Pré-script para Backup de Firewall Pfsense 2.3.2

Este script deve rodar a partir de uma máquina Linux (ex.: o servidor do Bacula), e o diretório de destino das cópias incluído no FileSet do Job de backup (neste exemplo, /opt/bkp-pfsense).

#!/bin/bash
#
# /etc/bacula/scripts/before-bacula-pfsense.sh
#
# Rubens C. Urquisa
#
# Adaptado por: Heitor Faria
#
####
# Backup Pfsense via wget
# Uso Requisitos
# Modificar se necessário senha e login, padrao do pfsense (admin, pfsense)
# Checar se https esta habilitado
# Modificar IPS e quantidades de Pfsense (HOST[x]=ip)
#
# Versao pfsense 2.3
#####
# Substitua por suas credenciais do Pfsense
USER=admin
PASSWORD=senha
# Local de backup
DIR_BKP="/opt/bkp-pfsense"
# Cadastro dos Pfsense no Array
HOST[0]="10.1.1.1"
HOST[1]="10.1.1.62"
#HOST[2]="ip_terceiro_pfsense_etc"
# Testa e eventualmente Cria Dir de Backup
if [ ! -d "$DIR_BKP" ]; then
 mkdir $DIR_BKP
fi
# Faz backup - acessa os Pfsense
x=0;
while [ $x != ${#HOST[@]} ]
do
 
 echo "`date` Iniciando bkp config.xml ${HOST[$x]}"
 
wget -qO- --keep-session-cookies --save-cookies /opt/bkp-pfsense/cookies.txt 
  --no-check-certificate https://${HOST[$x]}/diag_backup.php 
  | grep "name='__csrf_magic'" | sed 's/.*value="(.*)".*/1/' > /opt/bkp-pfsense/csrf.txt && cat /opt/bkp-pfsense/csrf.txt

wget -qO- --keep-session-cookies --load-cookies /opt/bkp-pfsense/cookies.txt --save-cookies cookies.txt --no-check-certificate 
--post-data "login=Login&usernamefld=$USER&$PASSWORDfld=pfsense&__csrf_magic=$(cat /opt/bkp-pfsense/csrf.txt)" 
  https://${HOST[$x]}/diag_backup.php  | grep "name='__csrf_magic'" 
| sed 's/.*value="(.*)".*/1/' > /opt/bkp-pfsense/csrf2.txt && cat /opt/bkp-pfsense/csrf2.txt

wget --keep-session-cookies --load-cookies /opt/bkp-pfsense/cookies.txt --no-check-certificate 
  --post-data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 /opt/bkp-pfsense/csrf2.txt)" 
  https://${HOST[$x]}/diag_backup.php -O /opt/bkp-pfsense/config-${HOST[$x]}-`date +%Y%m%d%H%M%S`.xml

 
 STATUS=$(echo $?)
 
 if [[ $STATUS == 0 ]]; then
 echo "Ok bkp config.xml ${HOST[$x]}"
 else
 echo "Erro bkp config.xml ${HOST[$x]}"
 ERRO=1
 fi
 
 let "x = x +1"
done
if [[ $ERRO == 1 ]]; then
 echo "Erro na execucao, exit 1"
 exit 1
fi

Exemplo de configuração do recruso Job (bacula-dir.conf), chamando o script:

Job {
  Name = "bkp-pfsense"
  Description = "Bkp Pfsenses"
  Client = "bacula-server-fd"
  Enabled = yes
  Fileset = "FileSet-Pfsense"
  JobDefs = "JobDefs-DataCenter"
  Runscript {
   Command = "/etc/bacula/scripts/before-bacula-pfsense.sh"
   FailJobOnError = yes
   RunsWhen = Before
  }
}

Exemplo de FileSet (bacula-dir.conf):

FileSet {
  Name = "FileSet-Pfsense"
  Include { 
    Options {
      signature = MD5
    }
    File = /opt/bkp-pfsense
  }
}

 

 

 

Disponível em: pt-brPortuguês enEnglish (Inglês)

Deixe uma resposta