Installation et sécurisation d'une station Debian 3.0 stable

15/05/2004
[ Précédent ] [ Sommaire ] [ Suivant ] [ Télécharger ]
/home/system/scripts/backup/system_backup.sh
#!/bin/sh

#
# Debian-secinst v0.1.5 : ANNEXE 8 - Script de backup
# Simon Castro
#

#################
# CONFIGURATION #
#################

### Set these values to run backup.sh

# Location of the last backup date file : The one used to get the 'from date' in incremental mode
LAST_DONE_FILE=/home/system/scripts/backup/.last_done

# The backup partition : it can be unmounted or mounted read-only.
BACKUP_PARTITION=/backup

# Set here the directories or files you want to backup (absolute location from /)
BACKUP_FROM="/bin /boot /dev /etc /home /lib /root /sbin /usr /var"

# Set here the filename containing the file/directories you want to exclude from the backup archive
# This file must exist but may be empty
EXCLUDE="/home/system/scripts/backup/exclude"

# Logger phrase : Used to send the message to syslog but also displays error on stderr
SYSLOG_THIS="-s -p syslog.notice -t Backup"

### Set these values for the ciphering mode 

# This file contains the filenames to backup separately - encoding them with the password
# This file must exist but may be empty
CIPHERED="/home/system/scripts/backup/include_but_ciphered"

# This is the password used to encode the archive
PASSWORD="toto"

# This is the command used to cipher the archive
CIPHER="/usr/bin/openssl enc -des3 -e -k $PASSWORD "

### Set these values if you really need to

# Binaries location
CAT=/bin/cat
CPIO=/bin/cpio
DATE=/bin/date
FIND=/usr/bin/find
GREP=/bin/grep
LOGGER=/usr/bin/logger
MD5SUM=/usr/bin/md5sum
MOUNT=/bin/mount
SED=/bin/sed
SYNC=/bin/sync
UMOUNT=/bin/umount

#############################################
# SYSTEM CONFIGURATION AND INITIAL CHECKING #
#############################################

# Check the $CIPHERED file exists
if [ ! $CIPHERED ] || [ ! -f $CIPHERED ]
then
$LOGGER $SYSLOG_THIS "Error : The 'ciphered' file is not set or does not exist"
exit -1
fi

# Check the $EXCLUDE file exists
if [ ! $EXCLUDE ] || [ ! -f $EXCLUDE ]
then
$LOGGER $SYSLOG_THIS "Error : The 'exclude' file is not set or does not exist"
exit -1
fi

# Check if user forced the full mode

FORCED=0
if [ $1 ] && [ $1 == "-f" ]
then
$LOGGER $SYSLOG_THIS "User forced the full backup mode"
FORCED=1
fi

# Remove first '/' from $BACKUP_FROM directories and go to '/'
BACKUP_FROM=`echo "$BACKUP_FROM" | $SED 's/\(^\/\)\|\(\ \/\)/ /g'`
cd /

# Check if last_done file exist and is set
LAST_DONE_DATE=
if [ $FORCED == 0 ] && [ -f $LAST_DONE_FILE ] && [ -s $LAST_DONE_FILE ]
then 
  LAST_DONE_DATE=`$CAT $LAST_DONE_FILE`
  $LOGGER $SYSLOG_THIS "Incremental backup beginning : $LAST_DONE_DATE"
else
  $LOGGER $SYSLOG_THIS "Full backup"
fi

# Check the backup partition and mount it read-write
IS_RO=
ISNT_MOUNTED="mounted" # Remember to always set this value to anything you want but not null
if [ -d $BACKUP_PARTITION ]
then
  IS_R0=`$MOUNT | $GREP -E "$BACKUP_PARTITION.*ro"`
  ISNT_MOUNTED=`$MOUNT | $GREP -E "$BACKUP_PARTITION"`
  if [ "$IS_R0" ] 
	then
	  $LOGGER $SYSLOG_THIS "  Remounting rw $BACKUP_PARTITION"
	  $MOUNT -o remount,rw $BACKUP_PARTITION
  fi
  if [ ! "$ISNT_MOUNTED" ]
	then
	  $LOGGER $SYSLOG_THIS "  Mounting rw $BACKUP_PARTITION"
	  $MOUNT -o rw $BACKUP_PARTITION
  fi

else
  $LOGGER $SYSLOG_THIS "Error : Won't be able to write backup on $BACKUP_PARTITION"
  exit -1
fi

####################
# DO A FULL BACKUP #
####################

if [ ! "$LAST_DONE_DATE" ]
then

  # Set the last_done file
  $DATE > $LAST_DONE_FILE

  # Create the backup directory
  DESTDATE=`date "+%d%m%y-%H%M%S"`
  DESTDIR=$BACKUP_PARTITION"/"full_$DESTDATE
  mkdir $DESTDIR

  # Begin the backup in the previously created directory
  for i in $BACKUP_FROM
	do
	  # Get the date of THIS file backuping process begin and set the destination backup filename
	  DESTDATE=`date "+%d%m%y-%H%M%S"`
	  # Set the dest file name from its real name but move '/' to '_'
	  DESTFILE=`echo $i | $SED 's/\//_/g'`
	  DESTFILE=$DESTDIR"/"$DESTFILE"_"$DESTDATE".tar.gz"

	  # Time to backup the file
	  $LOGGER $SYSLOG_THIS "    Backuping $DESTFILE"
	  tar zcvfp $DESTFILE -X $CIPHERED -X $EXCLUDE $i > /dev/null 2>> $DESTDIR".log"

	  # Time to check if errors occurred
	  if [ -f $DESTDIR".log" ] && [ -s $DESTDIR".log" ] && $GREP "Error" $DESTDIR".log" > /dev/null
		then
		  $LOGGER $SYSLOG_THIS "Error while backuping $i"
		else
		  HASH=`$MD5SUM $DESTFILE 2>> $DESTDIR".log"`
		  $LOGGER $SYSLOG_THIS "      Hash : $HASH"
		  echo $HASH >> $DESTDIR.md5
		  HASH=
	  fi
  done

  # Begin the backup of the excluded directories in a cpio archive and don't forget quotas configuration files if any...    
  cd / # First : Go to /
  $LOGGER $SYSLOG_THIS "    Backuping excluded files into a cpio archive"
  DESTFILE=$DESTDIR"/excluded.cpio"
  for i in `$CAT $EXCLUDE`
	do
	  if [ ! -f $DESTFILE ]
		then
		  # First call to cpio => Create the cpio archive
		  echo $i | $CPIO -o --quiet > $DESTFILE 2>> $DESTDIR".log"
		else
		  # The Cpio archive exists => Appends data
		  echo $i | $CPIO -o --quiet -O $DESTFILE -A > /dev/null 2>> $DESTDIR".log"
		  # Don't forget the quotas files...
		  $FIND $i -name "quota*.[gu]*" | $CPIO -o --quiet -O $DESTFILE -A > /dev/null 2>> $DESTDIR".log"
	  fi
  done
  cd - # Last : go to previous directory

  # Time to check if errors occurred
  if [ -f $DESTDIR".log" ] && [ -s $DESTDIR".log" ] && $GREP "Error" $DESTDIR".log" > /dev/null
	then
	  $LOGGER $SYSLOG_THIS "Error while backuping $DESTFILE"
	else
	  HASH=`$MD5SUM $DESTFILE 2>> $DESTDIR".log"`
	  $LOGGER $SYSLOG_THIS "      Hash : $HASH"
	  echo $HASH >> $DESTDIR.md5
	  HASH=
  fi

fi

############################
# DO AN INCREMENTAL BACKUP #
############################

if [ "$LAST_DONE_DATE" ]
then

  # Get the last_done date
  LAST_DONE_DATE=`$CAT $LAST_DONE_FILE`
  # Save the new date
  # What kind of incremental backup do we want ?
  #  1. A 'full' incremental backup from the last full backup ?
  #  2. A incremental backup with the day to day changes from the last full backup ?
  #
  # If you choice the 2. solution, uncomment the next line. 
  # $DATE > $LAST_DONE_FILE

  # Create the backup directory
  DESTDATE=`date "+%d%m%y-%H%M%S"`
  DESTDIR=$BACKUP_PARTITION"/"incr_$DESTDATE
  mkdir $DESTDIR

  # Begin the backup
  for i in $BACKUP_FROM
	do
	  # Get the date of THIS file backuping process begin and set the destination backup filename
	  DESTDATE=`date "+%d%m%y-%H%M%S"`
  # Set the dest file name from its real name but move '/' to '_'
	  DESTFILE=`echo $i | $SED 's/\//_/g'`
	  DESTFILE=$DESTDIR"/"$DESTFILE"_"$DESTDATE".tar.gz"

  # Time to backup the file
	  $LOGGER $SYSLOG_THIS "    Backuping $DESTFILE (incremental)"
	  tar zcvfp $DESTFILE -X $CIPHERED -X $EXCLUDE "$DESTFILE" --after-date "$LAST_DONE_DATE" $i 2>> $DESTDIR".log" > /dev/null

  # Time to check if errors occurred
  if [ -f $DESTDIR".log" ] && [ -s $DESTDIR".log" ] && $GREP "Error" $DESTDIR".log" > /dev/null
	then
	  $LOGGER $SYSLOG_THIS "Error while backuping $i"
	else
	  HASH=`$MD5SUM $DESTFILE 2>> $DESTDIR".log"`
	  $LOGGER $SYSLOG_THIS "      Hash : $HASH"
	  echo $HASH >> $DESTDIR.md5
	  HASH=
  fi
  done
fi

##########################################
# DO A CIPHERED BACKUP OF SPECIFIC FILES #
##########################################

if [ -f $CIPHERED ] && [ -s $CIPHERED ]
then
  # Time to backup the files
  $LOGGER $SYSLOG_THIS "    Backuping $CIPHERED files"
  DESTFILE=$DESTDIR"/ciphered_"$DESTDATE".tar.gz"
  tar zcvfp $DESTFILE -T $CIPHERED 2>> $DESTDIR".log" > /dev/null

  # Time to cipher the tarball
  $LOGGER $SYSLOG_THIS "      Ciphering $DESTFILE"
  $CIPHER -in $DESTFILE -out $DESTFILE.des3 2>> $DESTDIR".log" > /dev/null

  # Time to remove the original
  $LOGGER $SYSLOG_THIS "      Removing $DESTFILE"
  rm -f $DESTFILE 2>> $DESTDIR".log" > /dev/null

  # Time to get the hash
  if [ -f $DESTDIR".log" ] && [ -s $DESTDIR".log" ] && $GREP "Error" $DESTDIR".log" > /dev/null
	then
	  $LOGGER $SYSLOG_THIS "Error while backuping $DESTFILE"
	else
	  HASH=`$MD5SUM $DESTFILE.des3 2>> $DESTDIR".log"`
	  $LOGGER $SYSLOG_THIS "      Hash : $HASH"
	  echo $HASH >> $DESTDIR.md5
	  HASH=
  fi
fi

#################################################################
# END : Sync and : remount read-only or umount Backup partition #
#################################################################

$LOGGER $SYSLOG_THIS "  Syncing disks"
$SYNC

if [ "$IS_R0" ]
then
  $LOGGER $SYSLOG_THIS "  Remounting ro $BACKUP_PARTITION"
  $MOUNT -o remount,ro $BACKUP_PARTITION
fi

if [ ! "$ISNT_MOUNTED" ]
then
  $LOGGER $SYSLOG_THIS "  Unmounting $BACKUP_PARTITION"
  $UMOUNT $BACKUP_PARTITION
fi
[ Précédent ] [ Sommaire ] [ Suivant ] [ Télécharger ]
Copyright (c) 2003 Simon Castro, scastro [ at ] entreelibre.com.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.
You must have received a copy of the license with this document and it should be présent in the fdl.txt file.
If you did not receive this file or if you don't think this fdl.txt license is correct, have a look on the official http://www.fsf.org/licenses/fdl.txt licence file.