#!/bin/sh # Last Update: sb, 30.01.05 # /secure/backup_configs # # FUNCTION: Create a small compress tarfile back of essential configuration # files on local and remote systems. Specific files lists for # Solaris, RedHat and OpenBSD are provided. # Results are reported via an email, with a one line summary to # syslog. # # 30.Jan.05 Sean Boran: reveiew & update # 16.Feb.04 Sean Boran: add pf.conf for BSD, root cron, static_routes6 # 02.Feb.02 Sean Boran: add config file secure.conf # 24.Nov.01 Sean Boran # First version with nice formatting and tested on several sites # Add suse support # ############################# ## Debug #set -x DEBUG='0'; VERBOSE='1'; ## Environment umask 077; # no group or world access # Path: put /usr/local first since on Solaris we'll hopefully find # GNU tar there, which strips leading "/". PATH=/opt/OBSDssh/bin:/usr/local/bin:/bin:/sbin:/opt/openssh/bin:/opt/sec/bin # Hosts lists (with an ssh trust to each of them) #sol_targets="solaris_ser1 solaris_ser2 sun3 sun4"; #rh7_targets="linux1 linux2 linux3" #suse_targets="linux4 linux5" #openbsd_targets="bsd1 bsd2 " ## read in settings from config file config="/secure/secure.conf" group=`uname -n` tool="backup_configs" work=` awk -F: '{if ($1==g && $2==t) print $3}' g=$group t=$tool $config` admin=` awk -F: '{if ($1==g && $2==t) print $4}' g=$group t=$tool $config` sol_targets=` awk -F: '{if ($1==g && $2==t) print $5}' g=$group t=$tool $config` rh7_targets=` awk -F: '{if ($1==g && $2==t) print $6}' g=$group t=$tool $config` suse_targets=`awk -F: '{if ($1==g && $2==t) print $7}' g=$group t=$tool $config` openbsd_targets=`awk -F: '{if ($1==g && $2==t) print $8}' g=$group t=$tool $config` subject="$group backup of configurations"; ## ##### File lists ######### ## My own specials my_files="/etc/mods /etc/rc2.d/S99static_routes6 /etc/rc2.d/S99static_routes /etc/saveit.conf /etc/skip/acl.le0 /etc/skip/acl.hme0 /etc/skip/acl.eri0 /opt/snort/bin /opt/snort/etc /opt/snort/CVS /opt/snort/config /srv/www/htdocs /etc/RCS"; ## Common Unix files/directories com_files="$my_files /etc/resolv.conf /etc/nsswitch.conf /etc/syslog.conf /etc/passwd /etc/group /etc/hosts.allow /etc/hosts.deny /etc/shells /etc/ftpusers /etc/inet /etc/mail /etc/init.d /etc/my.cnf /etc/inputrc /root/.fetchmailrc" #*Note* you want to avoid backing up /etc/shadow if all systems are not # administered by the same person and are of the same security # classification. Comment out the Follow to disable com_files="$com_files /etc/shadow" ## DNS com_files="$com_files /etc/named.conf /usr/local/etc/named.conf /var/named /home/dns/etc /home/dns/var/named /home/named/etc /home/named/var/named" ## HTTP com_files="$com_files /usr/local/apache/conf/httpd.conf /opt/apache/conf/httpd.conf /etc/httpd/conf/httpd.conf /etc/apache/httpd.conf /var/www/conf/httpd.conf /etc/apache /etc/apache2" ## SSH com_files="$com_files /root/.shosts /.ssh /root/.ssh /.shosts /etc/sshd_config /etc/ssh_config /etc/ssh_known_hosts /etc/ssh/ssh_known_hosts /etc/ssh/sshd_config /etc/ssh/ssh_config " ## Environment com_files="$com_files /root/.profile /root/.bashrc /etc/bashrc /etc/profile /etc/profile.local /.cshrc /.profile /root/.fetchmailrc " ## Postfix com_files="$com_files /etc/postfix/master.cf /etc/postfix/main.cf /etc/postfix/header_checks /etc/postfix/canonical /etc/postfix/aliases /etc/postfix/relocated /etc/postfix/sender_access /etc/postfix/transport /etc/postfix/virtual /etc/postfix/regexp_table /etc/postfix/recipient_access /usr/local/postfix/etc" # Solaris only sol_files="$com_files /etc/defaultrouter /etc/vfstab /etc/dfstab /etc/default /etc/nodename /var/spool/cron/crontabs/root" # Red Hat only rh7_files="$com_files /etc/hosts /etc/inetd.conf /etc/fstab /etc/exports /etc/xinetd.conf /etc/security /etc/xinetd.d /etc/rc.d/rc.local /etc/rc.d/rc.sysinit /etc/sysconfig /etc/cron.d /etc/crontab /etc/cron.daily /etc/cron.weekly /etc/cron.monthly /etc/cron.hourly" # SuSe only suse_files="$com_files /etc/hosts /etc/inetd.conf /etc/fstab /etc/exports /etc/xinetd.conf /etc/xinetd.d /etc/rc.config.d /etc/rc.config /var/spool/cron/tabs/root /etc/sysconfig /etc/cron.d /etc/crontab /etc/cron.daily /etc/cron.weekly /etc/cron.monthly /etc/cron.hourly /etc/HOSTNAME" # OpenBSD& FreeBSD only openbsd_files="$com_files /etc/hosts /etc/inetd.conf /root/.cshrc /root/.profile /etc/fstab /etc/exports /etc/security /etc/rc.local /etc/rc /etc/rc.conf /etc/pf.conf" ####### End File lists ######## ## don't normally need to change these ssh="ssh -q -x"; scp="scp -q "; f=/secure/tmp/backup_config.$$ e=/secure/tmp/backup_errs.$$ month=`date +%h` day=`date +%d` year=`date +%Y` #ext="back.$month$day.tar.gz"; ext="$year$month$day.tar.gz"; PROBLEM='0'; ##---------- functions ------- check_err () { if [ "$*" != "0" ] ; then echo "SCRIPT $0 ABORTED: error." >>$f 2>&1 send_results; exit 1; fi } echo_f () { echo "$*" >>$f } send_results () { echo_f " " echo_f "This email was generated by `uname -n`:$0 " # In debug mode print to stdout, else email results if [ "$DEBUG" -eq "1" ] ; then cat $f else # <3> Log result to syslog, and only delete log if successful. if [ "$PROBLEM" -eq "1" ] ; then mailx -s "`uname -n` Error: backup" $admin < $f logger -p daemon.alert "Error: Config backup failed, see $f" # don't delete log file elif [ "$VERBOSE" -eq "1" ] ; then mailx -s "$subject" $admin < $f 2>&1 logger -p daemon.info "Config backup OK" rm $f fi fi } ## ----- Main() -------- mkdir $work > /dev/null 2>&1 cd $work for target in $sol_targets; do echo_f "\n>>>>>>>>>> Backup $target ........" $ssh $target "tar cf - $sol_files" 2>>$e | gzip > $target.$ext 2> $e # Ignore minor errors, report the rest egrep -v "No such file or directory" $e >> $f ls -l $target.$ext >> $f done for target in $rh7_targets; do echo_f "\n>>>>>>>>>> Backup $target ........" #RH can gzip with tar. For debugging add the "v" switch $ssh $target "tar czf - $rh7_files" > $target.$ext 2> $e # Ignore minor errors, report the rest. Not all files that we specify # for backup are available, which causes "stat" errors and on RH, # "Error exit delayed from previous errors". This can be ignored we hope.. egrep -v "No such file or directory|Removing leading|Error exit delayed" $e >> $f ls -l $target.$ext >> $f done for target in $suse_targets; do echo_f "\n>>>>>>>>>> Backup $target ........" $ssh $target "tar czf - $suse_files" > $target.$ext 2> $e egrep -v "No such file or directory|Removing leading|Error exit delayed" $e >> $f ls -l $target.$ext >> $f done for target in $openbsd_targets; do echo_f "\n>>>>>>>>>> Backup $target ........" $ssh $target "tar czf - $openbsd_files" > $target.$ext 2> $e #egrep -v "No such file or directory|Removing leading" $e >> $f egrep "ERROR" $e >> $f ls -l $target.$ext >> $f done target=`uname -n` echo_f "\n>>>>>>>>>> Backup localhost ($target) ...." os=`uname -s` if [ "$os" = "SunOS" ] ; then (cd /; tar cf - $sol_files 2>>$e) | gzip > $target.$ext 2> $e # Ignore minor errors, report the rest egrep -v "No such file or directory" $e >> $f ls -l $target.$ext >> $f elif [ "$os" = "Linux" ] ; then (cd /; tar cf - $linux_files 2>>$e) | gzip > $target.$ext 2> $e # Ignore minor errors, report the rest egrep -v "No such file or directory" $e >> $f ls -l $target.$ext >> $f elif [ "$os" = "OpenBSD" ] ; then (cd /; tar cf - $openbsd_files 2>>$e) | gzip > $target.$ext 2> $e # Ignore minor errors, report the rest egrep -v "No such file or directory" $e >> $f ls -l $target.$ext >> $f fi rm $e ## Delete old files: echo_f "\n>>>>>>>>>> Deleting backups older that 360 days ........" find . -mtime +360 -ls -exec rm -r {} \; >> $f 2>&1 echo_f "\n>>>>>>>>>> Complete list of available backups ........\n" ls -ld $work >> $f ls -l $work/* >> $f if [ "$sol_targets" != "" ] ; then echo_f "\n>>>>>>>>>> Solaris files backed up ........\n" echo $sol_files >> $f fi if [ "$rh7_targets" != "" ] ; then echo_f "\n>>>>>>>>>> RedHat files backed up ........\n" echo $rh7_files >> $f fi if [ "$suse_targets" != "" ] ; then echo_f "\n>>>>>>>>>> Suse files backed up ........\n" echo $suse_files >> $f fi if [ "$openbsd_targets" != "" ] ; then echo_f "\n>>>>>>>>>> OpenBSD files backed up ........\n" echo $openbsd_files >> $f fi echo_f "\nDISK SPACE:" df -k -F ufs >>$f send_results; #eof