|
|
@@ -19,25 +19,23 @@
|
|
|
#| -Gzip |
|
|
|
#| -Bzip2 |
|
|
|
#| -XZ |
|
|
|
-#| -7zip |
|
|
|
#| and encrypted (or not). |
|
|
|
#| |
|
|
|
-#| USAGE: backup-server [options] -z|-j|-J|-7 backupdir |
|
|
|
+#| USAGE: backup-server [options] -z|-j|-J backupdir |
|
|
|
#| HELP: backup-server -h |
|
|
|
#| |
|
|
|
#| Guzmán Castanedo (guzman@castanedo.es) |
|
|
|
-#| Version 2.1 (May 2018) |
|
|
|
+#| Version 2.2 (May 2018) |
|
|
|
#| Licence: GPL v3.0 -> https://www.gnu.org/licenses/gpl-3.0.en.html |
|
|
|
#\###################################################################/
|
|
|
|
|
|
function usage {
|
|
|
- printf "%s Version 2.1\n" $(basename $0)
|
|
|
- printf "Usage: %s [options]... -z|-j|-J|-7 [backupdir]\n" $(basename $0)
|
|
|
+ printf "%s Version 2.2\n" $(basename $0)
|
|
|
+ printf "Usage: %s [options]... -z|-j|-J [backupdir]\n" $(basename $0)
|
|
|
printf "Make a encrypted backup of a server compressed with: \n"
|
|
|
printf "\t·Gzip (tar.gz or tar.gz.gpg)\n"
|
|
|
printf "\t·Bzip2 (tar.bz2 or tar.gz.gpg)\n"
|
|
|
printf "\t·XZ (tar.xz or tar.xz.gpg)\n"
|
|
|
- printf "\t·7Z (7z)\n"
|
|
|
printf "\n"
|
|
|
printf "Backup Directory:\n"
|
|
|
printf "\tbackupdir: argument to set to directory to save the backup\n"
|
|
|
@@ -63,7 +61,6 @@ function usage {
|
|
|
printf "\t-z, --gzip: compress using gzip (tar.gz or tar.gz.gpg)\n"
|
|
|
printf "\t-j, --bzip2: compress using bzip2 (tar.bz2 or tar.bz2.gpg)\n"
|
|
|
printf "\t-J, --xz: compress using xz (tar.xz or tar.xz.gpg)\n"
|
|
|
- printf "\t-7, --7zip: compress using 7z (7z)\n"
|
|
|
printf "\n"
|
|
|
printf "Encryption Options:\n"
|
|
|
printf "\t-k, --key-id ID: set gpg2 public key-id used for encryption\n"
|
|
|
@@ -71,8 +68,6 @@ function usage {
|
|
|
printf "\t\tDefault: %s\n" $keyID
|
|
|
printf "\t--no-encryption: disable the encryption of the backup\n"
|
|
|
printf "\t\tDefault: %s\n" $noEncryption
|
|
|
- printf "\t--7z-password password: set password (ONLY for 7z) (INSECURE)\n"
|
|
|
- printf "\t\tDefault: %s\n" $pass7z
|
|
|
printf "\n"
|
|
|
printf "Web Options:\n"
|
|
|
printf "\t--web-dir dir: set web pages directory to backup\n"
|
|
|
@@ -175,205 +170,14 @@ function usage {
|
|
|
printf "\t\tMake a backup in \"/var/backup\" compressed with XZ and encrypted with GPG2\n"
|
|
|
printf "\t\tPublic Key (\"backup-example.com-2018-03-19-a1b2c3.tar.xz.gpg\")\n"
|
|
|
printf "\t\tDisable SQL backup\n"
|
|
|
- printf "\t·%s -7 --7z-password 7zpass --sql-user root --sql-password toor /var/www/backup\n" $(basename $0)
|
|
|
- printf "\t\tMake a backup in \"/var/www/backup\" compressed with 7Zip and encrypted\n"
|
|
|
- printf "\t\t(\"backup-'hostname'-2018-03-19-abcdef.7z\")\n"
|
|
|
+ printf "\t·%s -j -k ABCDEFG --sql-user root --sql-password toor /var/www/backup\n" $(basename $0)
|
|
|
+ printf "\t\tMake a backup in \"/var/www/backup\" compressed with BZip2 and encrypted\n"
|
|
|
+ printf "\t\t(\"backup-'hostname'-2018-03-19-abcdef.tar.bz2.gpg\")\n"
|
|
|
printf "\t·%s -z --no-encryption --no-sql /var/backup\n" $(basename $0)
|
|
|
printf "\t\tMake a backup in \"/var/backup\" compressed with GZip and not encrypted\n"
|
|
|
printf "\t\t(\"backup-'hostname'-2018-03-19-qwerty.tar.gz\")\n"
|
|
|
}
|
|
|
|
|
|
-function makep7zip {
|
|
|
- #Destination file
|
|
|
- encrypt7z=""
|
|
|
- if [ ! -z $pass7z ];then
|
|
|
- encrypt7z="-p$pass7z -mhe"
|
|
|
- fi
|
|
|
- if [ $noEncryption = true ];then
|
|
|
- encrypt7z=""
|
|
|
- fi
|
|
|
- printf "Backup File:\t%s\n" $backupOutput
|
|
|
-
|
|
|
- #Copy webpages code (except backup and main/public)
|
|
|
- if [ $noWeb = false ];then
|
|
|
- printf "Compressing:\t%s\n" $webDir
|
|
|
- tempfile=$(mktemp -t exclude-XXX)
|
|
|
- echo "www/backup" > $tempfile
|
|
|
- echo "www/main/public" >> $tempfile
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $webDir -x@$tempfile > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying web pages (Continue).\n"
|
|
|
- fi
|
|
|
- rm $tempfile
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy MySQL databases (mysqldump)
|
|
|
- if [ $noSql = false ]; then
|
|
|
- list=$(mysql -u $mysqluser -p$mysqlpass -e "show DATABASES;")
|
|
|
- #Parse databases expect information_schema & performance_schema
|
|
|
- for database in $list; do
|
|
|
- valid=true
|
|
|
- for excep in Database information_schema performance_schema; do
|
|
|
- if [ $database = $excep ]; then
|
|
|
- valid=false
|
|
|
- break
|
|
|
- fi
|
|
|
- done
|
|
|
- if [ $valid = true ]; then
|
|
|
- printf "Compressing MySQL database:\t%s\n" $database.sql
|
|
|
- mysqldump -u $mysqluser -p$mysqlpass $database | 7z a -t7z -mx=9 $encrypt7z $backupOutput -simysql/$database.sql > /dev/null 2>&1
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError compressing database (%s) (Continue).\n" $database
|
|
|
- fi
|
|
|
- fi
|
|
|
- done
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy nginx configuration (sites-available)
|
|
|
- if [ $noNginx = false ];then
|
|
|
- printf "Compressing:\t%s\n" $nginxDir
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $nginxDir > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying nginx configuration (Continue)\n"
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy Email (this could be heavy in the future)
|
|
|
- if [ $noMail = false ];then
|
|
|
- printf "Compressing:\t%s\n" $mailDir
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $mailDir > /dev/null
|
|
|
- #tar -c -zf - $mailDir | 7z a -t7z -mx=9 -p$pass7z -mhe $backupOutput -simail.tar.gz > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying mailboxes (Continue)\n"
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy Certificates (LetsEncrypt)
|
|
|
- if [ $noLetsencrypt = false ];then
|
|
|
- printf "Compressing:\t%s\n" $letsencryptDir
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $letsencryptDir > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying Let's Encrypt certificates (Continue)\n"
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy /home
|
|
|
- if [ $noHome = false ];then
|
|
|
- printf "Compressing:\t%s\n" $homeDir
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $homeDir > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying home dir (Continue)\n"
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy GOGS
|
|
|
- if [ $noGogs = false ];then
|
|
|
- printf "Compressing:\t%s\n" $gogsDir
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $gogsDir > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying GOGS Repository (Continue)\n"
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy Postfix
|
|
|
- if [ $noPostfix = false ] && [ -d $postfixDir ];then
|
|
|
- printf "Compressing:\t%s\n" $postfixDir
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $postfixDir > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying Postfix configuration (Continue)\n"
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy Dovecot
|
|
|
- if [ $noDovecot = false ];then
|
|
|
- printf "Compressing:\t%s\n" $dovecotDir
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $dovecotDir > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying Dovecot configuration (Continue)\n"
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy OpenDKIM
|
|
|
- if [ $noOpenDKIM = false ];then
|
|
|
- if [ -f $openDKIMConf ];then
|
|
|
- printf "Compressing:\t%s\n" $openDKIMConf
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $openDKIMConf > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying OpenDKIM configuration (Continue)\n"
|
|
|
- fi
|
|
|
- else
|
|
|
- printf "WARNING:\tFile %s not exist\n" $openDKIMConf
|
|
|
- fi
|
|
|
- if [ -f $openDKIMDefault ];then
|
|
|
- printf "Compressing:\t%s\n" $openDKIMDefault
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $openDKIMDefault > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying OpenDKIM sockets configuration (Continue)\n"
|
|
|
- fi
|
|
|
- else
|
|
|
- printf "WARNING:\tFile %s not exist\n" $openDKIMDefault
|
|
|
- fi
|
|
|
- if [ -d $openDKIMKeys ];then
|
|
|
- printf "Compressing:\t%s\n" $openDKIMKeys
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $openDKIMKeys > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying OpenDKIM keys (Continue)\n"
|
|
|
- fi
|
|
|
- else
|
|
|
- printf "WARNING:\tDir %s not exist\n" $openDKIMKeys
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy SPF
|
|
|
- if [ $noSPF = false ];then
|
|
|
- printf "Compressing:\t%s\n" $spfDir
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $spfDir > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying Postfix configuration (Continue)\n"
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy OpenDMARC
|
|
|
- if [ $noOpenDMARC = false ];then
|
|
|
- if [ -f $openDMARCConf ];then
|
|
|
- printf "Compressing:\t%s\n" $openDMARCConf
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $openDMARCConf > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying OpenDMARC configuration (Continue)\n"
|
|
|
- fi
|
|
|
- else
|
|
|
- printf "WARNING:\tFile %s not exist\n" $openDMARCConf
|
|
|
- fi
|
|
|
- if [ -f $openDMARCDefault ];then
|
|
|
- printf "Compressing:\t%s\n" $openDMARCDefault
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $openDMARCDefault > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying OpenDMARC sockets configuration (Continue)\n"
|
|
|
- fi
|
|
|
- else
|
|
|
- printf "WARNING:\tFile %s not exist\n" $openDMARCDefault
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy Amavis
|
|
|
- if [ $noAmavis = false ];then
|
|
|
- printf "Compressing:\t%s\n" $amavisDir
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $amavisDir > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying Amavis configuration (Continue)\n"
|
|
|
- fi
|
|
|
- fi
|
|
|
-
|
|
|
- #Copy SPAMAssassin
|
|
|
- if [ $noSpamAssassin = false ];then
|
|
|
- printf "Compressing:\t%s\n" $spamAssassinDir
|
|
|
- 7z a -t7z -mx=9 $encrypt7z $backupOutput $spamAssassinDir > /dev/null
|
|
|
- if [ $? != 0 ];then
|
|
|
- printf "WARNING:\tError copying SPAM Assasin configuration (Continue)\n"
|
|
|
- fi
|
|
|
- fi
|
|
|
-}
|
|
|
-
|
|
|
function makeTar {
|
|
|
#Destination file
|
|
|
printf "Backup File:\t%s\n" $backupOutput
|
|
|
@@ -714,7 +518,7 @@ function checkRoutes {
|
|
|
}
|
|
|
|
|
|
function checkMethod {
|
|
|
- if [ $gzipOn = false ] && [ $bzip2On = false ] && [ $xzOn = false ] && [ $p7zipOn = false ];then
|
|
|
+ if [ $gzipOn = false ] && [ $bzip2On = false ] && [ $xzOn = false ];then
|
|
|
printf "ERROR:\tCompressing method not set\n"
|
|
|
exit 1
|
|
|
fi
|
|
|
@@ -736,11 +540,6 @@ function checkMethod {
|
|
|
noEncryption=true
|
|
|
fi
|
|
|
fi
|
|
|
- else
|
|
|
- if [ -z $pass7z ];then
|
|
|
- printf "WARNING:\t7Z password (--7z-password) not set: continue without encryption (type \"%s -h\" for help)\n" $(basename $0)
|
|
|
- noEncryption=true
|
|
|
- fi
|
|
|
fi
|
|
|
fi
|
|
|
}
|
|
|
@@ -769,8 +568,7 @@ fi
|
|
|
mysqluser="root"
|
|
|
mysqlpass=""
|
|
|
keyID=""
|
|
|
-pass7z=""
|
|
|
-backupDir=/var/www/backup
|
|
|
+backupDir=/var/backup
|
|
|
backupPrefix="backup-"$(hostname)
|
|
|
backupPostfix=-$(date +"%Y-%m-%d")-$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 6 | head -n 1)
|
|
|
deleteDays="15"
|
|
|
@@ -800,7 +598,6 @@ noEncryption=false
|
|
|
gzipOn=false
|
|
|
bzip2On=false
|
|
|
xzOn=false
|
|
|
-p7zipOn=false
|
|
|
ext=""
|
|
|
permisionMask=640
|
|
|
removeOld=true
|
|
|
@@ -821,7 +618,7 @@ noSpamAssassin=false
|
|
|
sha512=true
|
|
|
|
|
|
#Parse args
|
|
|
-TEMP=$(getopt -q -o zjJ7p:u:g:k:h --longoptions gzip,bzip2,xz,7zip,prefix:,postfix:,no-remove,remove-days:,user:,group:,permision-mask:,key-id:,no-encryption,7z-password:,web-dir:,no-web,no-sql,sql-user:,sql-password:,nginx-dir:,no-nginx,letsencrypt-dir:,no-letsencrypt,mail-dir:,no-mail,home-dir:,no-home,gogs-dir:,no-gogs,postfix-dir:,no-postfix,dovecot-dir:,no-dovecot,opendkim-conf:,opendkim-default:,opendkim-keys:,no-opendkim,spf-dir:,no-spf,opendmarc-conf:,opendmarc-default:,no-opendmarc,amavis-dir:,no-amavis,spamassassin-dir:,no-spamassassin,no-sha512,help --name $(basename $0) -- $@)
|
|
|
+TEMP=$(getopt -q -o zjJp:u:g:k:h --longoptions gzip,bzip2,xz,prefix:,postfix:,no-remove,remove-days:,user:,group:,permision-mask:,key-id:,no-encryption,web-dir:,no-web,no-sql,sql-user:,sql-password:,nginx-dir:,no-nginx,letsencrypt-dir:,no-letsencrypt,mail-dir:,no-mail,home-dir:,no-home,gogs-dir:,no-gogs,postfix-dir:,no-postfix,dovecot-dir:,no-dovecot,opendkim-conf:,opendkim-default:,opendkim-keys:,no-opendkim,spf-dir:,no-spf,opendmarc-conf:,opendmarc-default:,no-opendmarc,amavis-dir:,no-amavis,spamassassin-dir:,no-spamassassin,no-sha512,help --name $(basename $0) -- $@)
|
|
|
eval set -- $TEMP
|
|
|
unset TEMP
|
|
|
while true; do
|
|
|
@@ -829,7 +626,7 @@ while true; do
|
|
|
-z|--gzip)
|
|
|
gzipOn=true
|
|
|
ext=".tar.gz"
|
|
|
- if [ $bzip2On = true ] || [ $xzOn = true ] || [ $p7zipOn = true ];then
|
|
|
+ if [ $bzip2On = true ] || [ $xzOn = true ];then
|
|
|
printf "ERROR:\tOnly choose one compressing method\n"
|
|
|
exit 1
|
|
|
fi
|
|
|
@@ -842,7 +639,7 @@ while true; do
|
|
|
-j|--bzip2)
|
|
|
bzip2On=true
|
|
|
ext=".tar.bz2"
|
|
|
- if [ $gzipOn = true ] || [ $xzOn = true ] || [ $p7zipOn = true ];then
|
|
|
+ if [ $gzipOn = true ] || [ $xzOn = true ];then
|
|
|
printf "ERROR:\tOnly choose one compressing method\n"
|
|
|
exit 1
|
|
|
fi
|
|
|
@@ -855,7 +652,7 @@ while true; do
|
|
|
-J|--xz)
|
|
|
xzOn=true
|
|
|
ext=".tar.xz"
|
|
|
- if [ $gzipOn = true ] || [ $bzip2On = true ] || [ $p7zipOn = true ];then
|
|
|
+ if [ $gzipOn = true ] || [ $bzip2On = true ];then
|
|
|
printf "ERROR:\tOnly choose one compressing method\n"
|
|
|
exit 1
|
|
|
fi
|
|
|
@@ -865,19 +662,6 @@ while true; do
|
|
|
fi
|
|
|
shift
|
|
|
;;
|
|
|
- -7|--7zip)
|
|
|
- p7zipOn=true
|
|
|
- ext=".7z"
|
|
|
- if [ $gzipOn = true ] || [ $bzip2On = true ] || [ $xzOn = true ];then
|
|
|
- printf "ERROR:\tOnly choose one compressing method\n"
|
|
|
- exit 1
|
|
|
- fi
|
|
|
- if [ ! -x $(which 7z) ];then
|
|
|
- printf "ERROR:\t7Z Not Installed\n"
|
|
|
- exit 1
|
|
|
- fi
|
|
|
- shift
|
|
|
- ;;
|
|
|
-p|--prefix)
|
|
|
backupPrefix=$2
|
|
|
shift 2
|
|
|
@@ -931,10 +715,6 @@ while true; do
|
|
|
noEncryption=true
|
|
|
shift
|
|
|
;;
|
|
|
- --7z-password)
|
|
|
- pass7z=$2
|
|
|
- shift 2
|
|
|
- ;;
|
|
|
--web-dir)
|
|
|
webDir=$2
|
|
|
shift 2
|
|
|
@@ -1101,23 +881,15 @@ checkRoutes
|
|
|
checkMethod
|
|
|
checkSqlAuth
|
|
|
|
|
|
-#make tar file or 7z
|
|
|
+#make tar file
|
|
|
backupOutput=$backupOutput$ext
|
|
|
-if [ $p7zipOn = true ];then
|
|
|
- if [ ! -x $(which 7z) ];then
|
|
|
- printf "ERROR:\tp7zip Not Installed\n"
|
|
|
- exit 1
|
|
|
- fi
|
|
|
- makep7zip
|
|
|
-else
|
|
|
- if [ ! -x $(which tar) ];then
|
|
|
- printf "ERROR:\tTAR Not Installed\n"
|
|
|
- exit 1
|
|
|
- fi
|
|
|
- makeTar
|
|
|
+if [ ! -x $(which tar) ];then
|
|
|
+ printf "ERROR:\tTAR Not Installed\n"
|
|
|
+ exit 1
|
|
|
fi
|
|
|
+makeTar
|
|
|
|
|
|
-#Compression and encryption (Except 7Zip -> Already done)
|
|
|
+#Compression and encryption
|
|
|
if [ $gzipOn = true ];then
|
|
|
if [ $noEncryption = true ];then
|
|
|
gzUnencrypted
|
|
|
@@ -1130,18 +902,12 @@ elif [ $bzip2On = true ];then
|
|
|
else
|
|
|
bz2Encrypted
|
|
|
fi
|
|
|
-elif [ $xzOn = true ];then
|
|
|
+else
|
|
|
if [ $noEncryption = true ];then
|
|
|
xzUnencrypted
|
|
|
else
|
|
|
xzEncrypted
|
|
|
fi
|
|
|
-else
|
|
|
- if [ $p7zipOn = false ];then
|
|
|
- printf "ERROR:\tCompression method not set\n"
|
|
|
- rm $tempOutput
|
|
|
- exit 1
|
|
|
- fi
|
|
|
fi
|
|
|
|
|
|
#Make SHA512
|
