# Remove old configuration directory.
	166	rm -rf "/var/ipfire/snort"
	167	fi
	168
ecbf6676 MT	169	# Convert DNS settings
	170	convert-dns-settings
	171
6df8a22b AF	172	# move nobeeps if exist
	173	[ -e "/var/ipfire/ppp/nobeeps" ] && mv /var/ipfire/ppp/nobeeps /var/ipfire/red/nobeeps
	174
c7b7a70d	175	return 0
901a50cf	176	}
c7b7a70d MT	177
	178	find_logfiles() {
	179	local filelist=( /var/log/messages* /var/log/.log /var/log//.log )
	180
	181	echo "${filelist[@]}"
b90a7e56	182	}
c7b7a70d MT	183
	184	make_addon_backup() {
	185	local name="${1}"
	186	shift
	187
	188	if [ ! -f "/var/ipfire/backup/addons/includes/${name}" ]; then
	189	echo "${name} does not have any backup includes" >&2
	190	return 1
	191	fi
	192
	193	local filename="/var/ipfire/backup/addons/backup/${name}.ipf"
	194
	195	tar cvzf "${filename}" \
	196	$(process_includes "/var/ipfire/backup/addons/includes/${name}")
8e8bbd9d	197	}
c7b7a70d MT	198
	199	restore_addon_backup() {
	200	local name="${1}"
	201
	202	if [ -d "/tmp/${name}.ipf" ]; then
	203	mv "/tmp/${name}.ipf" "/var/ipfire/backup/addons/backup/${name}.ipf"
	204	fi
	205
	206	tar xvzpf "/var/ipfire/backup/addons/backup/${name}.ipf" -C /
a609bfb0	207	}
8e8bbd9d	208
c7b7a70d MT	209	main() {
	210	local command="${1}"
	211	shift
	212
c7b7a70d MT	213	case "${command}" in
c7b7a70d MT	214	include)
175f5c06 MT	215	local filename="${1}"
	216
	217	if [ -z "${filename}" ]; then
e5f3e039	218	filename="/var/ipfire/backup/${NOW}"
175f5c06 MT	219	fi
175f5c06 MT	220
c7b7a70d MT	221	make_backup "${filename}" $(find_logfiles)
	222	;;
	223
	224	exclude)
175f5c06 MT	225	local filename="${1}"
	226
	227	if [ -z "${filename}" ]; then
e5f3e039	228	filename="/var/ipfire/backup/${NOW}"
175f5c06 MT	229	fi
175f5c06 MT	230
c7b7a70d MT	231	make_backup "${filename}"
	232	;;
	233
	234	restore)
175f5c06 MT	235	local filename="${1}"
	236
	237	if [ -z "${filename}" ]; then
	238	filename="/tmp/restore.ipf"
	239	fi
	240
c7b7a70d MT	241	restore_backup "/tmp/restore.ipf"
	242	;;
	243
	244	addonbackup)
	245	make_addon_backup "$@"
	246	;;
cf29614f	247
c7b7a70d MT	248	restoreaddon)
	249	restore_addon_backup "${1/.ipf/}"
	250	;;
84578512	251
c7b7a70d	252	iso)
175f5c06 MT	253	# Desired backup filename
	254	local filename="/var/ipfire/backup/${NOW}.ipf"
	255
c7b7a70d MT	256	if make_backup "${filename}"; then
	257	/usr/local/bin/backupiso "${NOW}" &
	258	fi
	259	;;
	260
	261	makedirs)
	262	mkdir -p /var/ipfire/backup/addons/{backup,includes}
	263	;;
	264
4f10c0b3 MT	265	list)
	266	process_includes "/var/ipfire/backup/include" "/var/ipfire/backup/include.user"
	267	;;
	268
c7b7a70d MT	269	/var/ipfire/backup/.ipf\|/var/ipfire/backup/addons/backup/.ipf\|/var/tmp/backupiso/*.iso)
	270	unlink "${command}"
	271	;;
	272
	273	*)
	274	echo "${0}: [include\|exclude\|restore\|addonbackup <addon>\|restoreaddon <addon>\|iso]" >&2
	275	return 2
	276	;;
	277	esac
	278
	279	return $?
cf29614f	280	}
c7b7a70d MT	281
c7b7a70d MT	282	main "$@" \|\| exit $?