A BeforeJob Script to Pfsense Firewalls Backup

This should run in a Linux Box (e.g.: Bacula Director Machine), and the output should be included in its FileSet.

#!/bin/bash
#
# /etc/bacula/scripts/before-bacula-pfsense.sh
#
# Rubens C. Urquisa
#
# Adapted by: Heitor Faria
#
####
# PfSense Wget Backup
# Requirements:
# Change the default pfsense login and password if needed (admin, pfsense)
# Check if HTTPS is enabled.
# Change the amount and IP address of Pfsense boxes, one per line (HOST[x]=ip)
#
# It should work for pfsense versions from 2.0.x to 2.2.5
#####

# Replace if needed.
USER=admin
PASSWORD=pfsense

# wget script backup destination
DIR_BKP="/opt/bkp-pfsense"

# List of Pfsense boxes and address
HOST[0]="ip_primeiro_pfsense"
HOST[1]="ip_segundo_pfsense"
HOST[2]="ip_terceiro_pfsense_etc"

# Test if exists and create script backup dir

if [ ! -d "$DIR_BKP" ]; then
 mkdir $DIR_BKP
fi

# Does the magic.

x=0;
while [ $x != ${#HOST[@]} ]
do
 
 echo "`date` Starting config.xml backup ${HOST[$x]}"
 
 # pfsense versions 2.0.x from 2.2.5, if another version change wget command accordinly
 wget -qO/dev/null --keep-session-cookies --save-cookies cookies.txt 
 --post-data "login=Login&usernamefld=$USER&passwordfld=$PASSWORD" 
 --no-check-certificate https://${HOST[$x]}/diag_backup.php

 wget --keep-session-cookies --load-cookies cookies.txt 
 --post-data 'Submit=download&donotbackuprrd=yes' https://${HOST[$x]}/diag_backup.php 
 --no-check-certificate -O $DIR_BKP/${HOST[$x]}-`date +%a`.xml
 
 STATUS=$(echo $?)
 
 if [[ $STATUS == 0 ]]; then
 echo "config.xml Backup OK ${HOST[$x]}"
 else
 echo "config.xml Backup error ${HOST[$x]}"
 ERRO=1
 fi
 
 let "x = x +1"

done

if [[ $ERRO == 1 ]]; then
 echo "Backup Error, exit 1"
 exit 1
fi

Sample Pfsense Bacula backup Job resource (bacula-dir.conf):

Job {
  Name = "bkp-pfsense"
  Description = "Bkp Pfsenses"
  Client = "bacula-server-fd"
  Enabled = yes
  Fileset = "FileSet-Pfsense"
  JobDefs = "JobDefs-DataCenter"
  Runscript {
   Command = "/etc/bacula/scripts/before-bacula-pfsense.sh"
   FailJobOnError = yes 
   RunsWhen = Before
  }
}

Sample FileSet (bacula-dir.conf):

FileSet {
  Name = "FileSet-Pfsense"
  Include { 
    Options {
      signature = MD5
    }
    File = /opt/bkp-pfsense
  }
}

 

 

 

Disponível em: enEnglish

Leave a Reply