]> git.ipfire.org Git - ipfire-2.x.git/blob - config/backup/backup.pl
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
backup.pl: Include logwatch summary into backups as well
[ipfire-2.x.git] / config / backup / backup.pl
1 #!/bin/bash
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 shopt -s nullglob
23
24 NOW="$(date "+%Y-%m-%d-%H:%M")"
25
26 list_addons() {
27 local file
28 for file in /var/ipfire/backup/addons/includes/*; do
29 if [ -f "${file}" ]; then
30 basename "${file}"
31 fi
32 done
33
34 return 0
35 }
36
37 process_includes() {
38 local include
39 for include in $@; do
40 local file
41 while read -r file; do
42 # Skip any empty line (which will include /)
43 [ -n "${file}" ] || continue
44
45 for file in /${file}; do
46 if [ -e "${file}" ]; then
47 echo "${file}"
48 fi
49 done
50 done < "${include}"
51 done | sort -u
52 }
53
54 make_backup() {
55 local filename="${1}"
56 shift
57
58 # Backup all addons first
59 local addon
60 for addon in $(list_addons); do
61 make_addon_backup "${addon}"
62 done
63
64 # Backup using global exclude/include definitions
65 tar cvfz "${filename}" -C / \
66 --exclude-from="/var/ipfire/backup/exclude" \
67 --exclude-from="/var/ipfire/backup/exclude.user" \
68 $(process_includes "/var/ipfire/backup/include") \
69 $(process_includes "/var/ipfire/backup/include.user") \
70 "$@"
71
72 return 0
73 }
74
75 restore_backup() {
76 local filename="${1}"
77
78 # Extract backup
79 if ! tar xvzpf "${filename}" -C / \
80 --exclude-from="/var/ipfire/backup/exclude" \
81 --exclude-from="/var/ipfire/backup/exclude.user"; then
82 echo "Could not extract backup" >&2
83 return 1
84 fi
85
86 # Restart syslogd, httpd and suricata in case we've just loaded old logs
87 apachectl -k graceful
88 /bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null
89 /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null
90
91 # remove wrong vnstat tag file
92 rm -f /var/log/vnstat/tag
93
94 # create dhcpcd user
95 groupadd -g 52 dhcpcd
96 useradd -c 'dhcpcd privsep user' \
97 -d /run/dhcpcd/chroot \
98 -g dhcpcd \
99 -s /bin/false \
100 -u 52 dhcpcd
101
102 # Run converters
103
104 # Outgoing Firewall
105 if [ -d "/var/ipfire/outgoing" ]; then
106 # Reset files
107 local file
108 for file in /var/ipfire/firewall/{config,outgoing} \
109 /var/ipfire/fwhosts/custom{hosts,groups,networks}; do
110 : > "${file}"
111 chown nobody:nobody "${file}"
112 done
113
114 # Run converter
115 convert-outgoingfw
116
117 # Remove old configuration
118 rm -rf "/var/ipfire/outgoing"
119 fi
120
121 # External Access
122 if [ -d "/var/ipfire/xtaccess" ]; then
123 : > /var/ipfire/firewall/config
124 chown nobody:nobody "/var/ipfire/firewall/config"
125
126 # Run converter
127 convert-xtaccess
128
129 # Remove old configuration
130 rm -rf "/var/ipfire/xtaccess"
131 fi
132
133 # DMZ Holes
134 if [ -d "/var/ipfire/dmzholes" ] || [ -d "/var/ipfire/portfw" ]; then
135 : > /var/ipfire/firewall/config
136 chown nobody:nobody "/var/ipfire/firewall/config"
137
138 # Run converter
139 convert-dmz
140
141 # Remove old configuration
142 rm -rf "/var/ipfire/dmzholes"
143 fi
144
145 # Port Forwardings
146 if [ -d "/var/ipfire/portfw" ]; then
147 # Run converter
148 convert-portfw
149
150 # Remove old configuration
151 rm -rf "/var/ipfire/portfw"
152 fi
153
154 # Convert location
155 convert-to-location
156
157 # Reload firewall
158 firewallctrl
159
160 # Convert old OpenVPN CCD files (CN change, Core Update 75)
161 convert-ovpn
162
163 # Snort to suricata converter.
164 if [ -d "/var/ipfire/snort" ]; then
165 # Run converter
166 convert-snort
167
168 # Remove old configuration directory.
169 rm -rf "/var/ipfire/snort"
170 fi
171
172 # IDS multiple providers converter.
173 if [ -e "/var/ipfire/suricata/rules-settings" ]; then
174 # Run the converter
175 convert-ids-multiple-providers
176 fi
177
178 # IDS backend converter.
179 if [ -e "/var/ipfire/suricata/oinkmaster.conf" ]; then
180 # Run the converter
181 convert-ids-backend-files
182 fi
183
184 # Convert DNS settings
185 convert-dns-settings
186
187 # move nobeeps if exist
188 [ -e "/var/ipfire/ppp/nobeeps" ] && mv /var/ipfire/ppp/nobeeps /var/ipfire/red/nobeeps
189
190 return 0
191 }
192
193 find_logfiles() {
194 local filelist=( /var/log/logwatch/* /var/log/messages* /var/log/*.log /var/log/**/*.log )
195
196 echo "${filelist[@]}"
197 }
198
199 make_addon_backup() {
200 local name="${1}"
201 shift
202
203 if [ ! -f "/var/ipfire/backup/addons/includes/${name}" ]; then
204 echo "${name} does not have any backup includes" >&2
205 return 1
206 fi
207
208 local filename="/var/ipfire/backup/addons/backup/${name}.ipf"
209
210 tar cvzf "${filename}" \
211 $(process_includes "/var/ipfire/backup/addons/includes/${name}")
212 }
213
214 restore_addon_backup() {
215 local name="${1}"
216
217 if [ -d "/tmp/${name}.ipf" ]; then
218 mv "/tmp/${name}.ipf" "/var/ipfire/backup/addons/backup/${name}.ipf"
219 fi
220
221 # Extract backup
222 if ! tar xvzpf "/var/ipfire/backup/addons/backup/${name}.ipf" -C /; then
223 echo "Could not extract backup" >&2
224 return 1
225 fi
226 }
227
228 main() {
229 local command="${1}"
230 shift
231
232 case "${command}" in
233 include)
234 local filename="${1}"
235
236 if [ -z "${filename}" ]; then
237 filename="/var/ipfire/backup/${NOW}.ipf"
238 fi
239
240 make_backup "${filename}" $(find_logfiles)
241 ;;
242
243 exclude)
244 local filename="${1}"
245
246 if [ -z "${filename}" ]; then
247 filename="/var/ipfire/backup/${NOW}.ipf"
248 fi
249
250 make_backup "${filename}"
251 ;;
252
253 restore)
254 local filename="${1}"
255
256 if [ -z "${filename}" ]; then
257 filename="/tmp/restore.ipf"
258 fi
259
260 restore_backup "${filename}"
261 ;;
262
263 addonbackup)
264 make_addon_backup "$@"
265 ;;
266
267 restoreaddon)
268 restore_addon_backup "${1/.ipf/}"
269 ;;
270
271 iso)
272 # Desired backup filename
273 local filename="/var/ipfire/backup/${NOW}.ipf"
274
275 if make_backup "${filename}"; then
276 /usr/local/bin/backupiso "${NOW}"
277 fi
278 ;;
279
280 makedirs)
281 mkdir -p /var/ipfire/backup/addons/{backup,includes}
282 ;;
283
284 list)
285 process_includes "/var/ipfire/backup/include" "/var/ipfire/backup/include.user"
286 ;;
287
288 /var/ipfire/backup/*.ipf|/var/ipfire/backup/addons/backup/*.ipf|/var/tmp/backupiso/*.iso)
289 unlink "${command}"
290 ;;
291
292 *)
293 echo "${0}: [include|exclude|restore|addonbackup <addon>|restoreaddon <addon>|iso]" >&2
294 return 2
295 ;;
296 esac
297
298 return $?
299 }
300
301 main "$@" || exit $?
IPFire 2.x development tree