This ensures restoring a backup won't silently bring back an insecure
Diffie-Hellman parameter (which could also not be inspected through the
web interface anymore).
Reported-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
After a backup is restored, the CRL might be out of data and client
won't be able to connect to the server any more.
This will immediately update the CRL should it require an update.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Remove sudoers file 'zabbix' in favour of new IPFire managed
'zabbix_agentd' and user managed 'zabbix_agentd_user' which is
included in the backup
- Provide migration of old sudoers file 'zabbix' or 'zabbix.user' to
new zabbix_agentd_user sudoers file if it was modified by user.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
- Restrict default main config to only the bare minimum options
and add upstream provided config as example file.
- Remove /etc/zabbix_agentd from backup and instead add only
zabbix_agentd.conf and subdirs 'scripts' and 'zabbix_agentd.d' to
the backup.
- Move ipfire managed userparameter_pakfire.conf from
user managed dir /etc/zabbix_agentd/zabbix_agent.d to
ipfire managed dir /var/ipfire/zabbix_agentd/userparameters
- Add Include line to existing zabbix_agentd.conf to include
the new ipfire managed config dir /var/ipfire/zabbix_agentd/...
- Add and include mandatory IPFire specific agent configuration
which should never be changed by the user.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
- Add agent modules-dir to backup
- Remove original, not used agent modules dir from rootfile
- Create modules-dir during install if it not already exists
- bugfix: Add existence check before creating log-dir, avoiding error
messages if it already exists from a previous install
- bugfix: add extract_backup_includes to update.sh script to make
sure backup includes exist when backup is taken.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
To solve the behavior discribed in bug 12404 I added the path
/var/ipfire/cups to the backup.
Signed-off-by: Daniel Weismueller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Sometimes, we restore a backup that has been created earlier before
exclude files have been changed. To avoid overwriting those files, we
will consider the exlude list upon restore.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This file is a system configuration file and does not contain any
configruation from the user.
Since it can be overwritten in a backup and restored to an older state,
this can cause problems such as #12788.
Fixes: #12788
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
In order to be able to run the ISO command on command line it is helpful
that the script does not go into background halfway through the process.
We should rather start it as a background job straight from the CGI
script.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch is changing the behaviour of the backup script so that it
creates one tarball and compresses it in one go.
This will save storing the original tarball on disk before compressing
it which on my test system requires significant disk space.
This patch also solves a bug where the backup file included with the ISO
image could not be extracted because it was not gzip-compressed when it
was expected to be.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- check_mk_agent, client175 & lcr are addons that have been removed so the backup
definitions are no longer required.
- dma is not a package but a core program and has its config backup requirements
built into the core backup include file so the addon backup definition is not
used or needed.
- No issues found in the build after these files were removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Backup definition missing - created ro backup config file
- Update of rootfile
- Addition of backup definition install into lfs file
- Addition of restore and backup statements into install.sh and uninstall.sh pak scripts
Fixes: 12710
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This package has not received any updates or attention within the last
three years. It's sole known upstream URL (https://ssl.bulix.org/projects/lcd4linux/)
returns a HTTP error 404 nowadays, and the author was unable to locate
any upstream source that appears to be still maintained today.
Given the status quo, bugs in lcd4linux cannot be reported properly,
security issues won't be addressed (by anybody else then ourselves), and
technical questions cannot be clarified aside a reverse engineering
approach.
We should not allow such an add-on to be installed on a firewall system.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Current situation is that any restrictions in the exclude file will not
be overwritten by the include.user file
- For example the global exclude file has *.tmp preventing any tmp files
being backed up from the globally included IPFire files
If a user has some specific tmp files they want to backup and include
them in the include.user file they will not override the global
exclude file.
- This fix does the backup of the global and user backups as two separate
events and then appends them. This means that any tmp files in the
include.user file will be backed up.
- The backups are created as a global tar file and then have the user
tar file appended and then the combined file gzipped and given the .ipf
suffix. This has to be done this was as gzipped files can not be
appended to each other whereas tar files can.
Fixes: 12626
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- What is it?
pmacct is a monitoring tool for network management tasks. Data collected
can be used for analysis and troubleshooting purposes to maintain the
health of the network. pmacct can collect, replicate and export network
information. It can cache in memory tables, store persistently to SQLite3
and output to flat-files like CSV, formatted, and JSON.
- Why is it needed?
To monitor data usage (IP-based or MAC-based data accounting) down to the
client level. Net-Traffic will monitor traffic for the entire RED, GREEN,
etc. networks, but it cannot pinpoint which client is using lots of data.
Connections will take a snapshot but not show day by day sums. pmacct can
help admins keep tabs on users that use too much data.
- What are the use cases?
An ISP may implement data caps and if the limit is over-run then you have
to pay for every additional xxGB of data used. Typical charges can be
around $10 per 50GB. With pmacct you can identify the high users and take
action, hopefully before the limit is breached.
- This is being introduced as a command line only tool. However, at a later
date, if it is useful to enough additional users a WUI page could be
developed as discussed in the development mailing list
https://lists.ipfire.org/pipermail/development/2021-January/009174.html
- Changes in V2 version
- Initscript is using IPFire template and installed with IPFire method.
- All other daemons except pmacct and pmacctd have been removed from the install.
- Example conf files have been removed from /etc/pmacct
Both example conf files are described in the pmacct wiki draft.
Tested-by: Jon Murphy <jon.murphy@ipfire.org>
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Added a backup/includes file for apcupsd to backup the
/etc/apcupsd/ directory where all the configuration files
are stored. Currently there is no backup available to
save the state of any changes carried out to the configuration
or action files.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Modified backup/includes file to backup the /var/bacula/working directory contents
rather than explicitly naming the state filename.
State filename could be varied if user modifies the port number for the file daemon
as the port number is part of the state filename
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update bacula from version 9.0.6 to 9.6.5
Version 9.0.6 is over two and a half years old.
- Update config options in lfs to include bacula recommended smartalloc option.
"This enables the inclusion of the Smartalloc orphaned buffer detection
code. This option is highly recommended. Because we never build without this option,
you may experience problems if it is not enabled. In this case, simply re-enable the
option. We strongly recommend keeping this option enabled as it helps detect memory
leaks. This configuration parameter is used while building Bacula"
- Add install, uninstall and update files in src/paks/bacula
- Updated backup/includes to backup the config file and the File Daemon state file.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
