]>
Commit | Line | Data |
---|---|---|
c7b7a70d | 1 | #!/bin/bash |
70df8302 MT |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
2b4593b2 | 5 | # Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> # |
70df8302 MT |
6 | # # |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
cf29614f | 21 | |
c7b7a70d MT |
22 | NOW="$(date "+%Y-%m-%d-%H:%M")" |
23 | ||
24 | list_addons() { | |
25 | local file | |
26 | for file in /var/ipfire/backup/addons/includes/*; do | |
27 | if [ -f "${file}" ]; then | |
28 | basename "${file}" | |
29 | fi | |
30 | done | |
31 | ||
32 | return 0 | |
8e8bbd9d | 33 | } |
c7b7a70d MT |
34 | |
35 | process_includes() { | |
36 | local include | |
37 | ||
38 | for include in $@; do | |
39 | local file | |
40 | while read -r file; do | |
4f10c0b3 | 41 | for file in ${file}; do |
c7e0d73e | 42 | if [ -e "/${file}" ]; then |
c7b7a70d MT |
43 | echo "${file}" |
44 | fi | |
4f10c0b3 | 45 | done |
c7b7a70d MT |
46 | done < "${include}" |
47 | done | sort -u | |
5ad5a6bc | 48 | } |
c7b7a70d MT |
49 | |
50 | make_backup() { | |
51 | local filename="${1}" | |
52 | shift | |
53 | ||
54 | # Backup all addons first | |
55 | local addon | |
56 | for addon in $(list_addons); do | |
57 | make_addon_backup "${addon}" | |
58 | done | |
59 | ||
e5f3e039 | 60 | # Backup using global exclude/include definitions |
c7e0d73e | 61 | tar cvfz "${filename}" -C / \ |
c7b7a70d MT |
62 | --exclude-from="/var/ipfire/backup/exclude" \ |
63 | --exclude-from="/var/ipfire/backup/exclude.user" \ | |
51ed815f | 64 | $(process_includes "/var/ipfire/backup/include") \ |
e5f3e039 | 65 | $(process_includes "/var/ipfire/backup/include.user") \ |
c7b7a70d MT |
66 | "$@" |
67 | ||
68 | return 0 | |
cf29614f | 69 | } |
c7b7a70d MT |
70 | |
71 | restore_backup() { | |
72 | local filename="${1}" | |
73 | ||
fc717041 | 74 | # Extract backup |
3f8e70f6 MT |
75 | if ! tar xvzpf "${filename}" -C / \ |
76 | --exclude-from="/var/ipfire/backup/exclude" \ | |
77 | --exclude-from="/var/ipfire/backup/exclude.user"; then | |
fc717041 MT |
78 | echo "Could not extract backup" >&2 |
79 | return 1 | |
80 | fi | |
c7b7a70d | 81 | |
28797d48 TF |
82 | # Restart syslogd, httpd and suricata in case we've just loaded old logs |
83 | apachectl -k graceful | |
84 | /bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null | |
85 | /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null | |
86 | ||
5562f26f AF |
87 | # remove wrong vnstat tag file |
88 | rm -f /var/log/vnstat/tag | |
89 | ||
34b7b986 AF |
90 | # create dhcpcd user |
91 | groupadd -g 52 dhcpcd | |
92 | useradd -c 'dhcpcd privsep user' \ | |
93 | -d /run/dhcpcd/chroot \ | |
94 | -g dhcpcd \ | |
95 | -s /bin/false \ | |
96 | -u 52 dhcpcd | |
97 | ||
c7b7a70d MT |
98 | # Run converters |
99 | ||
100 | # Outgoing Firewall | |
101 | if [ -d "/var/ipfire/outgoing" ]; then | |
102 | # Reset files | |
103 | local file | |
104 | for file in /var/ipfire/firewall/{config,outgoing} \ | |
105 | /var/ipfire/fwhosts/custom{hosts,groups,networks}; do | |
106 | : > "${file}" | |
107 | chown nobody:nobody "${file}" | |
108 | done | |
109 | ||
110 | # Run converter | |
111 | convert-outgoingfw | |
112 | ||
113 | # Remove old configuration | |
114 | rm -rf "/var/ipfire/outgoing" | |
115 | fi | |
116 | ||
117 | # External Access | |
118 | if [ -d "/var/ipfire/xtaccess" ]; then | |
119 | : > /var/ipfire/firewall/config | |
120 | chown nobody:nobody "/var/ipfire/firewall/config" | |
121 | ||
122 | # Run converter | |
123 | convert-xtaccess | |
124 | ||
125 | # Remove old configuration | |
126 | rm -rf "/var/ipfire/xtaccess" | |
127 | fi | |
128 | ||
129 | # DMZ Holes | |
130 | if [ -d "/var/ipfire/dmzholes" ] || [ -d "/var/ipfire/portfw" ]; then | |
131 | : > /var/ipfire/firewall/config | |
132 | chown nobody:nobody "/var/ipfire/firewall/config" | |
133 | ||
134 | # Run converter | |
135 | convert-dmz | |
136 | ||
137 | # Remove old configuration | |
138 | rm -rf "/var/ipfire/dmzholes" | |
139 | fi | |
140 | ||
141 | # Port Forwardings | |
142 | if [ -d "/var/ipfire/portfw" ]; then | |
143 | # Run converter | |
144 | convert-portfw | |
145 | ||
146 | # Remove old configuration | |
147 | rm -rf "/var/ipfire/portfw" | |
148 | fi | |
149 | ||
f1d982cc SS |
150 | # Convert location |
151 | convert-to-location | |
152 | ||
c7b7a70d MT |
153 | # Reload firewall |
154 | firewallctrl | |
155 | ||
156 | # Convert old OpenVPN CCD files (CN change, Core Update 75) | |
157 | convert-ovpn | |
158 | ||
8c273724 SS |
159 | # Snort to suricata converter. |
160 | if [ -d "/var/ipfire/snort" ]; then | |
161 | # Run converter | |
162 | convert-snort | |
163 | ||
164 | # Remove old configuration directory. | |
165 | rm -rf "/var/ipfire/snort" | |
166 | fi | |
167 | ||
4aa1382e SS |
168 | # IDS multiple providers converter. |
169 | if [ -e "/var/ipfire/suricata/rules-settings" ]; then | |
170 | # Run the converter | |
171 | convert-ids-multiple-providers | |
172 | fi | |
173 | ||
ecbf6676 MT |
174 | # Convert DNS settings |
175 | convert-dns-settings | |
176 | ||
6df8a22b AF |
177 | # move nobeeps if exist |
178 | [ -e "/var/ipfire/ppp/nobeeps" ] && mv /var/ipfire/ppp/nobeeps /var/ipfire/red/nobeeps | |
179 | ||
c7b7a70d | 180 | return 0 |
901a50cf | 181 | } |
c7b7a70d MT |
182 | |
183 | find_logfiles() { | |
184 | local filelist=( /var/log/messages* /var/log/*.log /var/log/**/*.log ) | |
185 | ||
186 | echo "${filelist[@]}" | |
b90a7e56 | 187 | } |
c7b7a70d MT |
188 | |
189 | make_addon_backup() { | |
190 | local name="${1}" | |
191 | shift | |
192 | ||
193 | if [ ! -f "/var/ipfire/backup/addons/includes/${name}" ]; then | |
194 | echo "${name} does not have any backup includes" >&2 | |
195 | return 1 | |
196 | fi | |
197 | ||
198 | local filename="/var/ipfire/backup/addons/backup/${name}.ipf" | |
199 | ||
200 | tar cvzf "${filename}" \ | |
201 | $(process_includes "/var/ipfire/backup/addons/includes/${name}") | |
8e8bbd9d | 202 | } |
c7b7a70d MT |
203 | |
204 | restore_addon_backup() { | |
205 | local name="${1}" | |
206 | ||
207 | if [ -d "/tmp/${name}.ipf" ]; then | |
208 | mv "/tmp/${name}.ipf" "/var/ipfire/backup/addons/backup/${name}.ipf" | |
209 | fi | |
210 | ||
fc717041 MT |
211 | # Extract backup |
212 | if ! tar xvzpf "/var/ipfire/backup/addons/backup/${name}.ipf" -C /; then | |
213 | echo "Could not extract backup" >&2 | |
214 | return 1 | |
215 | fi | |
a609bfb0 | 216 | } |
8e8bbd9d | 217 | |
c7b7a70d MT |
218 | main() { |
219 | local command="${1}" | |
220 | shift | |
221 | ||
c7b7a70d MT |
222 | case "${command}" in |
223 | include) | |
175f5c06 MT |
224 | local filename="${1}" |
225 | ||
226 | if [ -z "${filename}" ]; then | |
51ed815f | 227 | filename="/var/ipfire/backup/${NOW}.ipf" |
175f5c06 MT |
228 | fi |
229 | ||
c7b7a70d MT |
230 | make_backup "${filename}" $(find_logfiles) |
231 | ;; | |
232 | ||
233 | exclude) | |
175f5c06 MT |
234 | local filename="${1}" |
235 | ||
236 | if [ -z "${filename}" ]; then | |
51ed815f | 237 | filename="/var/ipfire/backup/${NOW}.ipf" |
175f5c06 MT |
238 | fi |
239 | ||
c7b7a70d MT |
240 | make_backup "${filename}" |
241 | ;; | |
242 | ||
243 | restore) | |
175f5c06 MT |
244 | local filename="${1}" |
245 | ||
246 | if [ -z "${filename}" ]; then | |
247 | filename="/tmp/restore.ipf" | |
248 | fi | |
249 | ||
d9db9160 | 250 | restore_backup "${filename}" |
c7b7a70d MT |
251 | ;; |
252 | ||
253 | addonbackup) | |
254 | make_addon_backup "$@" | |
255 | ;; | |
cf29614f | 256 | |
c7b7a70d MT |
257 | restoreaddon) |
258 | restore_addon_backup "${1/.ipf/}" | |
259 | ;; | |
84578512 | 260 | |
c7b7a70d | 261 | iso) |
175f5c06 MT |
262 | # Desired backup filename |
263 | local filename="/var/ipfire/backup/${NOW}.ipf" | |
264 | ||
c7b7a70d | 265 | if make_backup "${filename}"; then |
45a5df5a | 266 | /usr/local/bin/backupiso "${NOW}" |
c7b7a70d MT |
267 | fi |
268 | ;; | |
269 | ||
270 | makedirs) | |
271 | mkdir -p /var/ipfire/backup/addons/{backup,includes} | |
272 | ;; | |
273 | ||
4f10c0b3 MT |
274 | list) |
275 | process_includes "/var/ipfire/backup/include" "/var/ipfire/backup/include.user" | |
276 | ;; | |
277 | ||
c7b7a70d MT |
278 | /var/ipfire/backup/*.ipf|/var/ipfire/backup/addons/backup/*.ipf|/var/tmp/backupiso/*.iso) |
279 | unlink "${command}" | |
280 | ;; | |
281 | ||
282 | *) | |
283 | echo "${0}: [include|exclude|restore|addonbackup <addon>|restoreaddon <addon>|iso]" >&2 | |
284 | return 2 | |
285 | ;; | |
286 | esac | |
287 | ||
288 | return $? | |
cf29614f | 289 | } |
c7b7a70d MT |
290 | |
291 | main "$@" || exit $? |