Pfsense 2.3.2 Firewall BeforeJob Backup Script
  • Post category:Uncategorized
  • Post comments:0 Comments

This should run in a Linux Box (e.g.: Bacula Director Machine), and the output should be included in its FileSet.

#!/bin/bash
#
# /etc/bacula/scripts/before-bacula-pfsense.sh
#
# Rubens C. Urquisa
# Heitor Faria
#
####
# Pfsense Wget Backup
# Change current user and password variables
# Enable https
# Change Pfsense hosts address and quantities (HOST[x]=ip)
#
# Pfsense 2.3.2
#####
# Replace for current Pfsense credentials
USER=admin
PASSWORD=password
# Local de backup
DIR_BKP="/opt/bkp-pfsense"
# Cadastro dos Pfsense no Array
HOST[0]="10.1.1.1"
HOST[1]="10.1.1.62"
#HOST[2]="3rd_pfsense_host_etc"
# Test and Creates output dir
if [ ! -d "$DIR_BKP" ]; then
 mkdir $DIR_BKP
fi
# Do Pfsense Backup
x=0;
while [ $x != ${#HOST[@]} ]
do
 
 echo "`date` Iniciando bkp config.xml ${HOST[$x]}"
 
wget -qO- --keep-session-cookies --save-cookies /opt/bkp-pfsense/cookies.txt 
  --no-check-certificate https://${HOST[$x]}/diag_backup.php 
  | grep "name='__csrf_magic'" | sed 's/.*value="(.*)".*/1/' > /opt/bkp-pfsense/csrf.txt && cat /opt/bkp-pfsense/csrf.txt

wget -qO- --keep-session-cookies --load-cookies /opt/bkp-pfsense/cookies.txt --save-cookies cookies.txt --no-check-certificate 
--post-data "login=Login&usernamefld=$USER&$PASSWORDfld=pfsense&__csrf_magic=$(cat /opt/bkp-pfsense/csrf.txt)" 
  https://${HOST[$x]}/diag_backup.php  | grep "name='__csrf_magic'" 
| sed 's/.*value="(.*)".*/1/' > /opt/bkp-pfsense/csrf2.txt && cat /opt/bkp-pfsense/csrf2.txt

wget --keep-session-cookies --load-cookies /opt/bkp-pfsense/cookies.txt --no-check-certificate 
  --post-data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 /opt/bkp-pfsense/csrf2.txt)" 
  https://${HOST[$x]}/diag_backup.php -O /opt/bkp-pfsense/config-${HOST[$x]}-`date +%Y%m%d%H%M%S`.xml

 
 STATUS=$(echo $?)
 
 if [[ $STATUS == 0 ]]; then
 echo "Ok for bkp config.xml ${HOST[$x]}"
 else
 echo "Error for bkp config.xml ${HOST[$x]}"
 ERRO=1
 fi
 
 let "x = x +1"
done
if [[ $ERRO == 1 ]]; then
 echo "Execution error, exit 1"
 exit 1
fi

Sample Pfsense Bacula backup Job resource (bacula-dir.conf):

Job {
  Name = "bkp-pfsense"
  Description = "Bkp Pfsenses"
  Client = "bacula-server-fd"
  Enabled = yes
  Fileset = "FileSet-Pfsense"
  JobDefs = "JobDefs-DataCenter"
  Runscript {
   Command = "/etc/bacula/scripts/before-bacula-pfsense.sh"
   FailJobOnError = yes 
   RunsWhen = Before
  }
}

Sample FileSet (bacula-dir.conf):

FileSet {
  Name = "FileSet-Pfsense"
  Include { 
    Options {
      signature = MD5
    }
    File = /opt/bkp-pfsense
  }
}

 

 

 

Disponível em: pt-brPortuguês (Portuguese (Brazil))enEnglishesEspañol (Spanish)

Leave a Reply