├── .gitignore ├── CHANGELOG.md ├── README.md ├── archive ├── f5.automated_backup.v3.0.0.tmpl.tcl ├── f5.automated_backup.v3.1.0.tmpl.tcl ├── f5.automated_backup.v3.1.1.tmpl ├── f5.automated_backup.v3.1.10.scripts.sh ├── f5.automated_backup.v3.1.10.tmpl.tcl ├── f5.automated_backup.v3.1.11.scripts.sh ├── f5.automated_backup.v3.1.11.tmpl.tcl ├── f5.automated_backup.v3.1.2.tmpl.tcl ├── f5.automated_backup.v3.1.3.tmpl.tcl ├── f5.automated_backup.v3.1.4.tmpl.tcl ├── f5.automated_backup.v3.1.5.tmpl.tcl ├── f5.automated_backup.v3.1.6.scripts.sh ├── f5.automated_backup.v3.1.6.tmpl.tcl ├── f5.automated_backup.v3.1.7.scripts.sh ├── f5.automated_backup.v3.1.7.tmpl.tcl ├── f5.automated_backup.v3.1.8.scripts.sh ├── f5.automated_backup.v3.1.8.tmpl.tcl ├── f5.automated_backup.v3.1.9.scripts.sh ├── f5.automated_backup.v3.1.9.tmpl.tcl ├── f5.automated_backup.v3.2.0-fork.scripts.sh ├── f5.automated_backup.v3.2.0-fork.tmpl.tcl ├── f5.automated_backup.v3.2.1.scripts.sh ├── f5.automated_backup.v3.2.1.tmpl.tcl ├── f5.automated_backup.v3.2.2_sftp_awk.scripts.sh ├── f5.automated_backup.v3.2.3.scripts_reference.sh └── f5.automated_backup.v3.2.3.tmpl.tcl ├── f5.automated_backup.v3.2.4.tmpl.tcl ├── notes ├── cifs_notes.md └── ucs_passphrase_allowed_character_testing.md └── scripts ├── ftp.sh ├── local_pruning.sh ├── scp.sh ├── sftp.sh └── smb_cifs.sh /.gitignore: -------------------------------------------------------------------------------- 1 | *.DS_Store 2 | .DS_Store 3 | unit_testing_list.* 4 | *.zip -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # CHANGELOG 2 | 3 | ## v3.2.4 (20210831) 4 | * Added an option to set a custom local pruning interval. This used to be fixed at 60 seconds. 5 | * Added an option to set a custom directory to save archives. 6 | * Fixed SSH options for SCP. 7 | * Limited use of filename suffix to SMB/CIFS and Local (the only modes where pruning is available). 8 | 9 | ## v3.2.3 (20210327) 10 | * Fixed a bug (typo) when using SCP, which resulted in 'script did not successfully complete: (can't read "::destination_parameters__sftp_sshprivatekey": no such variable' etc. This was related to adding support for keys with "BEGIN OPENSSH PRIVATE KEY" headers. 11 | 12 | ## v3.2.2 (20210312) 13 | * Added ability to set "ssh options" for SCP and SFTP (e.g. KexAlgorithm) 14 | * Added support for keys with "BEGIN OPENSSH PRIVATE KEY" headers. 15 | 16 | ## v3.2.1 (20201210) 17 | * Merged v3.1.11 and v3.2.0 for explicit SFTP support (separate from SCP). 18 | * Tweaked the SCP and SFTP upload directory handling; detailed instructions are in the iApp. 19 | * Tested on 13.1.3.4 and 14.1.3 and 16.0.1 20 | 21 | ## v3.1.11 (20201210) 22 | * Better handling of UCS passphrases, and notes about characters to avoid. 23 | * I successfully tested this exact passphrase in the 13.1.3.4 CLI (surrounded with single quote) and GUI (as-is): `~!@#$%^*()aB1-_=+[{]}:./? 24 | * I successfully tested this exact passphrase in 14.1.3 (square-braces and curly-braces would not work): `~!@#$%^*()aB1-_=+:./? 25 | * Though there may be situations these could work, avoid these characters (separated by spaces): " ' & | ; < > \ [ ] { } , 26 | * Moved changelog and notes from the template to CHANGELOG.md and README.md. 27 | * Replaced all tabs (\t) with four spaces. 28 | 29 | ## v3.1.10 (20201209) 30 | * Added SMB Version and SMB Security options to support v14+ and newer versions of Microsoft Windows and Windows Server. 31 | * Tested SMB/CIFS on 13.1.3.4 and 14.1.3 against Windows Server 2019 using "2.0" and "ntlmsspi" 32 | 33 | ## v3.2.0-fork (20190620) 34 | Developed on a fork of v3.1.9 by damnski (darryl.wisneski@yale.edu) 35 | * Add support for SFTP (separately from SCP) - use-case is AWS Transfers (SFTP) that only supports the SFTP protocol - tested on 14.1.0.1 36 | 37 | ## v3.1.9 (20181120) 38 | * Fixed comment in SMB/CIFS script which was breaking everything due hash escape and a variable reference--I must not have actually tested after I added the comment :( 39 | 40 | ## v3.1.8 (20181115) 41 | * Scripts for SMB/CIFS and FTP will again be deleted after each backup. (This was in place as of v3.1.6 but was turned off for debugging in v3.1.7 and was not put back.) 42 | 43 | ## v3.1.7 (20181115) 44 | * Now supporting many special characters for passwords (without manually escaping with backslashes). (github Issue #3 and #16) 45 | * SMB/CIFS does NOT support comma, single-quote, and double-quote. I successfully tested this exact password to Windows Server 2012: `~!@#$%^&*()aB1-_=+[{]}\|;:<.>/? 46 | * FTP should support all characters (based on limited testing). I successfully tested this exact password to a Linux FTP server: `~!@#$%^&*()aB1-_=+[{]}\|;:,"<.>'/? 47 | 48 | ## v3.1.6 (20181114) 49 | * Fixed lots of issues with SCF files for SFTP/SCP, FTP, and SMB/CIFS (mainly, tar files were not being copied and were not being cleaned up locally). (github Issue #18) 50 | * Added logging clarification that when using SCF archives a .tar file is also generated and saved/uploaded. 51 | * Added debug logging for the SMB/CIFS script. 52 | * Now including on github an expanded form of the upload scripts for better understanding (see "f5.automated_backup.v3.1.6.scripts.sh" etc.). 53 | 54 | ## v3.1.5 (20181112) 55 | * Updated KNOWN ISSUES section (below) 56 | * Fixed SCF passphase issue (v11 "tmsh save sys config file NAME" works and applies no passphase ("no-passphase" flag does not exist); v12+ requires use of "no-passphrase" or "passphrase PHRASE"). (github Issue #18) 57 | * Reordered filename_format list; default remains ${host}_%Y%m%d_%H%M%S 58 | * Tested on 11.6.3.3, 12.1.3.7, and 13.1.1.2 59 | 60 | ## v3.1.4 (20180604) 61 | * Fixed can't read "::destination_parameters__pruning_mode" errors using [info exists ...]. 62 | * Removed LTM from "Required Modules" list; now no modules are required. 63 | * SMB/CIFS now directly mounts the target directory instead of the mount point. This allows administrators to deny access to intermediate directories. 64 | * Set the pruning_keep_amount default to 3 (previously no default existed). 65 | 66 | ## v3.1.3 (20180511) 67 | * Added pruning option to only delete Archives created by this iApp using a Unique Suffix. 68 | * Muted ls errors on first-run of pruning script with Unique Suffix. 69 | * Fixed SCF pruning (previously only built for ucs file extension); also cleans up scf.tar files. 70 | * Fixed SCF generation with "no-passphrase" without which produces errors in 13.1.0.5 (not tested in any other versions). 71 | * Added pruning option for SMB/CIFS. 72 | 73 | ## v3.1.2 (20180510) 74 | * Allowed Destination to be an IP or hostname, and added clarifying notes. 75 | * Added Source IP notes to help users understand and manipulate the source IP used by BIG-IP. 76 | * Added path notes for SFTP/SCP and FTP. 77 | * Fixed ssh-keygen example syntax and added note about optional ssh-copy-id command. 78 | * Clarified SMB/CIFS special character escaping for password--not all non-alphanumeric characters need to be escaped. 79 | 80 | ## v3.1.1 (20180331) 81 | * Removed TCL double substitution warnings 82 | * Fixed duplication of UCS file extension when uploading to FTP 83 | 84 | ## v3.1.0 (20180201) 85 | * Removed "app-service none" from iCall objects. The iCall objects are now created as part of the Application Service (iApp) and are properly cleaned up if the iApp is redeployed or deleted. 86 | * Reasonably tested on 11.5.4 HF2 (SMB worked fine using "mount -t cifs") and altered requires-bigip-version-min to match. 87 | * Fixing error regarding "script did not successfully complete: (can't read "::destination_parameters__protocol_enable": no such variable" by encompassing most of the "implementation" in a block that first checks $::backup_schedule__frequency_select for "Disable". 88 | * Added default value to "filename format". 89 | * Changed UCS default value for $backup_file_name_extension to ".ucs" and added $fname_noext. 90 | * Removed old SFTP sections and references (now handled through SCP/SFTP). 91 | * Adjusted logging: added "sleep 1" to ensure proper logging; added $backup_directory to log message. 92 | * Adjusted some help messages. 93 | 94 | ## v3.0.0 (20180124) 95 | * Eliminated ConfigSync issues and removed ConfigSync notes section. (Encrypted values now in $script instead of local file.) 96 | * Passwords now have no length limits. (Using "-A" with openssl which reads/writes base64 encoded strings as a single line.) 97 | * Added $script error checking for all remote backup types. (Using 'catch' to prevent tcl errors when $script aborts.) 98 | * Backup files are cleaned up after $script error due to new error checking. 99 | * Added logging. (Run logs sent to '/var/log/ltm' via logger command which is compatible with BIG-IP Remote Logging configuration (syslog). Run logs AND errors sent to '/var/tmp/scriptd.out'. Errors may include plain-text passwords which should not be in /var/log/ltm or syslog.) 100 | * Added custom cipher option for SCP. 101 | * Added StrictHostKeyChecking=no option. 102 | * Combined SCP and SFTP because they are both using SCP to perform the remote copy. 103 | 104 | ## v2.2.5b4+ (20180118) 105 | * Refining changes to SMB/CIFS and replicating to other remote copy types. (Developed by Daniel Tavernier/tabernarious) 106 | 107 | ## v2.2.5b4 (20180118) 108 | * Moved encrypted values for SMB/CIFS to shell script which eliminates ConfigSync issues. Fixed long-password issue by using "-A" with openssl so that base64 encoded strings are written and read as a single line. (Developed by Daniel Tavernier/tabernarious) 109 | 110 | ## v2.2.5a (20180117) 111 | * Added items to FUTURE list. 112 | 113 | ## v2.2.5 (20171228) 114 | * Added notes about special characters in passwords. Added Deployment Information and ConfigSync sections. (Developed by Daniel Tavernier/tabernarious) 115 | 116 | ## v2.2.4a (20171215) 117 | * Added items to FUTURE list. 118 | 119 | ## v2.2.4 (20171214) 120 | From code posted by Roy van Dongen 121 | * Added fix to force FTP to use binary upload. 122 | 123 | ## v2.2.3 (20171214) 124 | * Set many fields to "required" and set reasonable default values to prevent loading/configuration errors. Expanded help regarding private keys. 125 | 126 | ## v2.2.2 (20171214) 127 | * Added "/" to "mount -t cifs" command and clarified/expanded help for SMB (CIFS) Destination Parameters. 128 | 129 | ## v2.2.1 (20171214) 130 | * Allowed multiple instances of iApp by leveraging $tmsh::app_name to create unique object names. 131 | 132 | ## v2.1.1 (20160916) 133 | Developed/posted by MAG 134 | * Retooled SMB upload from smbclient to "mount -t cifs" (v12.1+ compatibility). 135 | 136 | ## ~v2.0 (20140312) 137 | Developed/posted by Thomas Schockaert 138 | * Initially posted releases from what I gathered perusing DevCentral. 139 | * v11.4.0-11.6.x? compatibility. 140 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # f5-automated-backup-iapp 2 | F5 iApp for automated backups to the local device and to network locations. 3 | 4 | ## Usage 5 | * You only need the `f5.automated_backup.v3.2.4.tmpl.tcl` file (or whatever the latest version is). Download this template and import it using the F5 BIG-IP GUI. 6 | * The scripts folder contains pretty versions of the scripts used in the iApp template. 7 | 8 | ## Intro 9 | Building on the significant work of Thomas Schockaert (and several other DevCentralites) I enhanced many aspects I needed for my own purposes, updated many things I noticed requested on the forums, and added additional documentation and clarification. As you may see in several of my comments on the original posts, I iterated through several 2.2.x versions and am now releasing v3.0.0. Below is the breakdown! 10 | 11 | Also, I have done quite a bit of testing (mostly on v13.1.0.1 lately) and I doubt I've caught everything, especially with all of the changes. Please post any questions or issues in the comments. 12 | 13 | Cheers! 14 | 15 | Daniel Tavernier (tabernarious) 16 | 17 | ## Related Posts 18 | * Git Repository for f5-automated-backup-iapp (Daniel Tavernier/tabernarious) 19 | * https://github.com/tabernarious/f5-automated-backup-iapp 20 | * F5 iApp Automated Backup (Daniel Tavernier/tabernarious) 21 | * https://devcentral.f5.com/s/articles/f5-iapp-automated-backup-1114 22 | * F5 Automated Backups - The Right Way (Thomas Schockaert) 23 | * https://devcentral.f5.com/s/articles/f5-automated-backups-the-right-way 24 | * Complete F5 Automated Backup Solution (Thomas Schockaert) 25 | * https://devcentral.f5.com/s/articles/complete-f5-automated-backup-solution 26 | * Complete F5 Automated Backup Solution #2 (MAG 114141) 27 | * https://devcentral.f5.com/s/articles/complete-f5-automated-backup-solution-2-957 28 | * Automated Backup Solution 29 | * https://devcentral.f5.com/questions/automated-backup-solution ) 30 | * Automated Backup Solution 31 | * https://devcentral.f5.com/s/feed/0D51T00006i7Y72SAE 32 | * Generate Config Backup 33 | * https://devcentral.f5.com/codeshare?sid=285 34 | 35 | ## Original v1.x.x and v2.x.x Features Kept (copied from an original post) 36 | * It allows you to choose between both UCS or SCF as backup-types. (whilst providing ample warnings about SCF not being a very good restore-option due to the incompleteness in some cases) 37 | * It allows you to provide a passphrase for the UCS archives (the standard GUI also does this, so the iApp should too) 38 | * It allows you to not include the private keys (same thing: standard GUI does it, so the iApp does it too) 39 | * It allows you to set a Backup Schedule for every X minutes/hours/days/weeks/months or a custom selection of days in the week 40 | * It allows you to set the exact time, minute of the hour, day of the week or day of the month when the backup should be performed (depending on the usefulness with regards to the schedule type) 41 | * It allows you to transfer the backup files to external devices using 4 different protocols, next to providing local storage on the device itself 42 | * SCP (username/private key without password) 43 | * SFTP (username/private key without password) 44 | * FTP (username/password) 45 | * SMB (now using TMOS v12.x.x compatible 'mount -t cifs', with username/password) 46 | * Local Storage (/var/local/ucs or /var/local/scf) 47 | * It stores all passwords and private keys in a secure fashion: encrypted by the master key of the unit (f5mku), rendering it safe to store the backups, including the credentials off-box 48 | * It has a configurable automatic pruning function for the Local Storage option, so the disk doesn't fill up (i.e. keep last X backup files) 49 | * It allows you to configure the filename using the date/time wildcards from the tcl [clock] command, as well as providing a variable to include the hostname 50 | * It requires only the WebGUI to establish the configuration you desire 51 | * It allows you to disable the processes for automated backup, without you having to remove the Application Service or losing any previously entered settings 52 | * For the external shellscripts it automatically generates, the credentials are stored in encrypted form (using the master key) 53 | * It allows you to no longer be required to make modifications on the linux command line to get your automated backups running after an RMA or restore operation 54 | * It cleans up after itself, which means there are no extraneous shellscripts or status files lingering around after the scripts execute 55 | 56 | ## New v3.0.0 Features 57 | * Supports multiple instances! (Deploy multiple copies of the iApp to save backups to different places or perhaps to keep daily backups locally and send weekly backups to a network drive.) 58 | * Fully ConfigSync compatible! (Encrypted values now in $script instead of local file.) 59 | * Long passwords supported! (Using "-A" with openssl which reads/writes base64 encoded strings as a single line.) 60 | * Added $script error checking for all remote backup types! (Using 'catch' to prevent tcl errors when $script aborts.) 61 | * Backup files are cleaned up after any $script errors due to new error checking. 62 | * Added logging! (Run logs sent to '/var/log/ltm' via logger command which is compatible with BIG-IP Remote Logging configuration (syslog). Run logs AND errors sent to '/var/tmp/scriptd.out'. Errors may include plain-text passwords which should not be in /var/log/ltm or syslog.) 63 | * Added custom cipher option for SCP! (In case BIG-IP and the destination server are not cipher-compatible out of the box.) 64 | * Added StrictHostKeyChecking=no option. (This is insecure and should only be used for testing--lots of warnings.) 65 | * Combined SCP and SFTP because they are both using SCP to perform the remote copy. (Easier to maintain!) 66 | 67 | # Known Issues, Request, and Other Notes 68 | * F5 TMOS 11.4.1 - 11.5.3 have not been tested (they may work). 69 | * Using a 4096 bit private key for SFTP/SCP results in error "Unable to decrypt text of length (4338) which exceeds the max of (4048)" which may be an iApp bug/limitation of fields designated as type "password". (github Issue #12) 70 | * Could add a second field to accept part of the key, then combine the values. 71 | * Could use something like this to pull the key from the F5 filestore (though this would result in the key being accessible via the GUI). This might even work with encrypted keys: grep "sys file ssl-key /Common/KEY-NAME.key" -A1 /config/bigip.conf |tail -1 |sed 's/ cache-path //' 72 | * Add automatic pruning for FTP and SFTP/SCP. 73 | * Use "dir -t" or "nlist -t" commands to pull file list... 74 | -------------------------------------------------------------------------------- /archive/f5.automated_backup.v3.0.0.tmpl.tcl: -------------------------------------------------------------------------------- 1 | #TMSH-VERSION: 13.1.0.1 2 | 3 | # iApp VERSIONS (From what I gathered perusing DevCentral) 4 | # ~v2.0 - 20140312 - Initially posted releases (v11.4.0-11.6.x? compatibility). (Developed/posted by Thomas Schockaert) 5 | # v2.1.1 - 20160916 - Retooled SMB upload from smbclient to "mount -t cifs" (v12.1+ compatibility). (Developed/posted by MAG) 6 | # v2.2.1 - 20171214 - Allowed multiple instances of iApp by leveraging $tmsh::app_name to create unique object names. (Developed by Daniel Tavernier/tabernarious) 7 | # v2.2.2 - 20171214 - Added "/" to "mount -t cifs" command and clarified/expanded help for SMB (CIFS) Destination Parameters. (Developed by Daniel Tavernier/tabernarious) 8 | # v2.2.3 - 20171214 - Set many fields to "required" and set reasonable default values to prevent loading/configuration errors. Expanded help regarding private keys. (Developed by Daniel Tavernier/tabernarious) 9 | # v2.2.4 - 20171214 - Added fix to force FTP to use binary upload. (Copied code posted by Roy van Dongen, posted by Daniel Tavernier/tabernarious) 10 | # v2.2.4a - 20171215 - Added items to FUTURE list. 11 | # v2.2.5 - 20171228 - Added notes about special characters in passwords. Added Deployment Information and ConfigSync sections. (Developed by Daniel Tavernier/tabernarious) 12 | # v2.2.5a - 20180117 - Added items to FUTURE list. 13 | # v2.2.5b4 - 20180118 - Moved encrypted values for SMB/CIFS to shell script which eliminates ConfigSync issues. Fixed long-password issue by using "-A" with openssl so that base64 encoded strings are written and read as a single line. (Developed by Daniel Tavernier/tabernarious) 14 | # v2.2.5b4+ - 20180118 - Refining changes to SMB/CIFS and replicating to other remote copy types. (Developed by Daniel Tavernier/tabernarious) 15 | # v3.0.0 - 20180124 - (Developed by Daniel Tavernier/tabernarious) 16 | # - Eliminated ConfigSync issues and removed ConfigSync notes section. (Encrypted values now in $script instead of local file.) 17 | # - Passwords now have no length limits. (Using "-A" with openssl which reads/writes base64 encoded strings as a single line.) 18 | # - Added $script error checking for all remote backup types. (Using 'catch' to prevent tcl errors when $script aborts.) 19 | # - Backup files are cleaned up after $script error due to new error checking. 20 | # - Added logging. (Run logs sent to '/var/log/ltm' via logger command which is compatible with BIG-IP Remote Logging configuration (syslog). Run logs AND errors sent to '/var/tmp/scriptd.out'. Errors may include plain-text passwords which should not be in /var/log/ltm or syslog.) 21 | # - Added custom cipher option for SCP. 22 | # - Added StrictHostKeyChecking=no option. 23 | # - Combined SCP and SFTP because they are both using SCP to perform the remote copy. 24 | 25 | # FUTURE 26 | # - Fix tcl warnings if possible. 27 | # - Escape special characters in password for SMB/CIFS (maybe others). 28 | 29 | #REFERENCES 30 | # F5 Automated Backups - The Right Way (https://devcentral.f5.com/articles/f5-automated-backups-the-right-way) 31 | # PASTEBIN f5.automated_backup_v2.0 (https://pastebin.com/YbDj3eMN) 32 | # Complete F5 Automated Backup Solution (https://devcentral.f5.com/codeshare/complete-f5-automated-backup-solution?lc=1) 33 | # Complete F5 Automated Backup Solution #2 (https://devcentral.f5.com/codeshare/complete-f5-automated-backup-solution-2-957) 34 | # Automated Backup Solution (https://devcentral.f5.com/questions/automated-backup-solution) 35 | # Generate Config Backup (https://devcentral.f5.com/codeshare?sid=285) 36 | # PASTEBIN f5.automated_backup_v2.2.5 (https://pastebin.com/TENAivwW) 37 | 38 | cli admin-partitions { 39 | update-partition Common 40 | } 41 | sys application template /Common/f5.automated_backup.v3.0.0 { 42 | actions { 43 | definition { 44 | html-help { 45 | } 46 | implementation { 47 | package require iapp 1.0.0 48 | iapp::template start 49 | 50 | tmsh::cd .. 51 | 52 | ## Backup type handler 53 | set backup_type $::backup_type__backup_type_select 54 | set create_backup_command_append_pass "" 55 | set create_backup_command_append_keys "" 56 | if { $backup_type eq "UCS (User Configuration Set)" } { 57 | set create_backup_command "tmsh::save /sys ucs" 58 | set backup_directory /var/local/ucs 59 | # Backup passphrase usage 60 | if { $::backup_type__backup_passphrase_select eq "Yes" } { 61 | set backup_passphrase $::backup_type__backup_passphrase 62 | set create_backup_command_append_pass "passphrase $backup_passphrase" 63 | } 64 | # Backup private key inclusion 65 | if { $::backup_type__backup_includeprivatekeys eq "No" } { 66 | set create_backup_command_append_keys "no-private-key" 67 | } 68 | set backup_file_name "" 69 | set backup_file_name_extension "" 70 | set backup_file_script_extension ".ucs" 71 | set scfextensionfix "" 72 | } 73 | elseif { $backup_type eq "SCF (Single Configuration File)" } { 74 | set create_backup_command "tmsh::save /sys config file" 75 | set backup_directory /var/local/scf 76 | set backup_file_name_extension ".scf" 77 | set backup_file_script_extension "" 78 | } 79 | 80 | if { $::destination_parameters__protocol_enable eq "Remotely via SCP/SFTP" } { 81 | # Get the F5 Master key 82 | set f5masterkey [exec f5mku -K] 83 | # Store the target server information securely, encrypted with the unit key 84 | set encryptedusername [exec echo "$::destination_parameters__scp_remote_username" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 85 | set encryptedserver [exec echo "$::destination_parameters__scp_remote_server" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 86 | set encrypteddirectory [exec echo "$::destination_parameters__scp_remote_directory" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 87 | # Clean the private key data before cleanup 88 | set cleaned_privatekey [exec echo "$::destination_parameters__scp_sshprivatekey" | sed -e "s/BEGIN RSA PRIVATE KEY/BEGIN;RSA;PRIVATE;KEY/g" -e "s/END RSA PRIVATE KEY/END;RSA;PRIVATE;KEY/g" -e "s/ /\\\n/g" -e "s/;/ /g"] 89 | # Encrypt the private key data before dumping to a file 90 | set encrypted_privatekey [exec echo "$cleaned_privatekey" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 91 | # Set optional cipher for SCP (e.g. aes256-gcm@openssh.com) 92 | if { "$::destination_parameters__scp_cipher" equals "" } { 93 | set scp_cipher "" 94 | } else { 95 | set scp_cipher "-c $::destination_parameters__scp_cipher" 96 | } 97 | # Set optional "StrictHostKeyChecking=no" 98 | if { "$::destination_parameters__scp_stricthostkeychecking" equals "Yes" } { 99 | set scp_stricthostkeychecking "-o StrictHostKeyChecking=yes" 100 | } else { 101 | set scp_stricthostkeychecking "-o StrictHostKeyChecking=no" 102 | } 103 | # Create the iCall action 104 | set script { 105 | exec echo "f5.automated_backup iApp TMSHAPPNAME: STARTED" >> /var/tmp/scriptd.out 106 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: STARTED" 107 | # Get the hostname of the device we're running on 108 | set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname] 109 | # Get the current date and time in a specific format 110 | set cdate [clock format [clock seconds] -format "FORMAT"] 111 | # Form the filename for the backup 112 | set fname "${cdate}BACKUPFILENAMEXTENSION" 113 | # Run the 'create backup' command 114 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname GENERATING" >> /var/tmp/scriptd.out 115 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname GENERATING" 116 | BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS 117 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname SAVED LOCALLY" >> /var/tmp/scriptd.out 118 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname SAVED LOCALLY" 119 | # Set the script filename 120 | set scriptfile "/var/tmp/f5.automated_backup__TMSHAPPNAME_scp.sh" 121 | # Clean, recreate, and run a custom bash script that will perform the SCP upload 122 | exec rm -f $scriptfile 123 | exec echo "yes" 124 | exec echo -e "scp_function()\n{\n\tf5masterkey=\$(f5mku -K)\n\tusername=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\n\tserver=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\n\tdirectory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\n\techo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_scp.key\n\n\tchmod 600 /var/tmp/TMSHAPPNAME_scp.key\n\tscp -i /var/tmp/TMSHAPPNAME_scp.key SCPCIPHER SCPSTRICTHOSTKEYCHECKING BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION \${username}@\${server}:\${directory} 2>> /var/tmp/scriptd.out\n\tscp_result=\$?\n\trm -f /var/tmp/TMSHAPPNAME_scp.key\n\treturn \$scp_result\n}\n\nscp_function" > $scriptfile 125 | exec chmod +x $scriptfile 126 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SCP) STARTING" >> /var/tmp/scriptd.out 127 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SCP) STARTING" 128 | if { [catch {exec $scriptfile}] } { 129 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SCP) FAILED (check for errors above)" >> /var/tmp/scriptd.out 130 | exec logger -p local0.crit "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SCP) FAILED (see /var/tmp/scriptd.out for errors)" 131 | } else { 132 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SCP) SUCCEEDED" >> /var/tmp/scriptd.out 133 | exec logger -p local0.notice "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SCP) SUCCEEDED" 134 | } 135 | # Clean up local files 136 | exec rm -f $scriptfile 137 | exec rm -f /var/tmp/TMSHAPPNAME_scp.key 138 | exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION 139 | exec echo "f5.automated_backup iApp TMSHAPPNAME: FINISHED" >> /var/tmp/scriptd.out 140 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: FINISHED" 141 | } 142 | set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script] 143 | set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys TMSHAPPNAME $tmsh::app_name ENCRYPTEDUSERNAME $encryptedusername ENCRYPTEDSERVER $encryptedserver ENCRYPTEDDIRECTORY $encrypteddirectory ENCRYPTEDPRIVATEKEY $encrypted_privatekey SCPCIPHER $scp_cipher SCPSTRICTHOSTKEYCHECKING $scp_stricthostkeychecking] $script] 144 | } 145 | elseif { $::destination_parameters__protocol_enable eq "Remotely via SFTP--DEPRECATED)" } { 146 | # SFTP was originally implemented EXACTLY THE SAME as SCP. While refining the SCP implementation and adding detailed notes and documentation it no longer made sense to maintain these in parallel. 147 | # Set the config file 148 | set configfile "/config/f5.automated_backup__${tmsh::app_name}_sftp.conf" 149 | # Clean the configuration file for this protocol_enable 150 | exec rm -f $configfile 151 | # Get the F5 Master key 152 | set f5masterkey [exec f5mku -K] 153 | # Store the target server information securely, encrypted with the unit key 154 | exec echo "$::destination_parameters__sftp_remote_username" | openssl aes-256-ecb -salt -a -k ${f5masterkey} > $configfile 155 | exec echo "$::destination_parameters__sftp_remote_server" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile 156 | exec echo "$::destination_parameters__sftp_remote_directory" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile 157 | # Clean the private key data before cleanup 158 | set cleaned_privatekey [exec echo "$::destination_parameters__sftp_sshprivatekey" | sed -e "s/BEGIN RSA PRIVATE KEY/BEGIN;RSA;PRIVATE;KEY/g" -e "s/END RSA PRIVATE KEY/END;RSA;PRIVATE;KEY/g" -e "s/ /\\\n/g" -e "s/;/ /g"] 159 | # Encrypt the private key data before dumping to a file 160 | set encrypted_privatekey [exec echo "$cleaned_privatekey" | openssl aes-256-ecb -salt -a -k ${f5masterkey}] 161 | # Store the target server information securely, encrypted with the unit key 162 | exec echo "$encrypted_privatekey" >> $configfile 163 | # Create the iCall action 164 | set script { 165 | exec echo "f5.automated_backup iApp TMSHAPPNAME: STARTED" >> /var/tmp/scriptd.out 166 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: STARTED" 167 | # Get the hostname of the device we're running on 168 | set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname] 169 | # Get the current date and time in a specific format 170 | set cdate [clock format [clock seconds] -format "FORMAT"] 171 | # Form the filename for the backup 172 | set fname "${cdate}BACKUPFILENAMEXTENSION" 173 | # Run the 'create backup' command 174 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname GENERATING" >> /var/tmp/scriptd.out 175 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname GENERATING" 176 | BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS 177 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname SAVED LOCALLY" >> /var/tmp/scriptd.out 178 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname SAVED LOCALLY" 179 | # Set the config file 180 | set configfile "/config/f5.automated_backup__TMSHAPPNAME_sftp.conf" 181 | # Set the script filename 182 | set scriptfile "/var/tmp/f5.automated_backup__TMSHAPPNAME_sftp.sh" 183 | # Clean, recreate, run and reclean a custom bash script that will perform the SCP upload 184 | exec rm -f $scriptfile 185 | exec echo "yes" 186 | exec echo -e "put()\n{\n\tfields=\"username server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tsed -n '4,\$p' $configfile | openssl aes-256-ecb -salt -a -d -k \$f5masterkey > /var/tmp/scp.key\n\tchmod 600 /var/tmp/scp.key\n\tscp -i /var/tmp/scp.key BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION \${username}@\${server}:\${directory}\n\trm -f /var/tmp/scp.key\n\treturn \$?\n}\n\nput" > $scriptfile 187 | exec chmod +x $scriptfile 188 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SFTP) STARTING" >> /var/tmp/scriptd.out 189 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SFTP) STARTING" 190 | exec $scriptfile 191 | exec rm -f $scriptfile 192 | # Remove the backup file from the F5 193 | exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION 194 | exec echo "f5.automated_backup iApp TMSHAPPNAME: FINISHED" >> /var/tmp/scriptd.out 195 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: FINISHED" 196 | } 197 | set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script] 198 | set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys TMSHAPPNAME $tmsh::app_name] $script] 199 | } 200 | elseif { $::destination_parameters__protocol_enable eq "Remotely via FTP" } { 201 | # Get the F5 Master key 202 | set f5masterkey [exec f5mku -K] 203 | # Store the target server information securely, encrypted with the unit key 204 | set encryptedusername [exec echo "$::destination_parameters__ftp_remote_username" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 205 | set encryptedpassword [exec echo "$::destination_parameters__ftp_remote_password" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 206 | set encryptedserver [exec echo "$::destination_parameters__ftp_remote_server" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 207 | set encrypteddirectory [exec echo "$::destination_parameters__ftp_remote_directory" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 208 | # Create the iCall action 209 | set script { 210 | exec echo "f5.automated_backup iApp TMSHAPPNAME: STARTED" >> /var/tmp/scriptd.out 211 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: STARTED" 212 | # Get the hostname of the device we're running on 213 | set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname] 214 | # Get the current date and time in a specific format 215 | set cdate [clock format [clock seconds] -format "FORMAT"] 216 | # Form the filename for the backup 217 | set fname "${cdate}BACKUPFILENAMEXTENSION" 218 | # Run the 'create backup' command 219 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname GENERATING" >> /var/tmp/scriptd.out 220 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname GENERATING" 221 | BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS 222 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname SAVED LOCALLY" >> /var/tmp/scriptd.out 223 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname SAVED LOCALLY" 224 | # Set the config file 225 | set configfile "/config/f5.automated_backup__TMSHAPPNAME_ftp.conf" 226 | # Set the script filename 227 | set scriptfile "/var/tmp/f5.automated_backup__TMSHAPPNAME_ftp.sh" 228 | # Clean, recreate, run and reclean a custom bash script that will perform the FTP upload 229 | exec rm -f $scriptfile 230 | # Updated command v2.2.4 to force binary transfer. 231 | exec echo -e "ftp_function()\n{\n\tf5masterkey=\$(f5mku -K)\n\tusername=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\n\tpassword=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\n\tserver=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\n\tdirectory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\n\n\tftp_return=\$(ftp -n \${server} << END_FTP\nquote USER \${username}\nquote PASS \${password}\nbinary\nput BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION \${directory}/${fname}BACKUPFILESCRIPTEXTENSION\nquit\nEND_FTP\n)\n\tif \[ \"\$ftp_return\" == \"\" \]\n\tthen\n\t\treturn 0\n\telse\n\t\techo \"\$ftp_return\" >> /var/tmp/scriptd.out\n\t\treturn 1\n\tfi\n}\n\nftp_function" > $scriptfile 232 | # Original command which allowed ascii transfer. 233 | #exec echo -e "put()\n{\n\tfields=\"username password server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tftp -n \${server} << END_FTP\nquote USER \${username}\nquote PASS \${password}\nput BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION \${directory}/${fname}BACKUPFILESCRIPTEXTENSION\nquit\nEND_FTP\n\treturn \$?\n}\n\nput" > $scriptfile 234 | exec chmod +x $scriptfile 235 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (FTP) STARTING" >> /var/tmp/scriptd.out 236 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (FTP) STARTING" 237 | if { [catch {exec $scriptfile}] } { 238 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (FTP) FAILED (check for errors above)" >> /var/tmp/scriptd.out 239 | exec logger -p local0.crit "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (FTP) FAILED (see /var/tmp/scriptd.out for errors)" 240 | } else { 241 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (FTP) SUCCEEDED" >> /var/tmp/scriptd.out 242 | exec logger -p local0.notice "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (FTP) SUCCEEDED" 243 | } 244 | # Clean up local files 245 | exec rm -f $scriptfile 246 | exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION 247 | exec echo "f5.automated_backup iApp TMSHAPPNAME: FINISHED" >> /var/tmp/scriptd.out 248 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: FINISHED" 249 | } 250 | set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script] 251 | set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys TMSHAPPNAME $tmsh::app_name ENCRYPTEDUSERNAME $encryptedusername ENCRYPTEDPASSWORD $encryptedpassword ENCRYPTEDSERVER $encryptedserver ENCRYPTEDDIRECTORY $encrypteddirectory] $script] 252 | } 253 | elseif { $::destination_parameters__protocol_enable eq "Remotely via SMB/CIFS" } { 254 | # Get the F5 Master key 255 | set f5masterkey [exec f5mku -K] 256 | # Store the target server information securely, encrypted with the unit key 257 | set encryptedusername [exec echo "$::destination_parameters__smb_remote_username" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 258 | set encryptedpassword [exec echo "$::destination_parameters__smb_remote_password" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 259 | set encryptedmsdomain [exec echo "$::destination_parameters__smb_remote_domain" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 260 | set encryptedserver [exec echo "$::destination_parameters__smb_remote_server" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 261 | set encryptedmsshare [exec echo "$::destination_parameters__smb_remote_path" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 262 | set encryptedmssubdir [exec echo "$::destination_parameters__smb_remote_directory" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 263 | set encryptedmountp [exec echo "$::destination_parameters__smb_local_mountdir" | openssl aes-256-ecb -salt -a -A -k ${f5masterkey}] 264 | # Create the iCall action 265 | set script { 266 | exec echo "f5.automated_backup iApp TMSHAPPNAME: STARTED" >> /var/tmp/scriptd.out 267 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: STARTED" 268 | # Get the hostname of the device we're running on 269 | set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname] 270 | # Get the current date and time in a specific format 271 | set cdate [clock format [clock seconds] -format "FORMAT"] 272 | # Form the filename for the backup 273 | set fname "${cdate}BACKUPFILENAMEXTENSION" 274 | # Run the 'create backup' command 275 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname GENERATING" >> /var/tmp/scriptd.out 276 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname GENERATING" 277 | BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS 278 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname SAVED LOCALLY" >> /var/tmp/scriptd.out 279 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname SAVED LOCALLY" 280 | # Set the script filename 281 | set scriptfile "/var/tmp/f5.automated_backup__TMSHAPPNAME_smb.sh" 282 | # Clean, recreate, run and reclean a custom bash script that will perform the SMB upload 283 | exec rm -f $scriptfile 284 | exec echo -e "\#\!/bin/sh\nf5masterkey=\$(f5mku -K)\nusername=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\npassword=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\nmsdomain=\$(echo \"ENCRYPTEDMSDOMAIN\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\nserver=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\nmsshare=\$(echo \"ENCRYPTEDMSSHARE\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\nmssubdir=\$(echo \"ENCRYPTEDMSSUBDIR\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\nmountp=\$(echo \"ENCRYPTEDMOUNTP\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey})\ncd /var/local/ucs\nif \[ \! -d \${mountp} \]\nthen\n\tmkdir -p \${mountp}\n\tif \[ \$? -ne 0 \]\n\tthen\n\t\trm -f $fnameBACKUPFILESCRIPTEXTENSION\n\t\texit 1\n\tfi\nfi\nmount -t cifs //\${server}/\${msshare} \${mountp} -o user=\${username}%\${password},domain=\${msdomain} 2>> /var/tmp/scriptd.out\nif \[ \$? -ne 0 \]\n\tthen\n\trm -f $fnameBACKUPFILESCRIPTEXTENSION\n\texit 1\nfi\nfONSMB=\$(ls -t \${mountp}\${mssubdir}/\*.ucs 2>/dev/null| head -n 1 2>/dev/null)\nif \[ \"X\"\${fONSMB} \!= \"X\" \]\n\tthen\n\tsum1=\$(md5sum $fnameBACKUPFILESCRIPTEXTENSION | awk '{print \$1}')\n\tsum2=\$(md5sum \${fONSMB} | awk \'{print \$1}\')\n\tif \[ \${sum1} == \${sum2} \]\n\tthen\n\t\techo \"ERROR: File $fnameBACKUPFILESCRIPTEXTENSION already exists in //\${server}/\${msshare}/\${mssubdir}\" >> /var/tmp/scriptd.out\n\t\tumount \${mountp}\n\t\trm -f $fnameBACKUPFILESCRIPTEXTENSION\n\t\texit 1\n\tfi\nfi\ncp $fnameBACKUPFILESCRIPTEXTENSION \${mountp}\${mssubdir}\nrm -f $fnameBACKUPFILESCRIPTEXTENSION\numount \${mountp}\n\nexit 0\n\n" > $scriptfile 285 | exec chmod +x $scriptfile 286 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname STARTING REMOTE COPY (SMB/CIFS)" >> /var/tmp/scriptd.out 287 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SMB/CIFS) STARTING" 288 | if { [catch {exec $scriptfile}] } { 289 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SMB/CIFS) FAILED (check for errors above)" >> /var/tmp/scriptd.out 290 | exec logger -p local0.crit "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SMB/CIFS) FAILED (see /var/tmp/scriptd.out for errors)" 291 | } else { 292 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SMB/CIFS) SUCCEEDED" >> /var/tmp/scriptd.out 293 | exec logger -p local0.notice "f5.automated_backup iApp TMSHAPPNAME: $fname REMOTE COPY (SMB/CIFS) SUCCEEDED" 294 | } 295 | # Clean up local files 296 | exec rm -f $scriptfile 297 | exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION 298 | exec echo "f5.automated_backup iApp TMSHAPPNAME: FINISHED" >> /var/tmp/scriptd.out 299 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: FINISHED" 300 | } 301 | # Swap hostname/date format into archive filename based on iApp field 302 | set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script] 303 | # Swap many variables into $script; due to the curly braces used to initially set $script, any referenced variables will *not* be expanded simply by deploying the iApp. 304 | set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys TMSHAPPNAME $tmsh::app_name ENCRYPTEDUSERNAME $encryptedusername ENCRYPTEDPASSWORD $encryptedpassword ENCRYPTEDMSDOMAIN $encryptedmsdomain ENCRYPTEDSERVER $encryptedserver ENCRYPTEDMSSHARE $encryptedmsshare ENCRYPTEDMSSUBDIR $encryptedmssubdir ENCRYPTEDMOUNTP $encryptedmountp] $script] 305 | } 306 | else { 307 | set script { 308 | exec echo "f5.automated_backup iApp TMSHAPPNAME: STARTED" >> /var/tmp/scriptd.out 309 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: STARTED" 310 | # Get the hostname of the device we're running on 311 | set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname] 312 | # Get the current date and time in a specific format 313 | set cdate [clock format [clock seconds] -format "FORMAT"] 314 | # Form the filename for the backup 315 | set fname "${cdate}BACKUPFILENAMEXTENSION" 316 | # Run the 'create backup' command 317 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname GENERATING" >> /var/tmp/scriptd.out 318 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname GENERATING" 319 | BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS 320 | exec echo "f5.automated_backup iApp TMSHAPPNAME: $fname SAVED LOCALLY" >> /var/tmp/scriptd.out 321 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: $fname SAVED LOCALLY" 322 | exec echo "f5.automated_backup iApp TMSHAPPNAME: FINISHED" >> /var/tmp/scriptd.out 323 | exec logger -p local0.info "f5.automated_backup iApp TMSHAPPNAME: FINISHED" 324 | } 325 | set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script] 326 | set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys TMSHAPPNAME $tmsh::app_name] $script] 327 | } 328 | 329 | iapp::conf create sys icall script f5.automated_backup__${tmsh::app_name} definition \{ $script \} app-service none 330 | 331 | ## Get time info for setting first-occurrence on daily handler from iApp input 332 | set freq $::backup_schedule__frequency_select 333 | 334 | #Create the handlers 335 | if { $freq eq "Disable" } { 336 | 337 | } 338 | elseif { $freq eq "Every X Minutes" } { 339 | set everyxminutes $::backup_schedule__everyxminutes_value 340 | set interval [expr $everyxminutes*60] 341 | set cdate [clock format [clock seconds] -format "%Y-%m-%d:%H:%M"] 342 | iapp::conf create sys icall handler periodic f5.automated_backup__${tmsh::app_name}-handler \{ \ 343 | interval $interval \ 344 | first-occurrence $cdate:00 \ 345 | script f5.automated_backup__${tmsh::app_name} \} 346 | } 347 | elseif { $freq eq "Every X Hours" } { 348 | set everyxhours $::backup_schedule__everyxhours_value 349 | set interval [expr $everyxhours*3600] 350 | set minutes $::backup_schedule__everyxhours_min_select 351 | set cdate [clock format [clock seconds] -format "%Y-%m-%d:%H"] 352 | iapp::conf create sys icall handler periodic f5.automated_backup__${tmsh::app_name}-handler \{ \ 353 | interval $interval \ 354 | first-occurrence $cdate:$minutes:00 \ 355 | script f5.automated_backup__${tmsh::app_name} \} 356 | } 357 | elseif { $freq eq "Every X Days" } { 358 | set everyxdays $::backup_schedule__everyxdays_value 359 | set interval [expr $everyxdays*86400] 360 | set hours [lindex [split $::backup_schedule__everyxdays_time ":"] 0] 361 | set minutes [lindex [split $::backup_schedule__everyxdays_time ":"] 1] 362 | set cdate [clock format [clock seconds] -format "%Y-%m-%d"] 363 | iapp::conf create sys icall handler periodic f5.automated_backup__${tmsh::app_name}-handler \{ \ 364 | interval $interval \ 365 | first-occurrence $cdate:$hours:$minutes:00 \ 366 | script f5.automated_backup__${tmsh::app_name} \} 367 | } 368 | elseif { $freq eq "Every X Weeks" } { 369 | set everyxweeks $::backup_schedule__everyxweeks_value 370 | set interval [expr $everyxweeks*604800] 371 | set hours [lindex [split $::backup_schedule__everyxweeks_time ":"] 0] 372 | set minutes [lindex [split $::backup_schedule__everyxweeks_time ":"] 1] 373 | ## Get day of week info for setting first-occurence on weekly handler from iApp input 374 | array set dowmap { 375 | Sunday 0 376 | Monday 1 377 | Tuesday 2 378 | Wednesday 3 379 | Thursday 4 380 | Friday 5 381 | Saturday 6 382 | } 383 | set sday_name $::backup_schedule__everyxweeks_dow_select 384 | set sday_num $dowmap($sday_name) 385 | set cday_name [clock format [clock seconds] -format "%A"] 386 | set cday_num $dowmap($cday_name) 387 | set date_offset [expr 86400*($sday_num - $cday_num)] 388 | set date_final [clock format [expr [clock seconds] + $date_offset] -format "%Y-%m-%d"] 389 | iapp::conf create sys icall handler periodic f5.automated_backup__${tmsh::app_name}-handler \{ \ 390 | interval $interval \ 391 | first-occurrence $date_final:$hours:$minutes:00 \ 392 | script f5.automated_backup__${tmsh::app_name} \} 393 | } 394 | elseif { $freq eq "Every X Months" } { 395 | set everyxmonths $::backup_schedule__everyxmonths_value 396 | set interval [expr 60*60*24*365] 397 | set dom $::backup_schedule__everyxmonths_dom_select 398 | set hours [lindex [split $::backup_schedule__everyxmonths_time ":"] 0] 399 | set minutes [lindex [split $::backup_schedule__everyxmonths_time ":"] 1] 400 | for { set month 1 } { $month < 13 } { set month [expr $month+$everyxmonths] } { 401 | set cdate [clock format [clock seconds] -format "%Y-$month-$dom"] 402 | iapp::conf create sys icall handler periodic f5.automated_backup__${tmsh::app_name}-month_${month}-handler \{ \ 403 | interval $interval \ 404 | first-occurrence $cdate:$hours:$minutes:00 \ 405 | script f5.automated_backup__${tmsh::app_name} \} 406 | } 407 | } 408 | elseif { $freq eq "Custom" } { 409 | set hours [lindex [split $::backup_schedule__custom_time ":"] 0] 410 | set minutes [lindex [split $::backup_schedule__custom_time ":"] 1] 411 | ## Get day of week info for setting first-occurence on weekly handler from iApp input 412 | array set dowmap { 413 | Sunday 0 414 | Monday 1 415 | Tuesday 2 416 | Wednesday 3 417 | Thursday 4 418 | Friday 5 419 | Saturday 6 420 | } 421 | foreach sday_name $::backup_schedule__custom_dow_select { 422 | set sday_num $dowmap($sday_name) 423 | set cday_name [clock format [clock seconds] -format "%A"] 424 | set cday_num $dowmap($cday_name) 425 | set date_offset [expr 86400*($sday_num - $cday_num)] 426 | set date_final [clock format [expr [clock seconds] + $date_offset] -format "%Y-%m-%d"] 427 | iapp::conf create sys icall handler periodic f5.automated_backup__${tmsh::app_name}-handler-$sday_name \{ \ 428 | interval 604800 \ 429 | first-occurrence $date_final:$hours:$minutes:00 \ 430 | script f5.automated_backup__${tmsh::app_name} \} 431 | } 432 | } 433 | 434 | ## Automatic Pruning handler 435 | if { $::destination_parameters__protocol_enable eq "On this F5" } { 436 | set autoprune $::destination_parameters__pruning_enable 437 | if { $autoprune eq "Yes" } { 438 | set prune_conserve $::destination_parameters__keep_amount 439 | set today [clock format [clock seconds] -format "%Y-%m-%d"] 440 | set script { 441 | # Get the hostname of the device we're running on 442 | set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname] 443 | # Set the script filename 444 | set scriptfile "/var/tmp/autopruning.sh" 445 | # Clean, recreate, run and reclean a custom bash script that will perform the pruning 446 | exec rm -f $scriptfile 447 | exec echo -e "files_tokeep=\$(ls -t /var/local/ucs/*.ucs | head -n CONSERVE\)\nfor current_ucs_file in `ls /var/local/ucs/*.ucs` ; do\n\tcurrent_ucs_file_basename=`basename \$current_ucs_file`\n\tcheck_file=\$(echo \$files_tokeep | grep -w \$current_ucs_file_basename)\n\tif \[ \"\$check_file\" == \"\" \] ; then\n\t\trm -f \$current_ucs_file\n\tfi\ndone" > $scriptfile 448 | exec chmod +x $scriptfile 449 | exec $scriptfile 450 | exec rm -f $scriptfile 451 | } 452 | set script [string map [list CONSERVE $prune_conserve] $script] 453 | iapp::conf create sys icall script f5.automated_backup__${tmsh::app_name}_pruning definition \{ $script \} app-service none 454 | set cdate [clock format [clock seconds] -format "%Y-%m-%d:%H:%M"] 455 | # Interval can be increased as needed if pruning every minute is problematic 456 | iapp::conf create sys icall handler periodic f5.automated_backup__${tmsh::app_name}_pruning-handler \{ \ 457 | interval 60 \ 458 | first-occurrence $cdate:00 \ 459 | script f5.automated_backup__${tmsh::app_name}_pruning \} 460 | } 461 | } 462 | iapp::template end 463 | } 464 | macro { 465 | } 466 | presentation { 467 | section deployment_info { 468 | message deployment_info_first_time "Deploying the iApp may not trigger an immediate backup." 469 | message deployment_info_updates "To force the iApp to run a backup it is easiest to set the Backup Schedule to 'Every X Days', 'X equals 1', with a time earlier than right now (e.g. 01:00). This will set the first-occurrence parameter for the iCall handler to today at 01:00 which will trigger immediately (assuming the BIG-IP thinks it is after 1am). Redeploying the iApp will not trigger immediate backups unless the iCall handler is recreated which only happens if a change is made to the Backup Schedule. Simply change the time to 01:01 and redeploy with new settings to force an immediate backup attempt. When testing is complete, set the Backup Schedule to the desired ongoing schedule." 470 | message deployment_info_logs "The general log for all iApps is '/var/tmp/scriptd.out'. This iApp adds run logs and errors to '/var/tmp/scriptd.out'. Additionally, this iApp sends run logs (not full error messages) to '/var/log/ltm' (compatible with BIG-IP Remote Logging configuration)." 471 | } 472 | section backup_type { 473 | choice backup_type_select display "xlarge" { "UCS (User Configuration Set)", "SCF (Single Configuration File)" } 474 | optional ( backup_type_select == "SCF (Single Configuration File)" ) { 475 | message backup_help_scf "WARNING: Beware of choosing SCF file as not all configuration is included therein. Please check out SOL13408 (http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13408.html) for more information." 476 | } 477 | optional ( backup_type_select == "UCS (User Configuration Set)" ) { 478 | choice backup_passphrase_select display "small" { "Yes", "No" } 479 | optional ( backup_passphrase_select == "Yes" ) { 480 | message backup_help_passphrase "WARNING: Losing the passphase will render the archives unusable. The encrypted UCS archive will be a PGP encoded file, *not* simply a tar.gz with a password on it." 481 | password backup_passphrase required display "large" 482 | } 483 | choice backup_includeprivatekeys display "small" { "Yes", "No" } 484 | optional ( backup_includeprivatekeys == "No" ) { 485 | message backup_help_privatekeys "WARNING: A UCS archive that does not contain the private keys CANNOT be used for restoring the device. It should be used for transfers to external services to whom you do not wish to disclose the private keys." 486 | } 487 | } 488 | } 489 | section backup_schedule { 490 | choice frequency_select display "large" { "Disable", "Every X Minutes", "Every X Hours", "Every X Days", "Every X Weeks", "Every X Months", "Custom" } 491 | optional ( frequency_select == "Every X Minutes" ) { 492 | editchoice everyxminutes_value default "30" display "small" { "1", "2", "5", "10", "15", "20", "30", "45", "60" } 493 | } 494 | optional ( frequency_select == "Every X Hours" ) { 495 | editchoice everyxhours_value default "1" display "small" { "1", "2", "3", "4", "6", "12", "24" } 496 | choice everyxhours_min_select display "small" tcl { 497 | for { set x 0 } { $x < 60 } { incr x } { 498 | append mins "$x\n" 499 | } 500 | return $mins 501 | } 502 | } 503 | optional ( frequency_select == "Every X Days" ) { 504 | editchoice everyxdays_value default "1" display "small" { "1", "2", "3", "4", "5", "7", "14" } 505 | string everyxdays_time required display "medium" 506 | } 507 | optional ( frequency_select == "Every X Weeks" ) { 508 | editchoice everyxweeks_value default "1" display "small" { "1", "2", "3", "4", "5", "7", "14" } 509 | choice everyxweeks_dow_select default "Sunday" display "medium" { "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday" } 510 | string everyxweeks_time required display "small" 511 | } 512 | optional ( frequency_select == "Every X Months" ) { 513 | editchoice everyxmonths_value default "1" display "small" { "1", "2", "3", "6", "12" } 514 | choice everyxmonths_dom_select display "small" tcl { 515 | for { set x 1 } { $x < 31 } { incr x } { 516 | append days "$x\n" 517 | } 518 | return $days 519 | } 520 | string everyxmonths_time required display "small" 521 | } 522 | optional ( frequency_select == "Custom" ) { 523 | multichoice custom_dow_select default {"Sunday"} display "medium" { "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday" } 524 | string custom_time required display "small" 525 | } 526 | } 527 | optional ( backup_schedule.frequency_select != "Disable" ) { 528 | section destination_parameters { 529 | choice protocol_enable display "xlarge" { "On this F5", "Remotely via SCP/SFTP", "Remotely via SMB/CIFS", "Remotely via FTP" } 530 | optional ( protocol_enable == "Remotely via SCP/SFTP") { 531 | message scp_sftp_help "A connection to an SSH server can be establish using both SCP and SFTP. SCP is more efficient for copying files to a remote network destination while, for interactive sessions, the SFTP protocol offers more features. This iApp uses SCP." 532 | string scp_remote_server required display "medium" validator "IpAddress" 533 | message scp_remote_server_help "IMPORTANT: Check '/root/.ssh/known_hosts' on each BIG-IP (including HA peers) to ensure the Destination IP above is listed. On each BIG-IP that does not list the Destination IP, connect directly to the Destination IP using the scp or ssh command. You will be asked to verify the 'RSA key fingerprint'. Entering 'yes' will store the fingerprint in '/root/.ssh/known_hosts' and allow subsequent connections without further verification. If IP from the CLI on all BIG-IPs (including HA peers) and verify/accept the fingerprint which should add an entry to the known_hosts file." 534 | choice scp_stricthostkeychecking default "Yes" display "large" { "Yes", "No (INSECURE)" } 535 | optional ( scp_stricthostkeychecking == "No (INSECURE)" ) { 536 | message scp_stricthostkeychecking_warning1 "WARNING: Selecting 'No (INSECURE)' will ignore certificate verification for connections this iApp makes to the server configured above. Backups could be copied to an unintended server, including one owned by a bad actor." 537 | } 538 | message scp_stricthostkeychecking_help1 "It is MOST SECURE to select Yes, which is the SCP/SSH default setting and which will not allow connections to unknown servers. A server is considered 'unknown' until an SSH key fingerprint has been verified, or if the destination SSL certificate changes and the fingerprint no longer matches." 539 | optional ( scp_stricthostkeychecking == "Yes" ) { 540 | message scp_stricthostkeychecking_help2 "Selecting 'No (INSECURE)' will ignore certificate verification for connections this iApp makes to the server configured above." 541 | message scp_stricthostkeychecking_trouble1 "TROUBLESHOOTING: If the SCP script fails with a 'Host key verification failed' or 'No RSA host key is known for' error (which can viewed in /var/tmp/scriptd.out after deploying this iApp), review the IMPORTANT steps (under Destination IP) above regarding the known_hosts file to resolve the issue. Also, review additional troubleshooting notes." 542 | message scp_stricthostkeychecking_trouble2 "TROUBLESHOOTING: If the SCP script fails with a 'WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!' error (which can viewed in /var/tmp/scriptd.out after deploying this iApp), the certificate on the destination server has changed. This could mean 1) The certificate was updated legitimately, or 2) There is an IP conflict and the script is connecting to the wrong server, or 3) the destination server was replaced or rebuilt and has a new certificate, or 4) a bad actor is intercepting the connection (man-in-the-middle) and the script is rightly warning you to not connect. Investigate the destination server before proceeding." 543 | } 544 | string scp_remote_username required display "medium" 545 | password scp_sshprivatekey required display "large" 546 | message scp_encrypted_field_storage_help "Private key must be non-encrypted and in 'OpenSSH' base64 format. As an example run 'ssh-keygen -t -b 2048 -o -a 100' from the CLI, step through the questions, and view the resulting private key (by default ssh-keygen will save the key to ~/.ssh/id_rsa)." 547 | message scp_encrypted_field_storage_help2 "Passwords and private keys are stored in an encrypted format. The salt for the encryption algorithm is the F5 cluster's Master Key. The master key is not shared when exporting a qkview or UCS, thus rendering your passwords and private keys safe if a backup file were to be stored off-box." 548 | editchoice scp_cipher display "xlarge" { "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "chacha20-poly1305@openssh.com" } 549 | message scp_cipher_help "Depending on the version of F5 TMOS and the ssh configuration of the destination server, there may be no matching ciphers resulting in a 'no matching cipher found' error (which can viewed in /var/tmp/scriptd.out after deploying this iApp or it can be tested/demonstrated by attempting an scp or ssh connection from this device to the destination server). Find the word 'server' in the error and note the ciphers listed; select one of these ciphers from the list above or paste in one not listed." 550 | string scp_remote_directory display "medium" 551 | } 552 | optional ( protocol_enable == "Remotely via SFTP--DEPRECATED") { 553 | string sftp_remote_server required display "medium" validator "IpAddress" 554 | string sftp_remote_username required display "medium" 555 | password sftp_sshprivatekey required display "large" 556 | message sftp_encrypted_field_storage_help "Private key must be in 'OpenSSH' base64 format. As an example run 'ssh-keygen -t -b 2048 -o -a 100' from the CLI, step through the questions, and view the resulting private key (default location is ~/.ssh/id_rsa after)." 557 | message sftp_encrypted_field_storage_help2 "Passwords and private keys are stored in an encrypted format. The salt for the encryption algorithm is the F5 cluster's Master Key. The master key is not shared when exporting a qkview or UCS, thus rendering your passwords and private keys safe if a backup file were to be stored off-box." 558 | string sftp_remote_directory display "medium" 559 | } 560 | optional ( protocol_enable == "Remotely via SMB/CIFS") { 561 | string smb_remote_server required display "medium" validator "IpAddress" 562 | message smb_remote_server_help "Ensure this Destination IP is reachable on port 139." 563 | string smb_remote_domain required display "medium" 564 | string smb_remote_username required display "medium" 565 | password smb_remote_password display "medium" 566 | message smb_remote_password_help "Special characters within passwords must be escaped (add a backslash before each special character as you input the password)." 567 | message smb_remote_password_help2 "Passwords and private keys are stored in an encrypted format. The salt for the encryption algorithm is the F5 cluster's Master Key. The master key is not shared when exporting a qkview or UCS, thus rendering your passwords and private keys safe if a backup file were to be stored off-box." 568 | string smb_remote_path required display "medium" 569 | message smb_remote_path_help "SMB share on a remote server. Do not include leading and trailing slashes. If the full share path is //SERVER/SHARE, enter SHARE in this field. If the full share path is //SERVER/PATH/SHARE, enter PATH/SHARE in this field." 570 | string smb_remote_directory display "medium" 571 | message smb_remote_directory_help "Relative path inside the SMB share to copy the file. Leave this field empty to store in root of SMB share. Include one leading slash and no trailing slashes. If the target directory is //SERVER/SHARE/PATH/DIRECTORY, enter /PATH/DIRECTORY in this field." 572 | string smb_local_mountdir required default "/var/tmp/cifs" display "medium" 573 | message smb_local_mountdir_help "Read-Write path on local F5 where SMB share will be mounted. Include one leading slash and no trailing slashes, for example /var/tmp/cifs" 574 | } 575 | optional ( protocol_enable == "Remotely via FTP") { 576 | string ftp_remote_server required display "medium" validator "IpAddress" 577 | string ftp_remote_username required display "medium" 578 | password ftp_remote_password display "medium" 579 | message ftp_encrypted_field_storage_help "Passwords and private keys are stored in an encrypted format. The salt for the encryption algorithm is the F5 cluster's Master Key. The master key is not shared when exporting a qkview or UCS, thus rendering your passwords and private keys safe if a backup file were to be stored off-box." 580 | string ftp_remote_directory display "medium" 581 | } 582 | editchoice filename_format display "xxlarge" tcl { 583 | set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname] 584 | set formats "" 585 | append formats {%Y%m%d%H%M%S_${host} => } 586 | append formats [clock format [clock seconds] -format "%Y%m%d%H%M%S_${host}"] 587 | append formats "\n" 588 | append formats {%Y%m%d_%H%M%S_${host} => } 589 | append formats [clock format [clock seconds] -format "%Y%m%d_%H%M%S_${host}"] 590 | append formats "\n" 591 | append formats {%Y%m%d_${host} => } 592 | append formats [clock format [clock seconds] -format "%Y%m%d_${host}"] 593 | append formats "\n" 594 | append formats {${host}_%Y%m%d%H%M%S => } 595 | append formats [clock format [clock seconds] -format "${host}_%Y%m%d%H%M%S"] 596 | append formats "\n" 597 | append formats {${host}_%Y%m%d_%H%M%S => } 598 | append formats [clock format [clock seconds] -format "${host}_%Y%m%d_%H%M%S"] 599 | append formats "\n" 600 | append formats {${host}_%Y%m%d => } 601 | append formats [clock format [clock seconds] -format "${host}_%Y%m%d"] 602 | append formats "\n" 603 | return $formats 604 | } 605 | message filename_format_help "You can select one, or create your own with all the [clock format] wildcards available in the tcl language, plus ${host} for the hostname. (http://www.tcl.tk/man/tcl8.6/TclCmd/clock.htm)" 606 | optional ( protocol_enable == "On this F5" ) { 607 | choice pruning_enable display "small" { "No", "Yes" } 608 | optional ( pruning_enable == "Yes" ) { 609 | editchoice keep_amount display "small" { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10" } 610 | message pruning_help "Warning: if you decide to manually create a backupfile in the default directory, the automatic pruning will clean it if it doesn't match the 'newest X files' in that directory." 611 | } 612 | } 613 | } 614 | } 615 | text { 616 | deployment_info "Deployment Information" 617 | deployment_info.deployment_info_first_time "First Time Deployment:" 618 | deployment_info.deployment_info_updates "Testing the iApp:" 619 | deployment_info.deployment_info_logs "Logging:" 620 | backup_type "Backup Type" 621 | backup_type.backup_type_select "Select the type of backup:" 622 | backup_type.backup_passphrase_select "Use a passphrase to encrypt the UCS archive:" 623 | backup_type.backup_passphrase "What is the passphrase you want to use?" 624 | backup_type.backup_includeprivatekeys "Include the private keys in the archives?" 625 | backup_type.backup_help_scf "" 626 | backup_type.backup_help_passphrase "" 627 | backup_type.backup_help_privatekeys "" 628 | backup_schedule "Backup Schedule" 629 | backup_schedule.frequency_select "Frequency:" 630 | backup_schedule.everyxminutes_value "Where X equals:" 631 | backup_schedule.everyxhours_value "Where X equals:" 632 | backup_schedule.everyxhours_min_select "At what minute of each X hours should the backup occur?" 633 | backup_schedule.everyxdays_value "Where X equals:" 634 | backup_schedule.everyxdays_time "At what time on each X days should the backup occur? (Ex.: 15:25)" 635 | backup_schedule.everyxweeks_value "Where X equals:" 636 | backup_schedule.everyxweeks_time "At what time on the chosen day of each X weeks should the backup occur? (e.g. 04:15, 21:30)" 637 | backup_schedule.everyxweeks_dow_select "On what day of each X weeks should the backup should occur:" 638 | backup_schedule.everyxmonths_value "Where X equals:" 639 | backup_schedule.everyxmonths_time "At what time on the chosen day of each X months should the backup occur? (e.g. 04:15, 21:30)" 640 | backup_schedule.everyxmonths_dom_select "On what day of each X months should the backup should occur:" 641 | backup_schedule.custom_time "At what time on each selected day should the backup occur? (e.g. 04:15, 21:30)" 642 | backup_schedule.custom_dow_select "Choose the days of the week the backup should occur:" 643 | destination_parameters "Destination Parameters" 644 | destination_parameters.protocol_enable "Where do the backup files need to be saved?" 645 | destination_parameters.scp_sftp_help "SCP or SFTP?" 646 | destination_parameters.scp_remote_server "Destination IP:" 647 | destination_parameters.scp_remote_server_help "" 648 | destination_parameters.scp_stricthostkeychecking "StrictHostKeyChecking" 649 | destination_parameters.scp_stricthostkeychecking_help1 "" 650 | destination_parameters.scp_stricthostkeychecking_help2 "" 651 | destination_parameters.scp_stricthostkeychecking_trouble1 "" 652 | destination_parameters.scp_stricthostkeychecking_trouble2 "" 653 | destination_parameters.scp_stricthostkeychecking_warning1 "" 654 | destination_parameters.scp_remote_username "Username:" 655 | destination_parameters.scp_sshprivatekey "Copy/Paste the SSH private key to be used for passwordless authentication:" 656 | destination_parameters.scp_encrypted_field_storage_help "" 657 | destination_parameters.scp_encrypted_field_storage_help2 "" 658 | destination_parameters.scp_remote_directory "Remote directory for archive upload:" 659 | destination_parameters.scp_cipher "Cipher" 660 | destination_parameters.scp_cipher_help "" 661 | destination_parameters.sftp_remote_server "Destination IP:" 662 | destination_parameters.sftp_remote_username "Username:" 663 | destination_parameters.sftp_sshprivatekey "Copy/Paste the non-encrypted SSH private key to be used for passwordless authentication:" 664 | destination_parameters.sftp_encrypted_field_storage_help "" 665 | destination_parameters.sftp_encrypted_field_storage_help2 "" 666 | destination_parameters.sftp_remote_directory "Remote directory for archive upload:" 667 | destination_parameters.smb_remote_server "Destination IP:" 668 | destination_parameters.smb_remote_server_help "" 669 | destination_parameters.smb_remote_username "Username:" 670 | destination_parameters.smb_remote_domain "Domain or Hostname:" 671 | destination_parameters.smb_remote_password "Password:" 672 | destination_parameters.smb_remote_password_help "" 673 | destination_parameters.smb_remote_password_help2 "" 674 | destination_parameters.smb_remote_path "SMB/CIFS share name:" 675 | destination_parameters.smb_remote_path_help "" 676 | destination_parameters.smb_remote_directory "Target path inside SMB Share:" 677 | destination_parameters.smb_remote_directory_help "" 678 | destination_parameters.smb_local_mountdir "Local mount point:" 679 | destination_parameters.smb_local_mountdir_help "" 680 | destination_parameters.ftp_remote_username "Username:" 681 | destination_parameters.ftp_remote_password "Password:" 682 | destination_parameters.ftp_encrypted_field_storage_help "" 683 | destination_parameters.ftp_remote_server "Destination IP:" 684 | destination_parameters.ftp_remote_directory "Set the remote directory the archive should be copied to:" 685 | destination_parameters.filename_format "Select the filename format:" 686 | destination_parameters.filename_format_help "" 687 | destination_parameters.pruning_enable "Activate automatic pruning?" 688 | destination_parameters.pruning_help "" 689 | destination_parameters.keep_amount "Amount of files to keep at any given time:" 690 | } 691 | } 692 | role-acl { admin manager resource-admin } 693 | run-as none 694 | } 695 | } 696 | description none 697 | ignore-verification false 698 | requires-bigip-version-max none 699 | requires-bigip-version-min 12.1.0 700 | requires-modules { ltm } 701 | signing-key none 702 | tmpl-checksum none 703 | tmpl-signature none 704 | } -------------------------------------------------------------------------------- /archive/f5.automated_backup.v3.1.10.scripts.sh: -------------------------------------------------------------------------------- 1 | ========== 2 | SCP/SFTP 3 | ========== 4 | 5 | scp_function() 6 | { 7 | f5masterkey=\$(f5mku -K) 8 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 9 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 10 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 11 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_scp.key 12 | 13 | chmod 600 /var/tmp/TMSHAPPNAME_scp.key 14 | scp -i /var/tmp/TMSHAPPNAME_scp.key SCPCIPHER SCPSTRICTHOSTKEYCHECKING BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${username}@\${server}:\${directory} 2>> /var/tmp/scriptd.out 15 | scp_result=\$? 16 | rm -f /var/tmp/TMSHAPPNAME_scp.key 17 | return \$scp_result 18 | } 19 | 20 | scp_function 21 | 22 | ========== 23 | FTP 24 | ========== 25 | 26 | ftp_function() 27 | { 28 | f5masterkey=\$(f5mku -K) 29 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 30 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 31 | # Escape every character for safe submission of special characters in the password 32 | password_escaped=\$(echo \${password} | sed \'s/./\\\\\\&/g\') 33 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 34 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 35 | 36 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] 37 | then 38 | ftp_return=\$(ftp -n \${server} << END_FTP 39 | quote USER \${username} 40 | quote PASS \${password_escaped} 41 | binary 42 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 43 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar 44 | quit 45 | END_FTP 46 | ) 47 | else 48 | ftp_return=\$(ftp -n \${server} << END_FTP 49 | quote USER \${username} 50 | quote PASS \${password_escaped} 51 | binary 52 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 53 | quit 54 | END_FTP 55 | ) 56 | fi 57 | 58 | if \[ \"\$ftp_return\" == \"\" \] 59 | then 60 | return 0 61 | else 62 | echo \"\$ftp_return\" >> /var/tmp/scriptd.out 63 | return 1 64 | fi 65 | } 66 | 67 | ftp_function 68 | 69 | ========== 70 | SMB/CIFS 71 | ========== 72 | 73 | # Must use tabs (not 4 spaces) 74 | # Search for tabs and replace with string "\t" 75 | # Search for newlines and replace with string "\n" 76 | # Copy into main script between 'exec echo -e "' and '" > $scriptfile' 77 | 78 | \#\!/bin/sh 79 | f5masterkey=\$(f5mku -K) 80 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 81 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 82 | msdomain=\$(echo \"ENCRYPTEDMSDOMAIN\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 83 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 84 | msshare=\$(echo \"ENCRYPTEDMSSHARE\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 85 | mssubdir=\$(echo \"ENCRYPTEDMSSUBDIR\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 86 | mountp=\$(echo \"ENCRYPTEDMOUNTP\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 87 | mountvers=\$(echo \"ENCRYPTEDMOUNTVERS\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 88 | mountsec=\$(echo \"ENCRYPTEDMOUNTSEC\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 89 | cd BACKUPDIRECTORY 90 | if \[ \! -d \${mountp} \] 91 | then 92 | mkdir -p \${mountp} 93 | if \[ \$? -ne 0 \] 94 | then 95 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 96 | exit 1 97 | fi 98 | fi 99 | \# The password must be surrounded by two single-quotes to successfully handle special characters. Still does not support comma, single-quote, and double-quote. 100 | mount -t cifs //\${server}/\${msshare}\${mssubdir} \${mountp} -o user=\${username}%\'\'\${password}\'\',domain=\${msdomain},vers=\${mountvers},sec=\${mountsec} 2>> /var/tmp/scriptd.out 101 | if \[ \$? -ne 0 \] 102 | then 103 | echo \"DEBUG: Failed to mount //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 104 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 105 | exit 1 106 | else 107 | echo \"DEBUG: Successfully mounted //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 108 | fi 109 | 110 | latestFileOnSMB=\$(ls -t \${mountp}/\*.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null| head -n 1 2>/dev/null) 111 | echo \"DEBUG: Latest BACKUPFILENAMEEXTENSION_NODOT file found on SMB mount: \$latestFileOnSMB\" >> /var/tmp/scriptd.out 112 | 113 | if \[ \"X\"\${latestFileOnSMB} \!= \"X\" \] 114 | then 115 | sum1=\$(md5sum ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT | awk '{print \$1}') 116 | sum2=\$(md5sum \${latestFileOnSMB} | awk \'{print \$1}\') 117 | if \[ \${sum1} == \${sum2} \] 118 | then 119 | echo \"ERROR: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT already exists in //\${server}/\${msshare}\${mssubdir}\" >> /var/tmp/scriptd.out 120 | umount \${mountp} 121 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 122 | exit 1 123 | else 124 | echo \"DEBUG: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT does not already exist in //\${server}/\${msshare}\${mssubdir} (continuing...)\" >> /var/tmp/scriptd.out 125 | fi 126 | else 127 | echo \"DEBUG: Destination SMB mount contains no BACKUPFILENAMEEXTENSION_NODOT files (continuing...)\" >> /var/tmp/scriptd.out 128 | fi 129 | cp ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${mountp} 130 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 131 | 132 | if \[ \"PRUNINGMODE\" \!= \"Disabled\" \]; then 133 | 134 | files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 135 | for current_archive_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 136 | current_archive_file_basename=`basename \$current_archive_file` 137 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 138 | if \[ \"\$check_file\" == \"\" \] ; then 139 | rm -f \$current_archive_file 140 | fi 141 | done 142 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 143 | tar_files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 144 | for current_archive_tar_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 145 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 146 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 147 | if \[ \"\$check_file\" == \"\" \] ; then 148 | rm -f \$current_archive_tar_file 149 | fi 150 | done 151 | fi 152 | fi 153 | 154 | umount \${mountp} 155 | 156 | echo \"DEBUG: Script completed without errors\" >> /var/tmp/scriptd.out 157 | exit 0 158 | 159 | ========== 160 | LOCAL PRUNING 161 | ========== 162 | 163 | files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 164 | for current_archive_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 165 | current_archive_file_basename=`basename \$current_archive_file` 166 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 167 | if \[ \"\$check_file\" == \"\" \] ; then 168 | rm -f \$current_archive_file 169 | fi 170 | done 171 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 172 | tar_files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 173 | for current_archive_tar_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 174 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 175 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 176 | if \[ \"\$check_file\" == \"\" \] ; then 177 | rm -f \$current_archive_tar_file 178 | fi 179 | done 180 | fi 181 | -------------------------------------------------------------------------------- /archive/f5.automated_backup.v3.1.11.scripts.sh: -------------------------------------------------------------------------------- 1 | ========== 2 | SCP/SFTP 3 | ========== 4 | 5 | scp_function() 6 | { 7 | f5masterkey=\$(f5mku -K) 8 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 9 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 10 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 11 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_scp.key 12 | 13 | chmod 600 /var/tmp/TMSHAPPNAME_scp.key 14 | scp -i /var/tmp/TMSHAPPNAME_scp.key SCPCIPHER SCPSTRICTHOSTKEYCHECKING BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${username}@\${server}:\${directory} 2>> /var/tmp/scriptd.out 15 | scp_result=\$? 16 | rm -f /var/tmp/TMSHAPPNAME_scp.key 17 | return \$scp_result 18 | } 19 | 20 | scp_function 21 | 22 | ========== 23 | FTP 24 | ========== 25 | 26 | ftp_function() 27 | { 28 | f5masterkey=\$(f5mku -K) 29 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 30 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 31 | # Escape every character for safe submission of special characters in the password 32 | password_escaped=\$(echo \${password} | sed \'s/./\\\\\\&/g\') 33 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 34 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 35 | 36 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] 37 | then 38 | ftp_return=\$(ftp -n \${server} << END_FTP 39 | quote USER \${username} 40 | quote PASS \${password_escaped} 41 | binary 42 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 43 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar 44 | quit 45 | END_FTP 46 | ) 47 | else 48 | ftp_return=\$(ftp -n \${server} << END_FTP 49 | quote USER \${username} 50 | quote PASS \${password_escaped} 51 | binary 52 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 53 | quit 54 | END_FTP 55 | ) 56 | fi 57 | 58 | if \[ \"\$ftp_return\" == \"\" \] 59 | then 60 | return 0 61 | else 62 | echo \"\$ftp_return\" >> /var/tmp/scriptd.out 63 | return 1 64 | fi 65 | } 66 | 67 | ftp_function 68 | 69 | ========== 70 | SMB/CIFS 71 | ========== 72 | 73 | # Must use tabs (not 4 spaces) 74 | # Search for tabs and replace with string "\t" 75 | # Search for newlines and replace with string "\n" 76 | # Copy into main script between 'exec echo -e "' and '" > $scriptfile' 77 | 78 | \#\!/bin/sh 79 | f5masterkey=\$(f5mku -K) 80 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 81 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 82 | msdomain=\$(echo \"ENCRYPTEDMSDOMAIN\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 83 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 84 | msshare=\$(echo \"ENCRYPTEDMSSHARE\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 85 | mssubdir=\$(echo \"ENCRYPTEDMSSUBDIR\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 86 | mountp=\$(echo \"ENCRYPTEDMOUNTP\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 87 | mountvers=\$(echo \"ENCRYPTEDMOUNTVERS\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 88 | mountsec=\$(echo \"ENCRYPTEDMOUNTSEC\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 89 | cd BACKUPDIRECTORY 90 | if \[ \! -d \${mountp} \] 91 | then 92 | mkdir -p \${mountp} 93 | if \[ \$? -ne 0 \] 94 | then 95 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 96 | exit 1 97 | fi 98 | fi 99 | \# The password must be surrounded by two single-quotes to successfully handle special characters. Still does not support comma, single-quote, and double-quote. 100 | mount -t cifs //\${server}/\${msshare}\${mssubdir} \${mountp} -o user=\${username}%\'\'\${password}\'\',domain=\${msdomain},vers=\${mountvers},sec=\${mountsec} 2>> /var/tmp/scriptd.out 101 | if \[ \$? -ne 0 \] 102 | then 103 | echo \"DEBUG: Failed to mount //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 104 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 105 | exit 1 106 | else 107 | echo \"DEBUG: Successfully mounted //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 108 | fi 109 | 110 | latestFileOnSMB=\$(ls -t \${mountp}/\*.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null| head -n 1 2>/dev/null) 111 | echo \"DEBUG: Latest BACKUPFILENAMEEXTENSION_NODOT file found on SMB mount: \$latestFileOnSMB\" >> /var/tmp/scriptd.out 112 | 113 | if \[ \"X\"\${latestFileOnSMB} \!= \"X\" \] 114 | then 115 | sum1=\$(md5sum ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT | awk '{print \$1}') 116 | sum2=\$(md5sum \${latestFileOnSMB} | awk \'{print \$1}\') 117 | if \[ \${sum1} == \${sum2} \] 118 | then 119 | echo \"ERROR: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT already exists in //\${server}/\${msshare}\${mssubdir}\" >> /var/tmp/scriptd.out 120 | umount \${mountp} 121 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 122 | exit 1 123 | else 124 | echo \"DEBUG: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT does not already exist in //\${server}/\${msshare}\${mssubdir} (continuing...)\" >> /var/tmp/scriptd.out 125 | fi 126 | else 127 | echo \"DEBUG: Destination SMB mount contains no BACKUPFILENAMEEXTENSION_NODOT files (continuing...)\" >> /var/tmp/scriptd.out 128 | fi 129 | cp ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${mountp} 130 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 131 | 132 | if \[ \"PRUNINGMODE\" \!= \"Disabled\" \]; then 133 | 134 | files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 135 | for current_archive_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 136 | current_archive_file_basename=`basename \$current_archive_file` 137 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 138 | if \[ \"\$check_file\" == \"\" \] ; then 139 | rm -f \$current_archive_file 140 | fi 141 | done 142 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 143 | tar_files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 144 | for current_archive_tar_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 145 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 146 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 147 | if \[ \"\$check_file\" == \"\" \] ; then 148 | rm -f \$current_archive_tar_file 149 | fi 150 | done 151 | fi 152 | fi 153 | 154 | umount \${mountp} 155 | 156 | echo \"DEBUG: Script completed without errors\" >> /var/tmp/scriptd.out 157 | exit 0 158 | 159 | ========== 160 | LOCAL PRUNING 161 | ========== 162 | 163 | files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 164 | for current_archive_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 165 | current_archive_file_basename=`basename \$current_archive_file` 166 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 167 | if \[ \"\$check_file\" == \"\" \] ; then 168 | rm -f \$current_archive_file 169 | fi 170 | done 171 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 172 | tar_files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 173 | for current_archive_tar_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 174 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 175 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 176 | if \[ \"\$check_file\" == \"\" \] ; then 177 | rm -f \$current_archive_tar_file 178 | fi 179 | done 180 | fi 181 | -------------------------------------------------------------------------------- /archive/f5.automated_backup.v3.1.6.scripts.sh: -------------------------------------------------------------------------------- 1 | ========== 2 | SCP/SFTP 3 | ========== 4 | 5 | scp_function() 6 | { 7 | f5masterkey=\$(f5mku -K) 8 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 9 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 10 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 11 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_scp.key 12 | 13 | chmod 600 /var/tmp/TMSHAPPNAME_scp.key 14 | scp -i /var/tmp/TMSHAPPNAME_scp.key SCPCIPHER SCPSTRICTHOSTKEYCHECKING BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${username}@\${server}:\${directory} 2>> /var/tmp/scriptd.out 15 | scp_result=\$? 16 | rm -f /var/tmp/TMSHAPPNAME_scp.key 17 | return \$scp_result 18 | } 19 | 20 | scp_function 21 | 22 | ========== 23 | FTP 24 | ========== 25 | 26 | ftp_function() 27 | { 28 | f5masterkey=\$(f5mku -K) 29 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 30 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 31 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 32 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 33 | 34 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] 35 | then 36 | ftp_return=\$(ftp -n \${server} << END_FTP 37 | quote USER \${username} 38 | quote PASS \${password} 39 | binary 40 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 41 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar 42 | quit 43 | END_FTP 44 | ) 45 | else 46 | ftp_return=\$(ftp -n \${server} << END_FTP 47 | quote USER \${username} 48 | quote PASS \${password} 49 | binary 50 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 51 | quit 52 | END_FTP 53 | ) 54 | fi 55 | 56 | if \[ \"\$ftp_return\" == \"\" \] 57 | then 58 | return 0 59 | else 60 | echo \"\$ftp_return\" >> /var/tmp/scriptd.out 61 | return 1 62 | fi 63 | } 64 | 65 | ftp_function 66 | 67 | ========== 68 | SMB/CIFS 69 | ========== 70 | 71 | \#\!/bin/sh 72 | f5masterkey=\$(f5mku -K) 73 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 74 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 75 | msdomain=\$(echo \"ENCRYPTEDMSDOMAIN\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 76 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 77 | msshare=\$(echo \"ENCRYPTEDMSSHARE\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 78 | mssubdir=\$(echo \"ENCRYPTEDMSSUBDIR\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 79 | mountp=\$(echo \"ENCRYPTEDMOUNTP\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 80 | cd BACKUPDIRECTORY 81 | if \[ \! -d \${mountp} \] 82 | then 83 | mkdir -p \${mountp} 84 | if \[ \$? -ne 0 \] 85 | then 86 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 87 | exit 1 88 | fi 89 | fi 90 | mount -t cifs //\${server}/\${msshare}\${mssubdir} \${mountp} -o user=\${username}%\${password},domain=\${msdomain} 2>> /var/tmp/scriptd.out 91 | if \[ \$? -ne 0 \] 92 | then 93 | echo \"DEBUG: Failed to mount //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 94 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 95 | exit 1 96 | else 97 | echo \"DEBUG: Successfully mounted //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 98 | fi 99 | 100 | latestFileOnSMB=\$(ls -t \${mountp}/\*.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null| head -n 1 2>/dev/null) 101 | echo \"DEBUG: Latest BACKUPFILENAMEEXTENSION_NODOT file found on SMB mount: \$latestFileOnSMB\" >> /var/tmp/scriptd.out 102 | 103 | if \[ \"X\"\${latestFileOnSMB} \!= \"X\" \] 104 | then 105 | sum1=\$(md5sum ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT | awk '{print \$1}') 106 | sum2=\$(md5sum \${latestFileOnSMB} | awk \'{print \$1}\') 107 | if \[ \${sum1} == \${sum2} \] 108 | then 109 | echo \"ERROR: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT already exists in //\${server}/\${msshare}\${mssubdir}\" >> /var/tmp/scriptd.out 110 | umount \${mountp} 111 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 112 | exit 1 113 | else 114 | echo \"DEBUG: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT does not already exist in //\${server}/\${msshare}\${mssubdir} (continuing...)\" >> /var/tmp/scriptd.out 115 | fi 116 | else 117 | echo \"DEBUG: Destination SMB mount contains no BACKUPFILENAMEEXTENSION_NODOT files (continuing...)\" >> /var/tmp/scriptd.out 118 | fi 119 | cp ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${mountp} 120 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 121 | 122 | if \[ \"PRUNINGMODE\" \!= \"Disabled\" \]; then 123 | 124 | files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 125 | for current_archive_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 126 | current_archive_file_basename=`basename \$current_archive_file` 127 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 128 | if \[ \"\$check_file\" == \"\" \] ; then 129 | rm -f \$current_archive_file 130 | fi 131 | done 132 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 133 | tar_files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 134 | for current_archive_tar_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 135 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 136 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 137 | if \[ \"\$check_file\" == \"\" \] ; then 138 | rm -f \$current_archive_tar_file 139 | fi 140 | done 141 | fi 142 | fi 143 | 144 | umount \${mountp} 145 | 146 | exit 0 147 | 148 | ========== 149 | LOCAL PRUNING 150 | ========== 151 | 152 | files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 153 | for current_archive_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 154 | current_archive_file_basename=`basename \$current_archive_file` 155 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 156 | if \[ \"\$check_file\" == \"\" \] ; then 157 | rm -f \$current_archive_file 158 | fi 159 | done 160 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 161 | tar_files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 162 | for current_archive_tar_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 163 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 164 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 165 | if \[ \"\$check_file\" == \"\" \] ; then 166 | rm -f \$current_archive_tar_file 167 | fi 168 | done 169 | fi 170 | -------------------------------------------------------------------------------- /archive/f5.automated_backup.v3.1.7.scripts.sh: -------------------------------------------------------------------------------- 1 | ========== 2 | SCP/SFTP 3 | ========== 4 | 5 | scp_function() 6 | { 7 | f5masterkey=\$(f5mku -K) 8 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 9 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 10 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 11 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_scp.key 12 | 13 | chmod 600 /var/tmp/TMSHAPPNAME_scp.key 14 | scp -i /var/tmp/TMSHAPPNAME_scp.key SCPCIPHER SCPSTRICTHOSTKEYCHECKING BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${username}@\${server}:\${directory} 2>> /var/tmp/scriptd.out 15 | scp_result=\$? 16 | rm -f /var/tmp/TMSHAPPNAME_scp.key 17 | return \$scp_result 18 | } 19 | 20 | scp_function 21 | 22 | ========== 23 | FTP 24 | ========== 25 | 26 | ftp_function() 27 | { 28 | f5masterkey=\$(f5mku -K) 29 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 30 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 31 | # Escape every character for safe submission of special characters in the password 32 | password_escaped=\$(echo \${password} | sed \'s/./\\\\\\&/g\') 33 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 34 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 35 | 36 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] 37 | then 38 | ftp_return=\$(ftp -n \${server} << END_FTP 39 | quote USER \${username} 40 | quote PASS \${password_escaped} 41 | binary 42 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 43 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar 44 | quit 45 | END_FTP 46 | ) 47 | else 48 | ftp_return=\$(ftp -n \${server} << END_FTP 49 | quote USER \${username} 50 | quote PASS \${password_escaped} 51 | binary 52 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 53 | quit 54 | END_FTP 55 | ) 56 | fi 57 | 58 | if \[ \"\$ftp_return\" == \"\" \] 59 | then 60 | return 0 61 | else 62 | echo \"\$ftp_return\" >> /var/tmp/scriptd.out 63 | return 1 64 | fi 65 | } 66 | 67 | ftp_function 68 | 69 | ========== 70 | SMB/CIFS 71 | ========== 72 | 73 | \#\!/bin/sh 74 | f5masterkey=\$(f5mku -K) 75 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 76 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 77 | msdomain=\$(echo \"ENCRYPTEDMSDOMAIN\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 78 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 79 | msshare=\$(echo \"ENCRYPTEDMSSHARE\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 80 | mssubdir=\$(echo \"ENCRYPTEDMSSUBDIR\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 81 | mountp=\$(echo \"ENCRYPTEDMOUNTP\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 82 | cd BACKUPDIRECTORY 83 | if \[ \! -d \${mountp} \] 84 | then 85 | mkdir -p \${mountp} 86 | if \[ \$? -ne 0 \] 87 | then 88 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 89 | exit 1 90 | fi 91 | fi 92 | # The password must be surrounded by two single-quotes (e.g. ''${password}'') to successfully handle special characters. Still does not support comma, single-quote, and double-quote. 93 | mount -t cifs //\${server}/\${msshare}\${mssubdir} \${mountp} -o user=\${username}%\'\'\${password}\'\',domain=\${msdomain} 2>> /var/tmp/scriptd.out 94 | if \[ \$? -ne 0 \] 95 | then 96 | echo \"DEBUG: Failed to mount //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 97 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 98 | exit 1 99 | else 100 | echo \"DEBUG: Successfully mounted //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 101 | fi 102 | 103 | latestFileOnSMB=\$(ls -t \${mountp}/\*.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null| head -n 1 2>/dev/null) 104 | echo \"DEBUG: Latest BACKUPFILENAMEEXTENSION_NODOT file found on SMB mount: \$latestFileOnSMB\" >> /var/tmp/scriptd.out 105 | 106 | if \[ \"X\"\${latestFileOnSMB} \!= \"X\" \] 107 | then 108 | sum1=\$(md5sum ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT | awk '{print \$1}') 109 | sum2=\$(md5sum \${latestFileOnSMB} | awk \'{print \$1}\') 110 | if \[ \${sum1} == \${sum2} \] 111 | then 112 | echo \"ERROR: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT already exists in //\${server}/\${msshare}\${mssubdir}\" >> /var/tmp/scriptd.out 113 | umount \${mountp} 114 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 115 | exit 1 116 | else 117 | echo \"DEBUG: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT does not already exist in //\${server}/\${msshare}\${mssubdir} (continuing...)\" >> /var/tmp/scriptd.out 118 | fi 119 | else 120 | echo \"DEBUG: Destination SMB mount contains no BACKUPFILENAMEEXTENSION_NODOT files (continuing...)\" >> /var/tmp/scriptd.out 121 | fi 122 | cp ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${mountp} 123 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 124 | 125 | if \[ \"PRUNINGMODE\" \!= \"Disabled\" \]; then 126 | 127 | files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 128 | for current_archive_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 129 | current_archive_file_basename=`basename \$current_archive_file` 130 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 131 | if \[ \"\$check_file\" == \"\" \] ; then 132 | rm -f \$current_archive_file 133 | fi 134 | done 135 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 136 | tar_files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 137 | for current_archive_tar_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 138 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 139 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 140 | if \[ \"\$check_file\" == \"\" \] ; then 141 | rm -f \$current_archive_tar_file 142 | fi 143 | done 144 | fi 145 | fi 146 | 147 | umount \${mountp} 148 | 149 | exit 0 150 | 151 | ========== 152 | LOCAL PRUNING 153 | ========== 154 | 155 | files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 156 | for current_archive_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 157 | current_archive_file_basename=`basename \$current_archive_file` 158 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 159 | if \[ \"\$check_file\" == \"\" \] ; then 160 | rm -f \$current_archive_file 161 | fi 162 | done 163 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 164 | tar_files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 165 | for current_archive_tar_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 166 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 167 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 168 | if \[ \"\$check_file\" == \"\" \] ; then 169 | rm -f \$current_archive_tar_file 170 | fi 171 | done 172 | fi 173 | -------------------------------------------------------------------------------- /archive/f5.automated_backup.v3.1.8.scripts.sh: -------------------------------------------------------------------------------- 1 | ========== 2 | SCP/SFTP 3 | ========== 4 | 5 | scp_function() 6 | { 7 | f5masterkey=\$(f5mku -K) 8 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 9 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 10 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 11 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_scp.key 12 | 13 | chmod 600 /var/tmp/TMSHAPPNAME_scp.key 14 | scp -i /var/tmp/TMSHAPPNAME_scp.key SCPCIPHER SCPSTRICTHOSTKEYCHECKING BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${username}@\${server}:\${directory} 2>> /var/tmp/scriptd.out 15 | scp_result=\$? 16 | rm -f /var/tmp/TMSHAPPNAME_scp.key 17 | return \$scp_result 18 | } 19 | 20 | scp_function 21 | 22 | ========== 23 | FTP 24 | ========== 25 | 26 | ftp_function() 27 | { 28 | f5masterkey=\$(f5mku -K) 29 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 30 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 31 | # Escape every character for safe submission of special characters in the password 32 | password_escaped=\$(echo \${password} | sed \'s/./\\\\\\&/g\') 33 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 34 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 35 | 36 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] 37 | then 38 | ftp_return=\$(ftp -n \${server} << END_FTP 39 | quote USER \${username} 40 | quote PASS \${password_escaped} 41 | binary 42 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 43 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar 44 | quit 45 | END_FTP 46 | ) 47 | else 48 | ftp_return=\$(ftp -n \${server} << END_FTP 49 | quote USER \${username} 50 | quote PASS \${password_escaped} 51 | binary 52 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 53 | quit 54 | END_FTP 55 | ) 56 | fi 57 | 58 | if \[ \"\$ftp_return\" == \"\" \] 59 | then 60 | return 0 61 | else 62 | echo \"\$ftp_return\" >> /var/tmp/scriptd.out 63 | return 1 64 | fi 65 | } 66 | 67 | ftp_function 68 | 69 | ========== 70 | SMB/CIFS 71 | ========== 72 | 73 | \#\!/bin/sh 74 | f5masterkey=\$(f5mku -K) 75 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 76 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 77 | msdomain=\$(echo \"ENCRYPTEDMSDOMAIN\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 78 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 79 | msshare=\$(echo \"ENCRYPTEDMSSHARE\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 80 | mssubdir=\$(echo \"ENCRYPTEDMSSUBDIR\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 81 | mountp=\$(echo \"ENCRYPTEDMOUNTP\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 82 | cd BACKUPDIRECTORY 83 | if \[ \! -d \${mountp} \] 84 | then 85 | mkdir -p \${mountp} 86 | if \[ \$? -ne 0 \] 87 | then 88 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 89 | exit 1 90 | fi 91 | fi 92 | # The password must be surrounded by two single-quotes (e.g. ''${password}'') to successfully handle special characters. Still does not support comma, single-quote, and double-quote. 93 | mount -t cifs //\${server}/\${msshare}\${mssubdir} \${mountp} -o user=\${username}%\'\'\${password}\'\',domain=\${msdomain} 2>> /var/tmp/scriptd.out 94 | if \[ \$? -ne 0 \] 95 | then 96 | echo \"DEBUG: Failed to mount //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 97 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 98 | exit 1 99 | else 100 | echo \"DEBUG: Successfully mounted //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 101 | fi 102 | 103 | latestFileOnSMB=\$(ls -t \${mountp}/\*.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null| head -n 1 2>/dev/null) 104 | echo \"DEBUG: Latest BACKUPFILENAMEEXTENSION_NODOT file found on SMB mount: \$latestFileOnSMB\" >> /var/tmp/scriptd.out 105 | 106 | if \[ \"X\"\${latestFileOnSMB} \!= \"X\" \] 107 | then 108 | sum1=\$(md5sum ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT | awk '{print \$1}') 109 | sum2=\$(md5sum \${latestFileOnSMB} | awk \'{print \$1}\') 110 | if \[ \${sum1} == \${sum2} \] 111 | then 112 | echo \"ERROR: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT already exists in //\${server}/\${msshare}\${mssubdir}\" >> /var/tmp/scriptd.out 113 | umount \${mountp} 114 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 115 | exit 1 116 | else 117 | echo \"DEBUG: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT does not already exist in //\${server}/\${msshare}\${mssubdir} (continuing...)\" >> /var/tmp/scriptd.out 118 | fi 119 | else 120 | echo \"DEBUG: Destination SMB mount contains no BACKUPFILENAMEEXTENSION_NODOT files (continuing...)\" >> /var/tmp/scriptd.out 121 | fi 122 | cp ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${mountp} 123 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 124 | 125 | if \[ \"PRUNINGMODE\" \!= \"Disabled\" \]; then 126 | 127 | files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 128 | for current_archive_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 129 | current_archive_file_basename=`basename \$current_archive_file` 130 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 131 | if \[ \"\$check_file\" == \"\" \] ; then 132 | rm -f \$current_archive_file 133 | fi 134 | done 135 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 136 | tar_files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 137 | for current_archive_tar_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 138 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 139 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 140 | if \[ \"\$check_file\" == \"\" \] ; then 141 | rm -f \$current_archive_tar_file 142 | fi 143 | done 144 | fi 145 | fi 146 | 147 | umount \${mountp} 148 | 149 | exit 0 150 | 151 | ========== 152 | LOCAL PRUNING 153 | ========== 154 | 155 | files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 156 | for current_archive_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 157 | current_archive_file_basename=`basename \$current_archive_file` 158 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 159 | if \[ \"\$check_file\" == \"\" \] ; then 160 | rm -f \$current_archive_file 161 | fi 162 | done 163 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 164 | tar_files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 165 | for current_archive_tar_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 166 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 167 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 168 | if \[ \"\$check_file\" == \"\" \] ; then 169 | rm -f \$current_archive_tar_file 170 | fi 171 | done 172 | fi 173 | -------------------------------------------------------------------------------- /archive/f5.automated_backup.v3.1.9.scripts.sh: -------------------------------------------------------------------------------- 1 | ========== 2 | SCP/SFTP 3 | ========== 4 | 5 | scp_function() 6 | { 7 | f5masterkey=\$(f5mku -K) 8 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 9 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 10 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 11 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_scp.key 12 | 13 | chmod 600 /var/tmp/TMSHAPPNAME_scp.key 14 | scp -i /var/tmp/TMSHAPPNAME_scp.key SCPCIPHER SCPSTRICTHOSTKEYCHECKING BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${username}@\${server}:\${directory} 2>> /var/tmp/scriptd.out 15 | scp_result=\$? 16 | rm -f /var/tmp/TMSHAPPNAME_scp.key 17 | return \$scp_result 18 | } 19 | 20 | scp_function 21 | 22 | ========== 23 | FTP 24 | ========== 25 | 26 | ftp_function() 27 | { 28 | f5masterkey=\$(f5mku -K) 29 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 30 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 31 | # Escape every character for safe submission of special characters in the password 32 | password_escaped=\$(echo \${password} | sed \'s/./\\\\\\&/g\') 33 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 34 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 35 | 36 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] 37 | then 38 | ftp_return=\$(ftp -n \${server} << END_FTP 39 | quote USER \${username} 40 | quote PASS \${password_escaped} 41 | binary 42 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 43 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar 44 | quit 45 | END_FTP 46 | ) 47 | else 48 | ftp_return=\$(ftp -n \${server} << END_FTP 49 | quote USER \${username} 50 | quote PASS \${password_escaped} 51 | binary 52 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 53 | quit 54 | END_FTP 55 | ) 56 | fi 57 | 58 | if \[ \"\$ftp_return\" == \"\" \] 59 | then 60 | return 0 61 | else 62 | echo \"\$ftp_return\" >> /var/tmp/scriptd.out 63 | return 1 64 | fi 65 | } 66 | 67 | ftp_function 68 | 69 | ========== 70 | SMB/CIFS 71 | ========== 72 | 73 | \#\!/bin/sh 74 | f5masterkey=\$(f5mku -K) 75 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 76 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 77 | msdomain=\$(echo \"ENCRYPTEDMSDOMAIN\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 78 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 79 | msshare=\$(echo \"ENCRYPTEDMSSHARE\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 80 | mssubdir=\$(echo \"ENCRYPTEDMSSUBDIR\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 81 | mountp=\$(echo \"ENCRYPTEDMOUNTP\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 82 | cd BACKUPDIRECTORY 83 | if \[ \! -d \${mountp} \] 84 | then 85 | mkdir -p \${mountp} 86 | if \[ \$? -ne 0 \] 87 | then 88 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 89 | exit 1 90 | fi 91 | fi 92 | \# The password must be surrounded by two single-quotes to successfully handle special characters. Still does not support comma, single-quote, and double-quote. 93 | mount -t cifs //\${server}/\${msshare}\${mssubdir} \${mountp} -o user=\${username}%\'\'\${password}\'\',domain=\${msdomain} 2>> /var/tmp/scriptd.out 94 | if \[ \$? -ne 0 \] 95 | then 96 | echo \"DEBUG: Failed to mount //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 97 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 98 | exit 1 99 | else 100 | echo \"DEBUG: Successfully mounted //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 101 | fi 102 | 103 | latestFileOnSMB=\$(ls -t \${mountp}/\*.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null| head -n 1 2>/dev/null) 104 | echo \"DEBUG: Latest BACKUPFILENAMEEXTENSION_NODOT file found on SMB mount: \$latestFileOnSMB\" >> /var/tmp/scriptd.out 105 | 106 | if \[ \"X\"\${latestFileOnSMB} \!= \"X\" \] 107 | then 108 | sum1=\$(md5sum ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT | awk '{print \$1}') 109 | sum2=\$(md5sum \${latestFileOnSMB} | awk \'{print \$1}\') 110 | if \[ \${sum1} == \${sum2} \] 111 | then 112 | echo \"ERROR: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT already exists in //\${server}/\${msshare}\${mssubdir}\" >> /var/tmp/scriptd.out 113 | umount \${mountp} 114 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 115 | exit 1 116 | else 117 | echo \"DEBUG: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT does not already exist in //\${server}/\${msshare}\${mssubdir} (continuing...)\" >> /var/tmp/scriptd.out 118 | fi 119 | else 120 | echo \"DEBUG: Destination SMB mount contains no BACKUPFILENAMEEXTENSION_NODOT files (continuing...)\" >> /var/tmp/scriptd.out 121 | fi 122 | cp ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${mountp} 123 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 124 | 125 | if \[ \"PRUNINGMODE\" \!= \"Disabled\" \]; then 126 | 127 | files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 128 | for current_archive_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 129 | current_archive_file_basename=`basename \$current_archive_file` 130 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 131 | if \[ \"\$check_file\" == \"\" \] ; then 132 | rm -f \$current_archive_file 133 | fi 134 | done 135 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 136 | tar_files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 137 | for current_archive_tar_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 138 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 139 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 140 | if \[ \"\$check_file\" == \"\" \] ; then 141 | rm -f \$current_archive_tar_file 142 | fi 143 | done 144 | fi 145 | fi 146 | 147 | umount \${mountp} 148 | 149 | exit 0 150 | 151 | ========== 152 | LOCAL PRUNING 153 | ========== 154 | 155 | files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 156 | for current_archive_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 157 | current_archive_file_basename=`basename \$current_archive_file` 158 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 159 | if \[ \"\$check_file\" == \"\" \] ; then 160 | rm -f \$current_archive_file 161 | fi 162 | done 163 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 164 | tar_files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 165 | for current_archive_tar_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 166 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 167 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 168 | if \[ \"\$check_file\" == \"\" \] ; then 169 | rm -f \$current_archive_tar_file 170 | fi 171 | done 172 | fi 173 | -------------------------------------------------------------------------------- /archive/f5.automated_backup.v3.2.0-fork.scripts.sh: -------------------------------------------------------------------------------- 1 | # The included features/changes have been merged into release v3.2.1 on https://github.com/tabernarious/f5-automated-backup-iapp 2 | # This was developed on top of v3.1.9 on https://github.com/YaleUniversity/f5-automated-backup-iapp/tree/feature/add_support_sftp 3 | 4 | ========== 5 | SCP 6 | ========== 7 | 8 | scp_function() 9 | { 10 | f5masterkey=\$(f5mku -K) 11 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 12 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 13 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 14 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_scp.key 15 | 16 | chmod 600 /var/tmp/TMSHAPPNAME_scp.key 17 | scp -i /var/tmp/TMSHAPPNAME_scp.key SCPCIPHER SCPSTRICTHOSTKEYCHECKING BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${username}@\${server}:./\${directory} 2>> /var/tmp/scriptd.out 18 | scp_result=\$? 19 | rm -f /var/tmp/TMSHAPPNAME_scp.key 20 | return \$scp_result 21 | } 22 | 23 | scp_function 24 | 25 | ========== 26 | SFTP (scripts file) 27 | ========== 28 | 29 | sftp_function() 30 | { 31 | f5masterkey=\$(f5mku -K) 32 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 33 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 34 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 35 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_sftp.key 36 | 37 | chmod 600 /var/tmp/TMSHAPPNAME_sftp.key 38 | echo put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* | sftp -b- -i /var/tmp/TMSHAPPNAME_sftp.key SFTPCIPHER SFTPSTRICTHOSTKEYCHECKING \${username}@\${server}:./\${directory} 2>> /var/tmp/scriptd.out 39 | sftp_result=\$? 40 | rm -f /var/tmp/TMSHAPPNAME_sftp.key 41 | return \$sftp_result 42 | } 43 | 44 | sftp_function 45 | 46 | 47 | ========== 48 | SFTP (in iApp template; looks like debugging remnants) 49 | ========== 50 | 51 | sftp_function() 52 | { 53 | f5masterkey=\$(f5mku -K) 54 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 55 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 56 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 57 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_sftp.key 58 | 59 | chmod 600 /var/tmp/TMSHAPPNAME_sftp.key 60 | echo put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* | sftp -b- -i /var/tmp/TMSHAPPNAME_sftp.key SFTPCIPHER SFTPSTRICTHOSTKEYCHECKING \${username}@\${server}:./\${directory} 61 | sftp_result=\$? 62 | rm -f /var/tmp/TMSHAPPNAME_sftp.key 63 | echo \$sftp_result \> /var/tmp/.x 64 | return \$sftp_result 65 | } 66 | 67 | sftp_function 68 | echo \$? \> /var/tmp/.y 69 | 70 | ========== 71 | FTP 72 | ========== 73 | 74 | ftp_function() 75 | { 76 | f5masterkey=\$(f5mku -K) 77 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 78 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 79 | # Escape every character for safe submission of special characters in the password 80 | password_escaped=\$(echo \${password} | sed \'s/./\\\\\\&/g\') 81 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 82 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 83 | 84 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] 85 | then 86 | ftp_return=\$(ftp -n \${server} << END_FTP 87 | quote USER \${username} 88 | quote PASS \${password_escaped} 89 | binary 90 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 91 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar 92 | quit 93 | END_FTP 94 | ) 95 | else 96 | ftp_return=\$(ftp -n \${server} << END_FTP 97 | quote USER \${username} 98 | quote PASS \${password_escaped} 99 | binary 100 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 101 | quit 102 | END_FTP 103 | ) 104 | fi 105 | 106 | if \[ \"\$ftp_return\" == \"\" \] 107 | then 108 | return 0 109 | else 110 | echo \"\$ftp_return\" >> /var/tmp/scriptd.out 111 | return 1 112 | fi 113 | } 114 | 115 | ftp_function 116 | 117 | ========== 118 | SMB/CIFS 119 | ========== 120 | 121 | \#\!/bin/sh 122 | f5masterkey=\$(f5mku -K) 123 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 124 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 125 | msdomain=\$(echo \"ENCRYPTEDMSDOMAIN\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 126 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 127 | msshare=\$(echo \"ENCRYPTEDMSSHARE\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 128 | mssubdir=\$(echo \"ENCRYPTEDMSSUBDIR\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 129 | mountp=\$(echo \"ENCRYPTEDMOUNTP\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 130 | cd BACKUPDIRECTORY 131 | if \[ \! -d \${mountp} \] 132 | then 133 | mkdir -p \${mountp} 134 | if \[ \$? -ne 0 \] 135 | then 136 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 137 | exit 1 138 | fi 139 | fi 140 | \# The password must be surrounded by two single-quotes to successfully handle special characters. Still does not support comma, single-quote, and double-quote. 141 | mount -t cifs //\${server}/\${msshare}\${mssubdir} \${mountp} -o user=\${username}%\'\'\${password}\'\',domain=\${msdomain} 2>> /var/tmp/scriptd.out 142 | if \[ \$? -ne 0 \] 143 | then 144 | echo \"DEBUG: Failed to mount //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 145 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 146 | exit 1 147 | else 148 | echo \"DEBUG: Successfully mounted //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 149 | fi 150 | 151 | latestFileOnSMB=\$(ls -t \${mountp}/\*.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null| head -n 1 2>/dev/null) 152 | echo \"DEBUG: Latest BACKUPFILENAMEEXTENSION_NODOT file found on SMB mount: \$latestFileOnSMB\" >> /var/tmp/scriptd.out 153 | 154 | if \[ \"X\"\${latestFileOnSMB} \!= \"X\" \] 155 | then 156 | sum1=\$(md5sum ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT | awk '{print \$1}') 157 | sum2=\$(md5sum \${latestFileOnSMB} | awk \'{print \$1}\') 158 | if \[ \${sum1} == \${sum2} \] 159 | then 160 | echo \"ERROR: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT already exists in //\${server}/\${msshare}\${mssubdir}\" >> /var/tmp/scriptd.out 161 | umount \${mountp} 162 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 163 | exit 1 164 | else 165 | echo \"DEBUG: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT does not already exist in //\${server}/\${msshare}\${mssubdir} (continuing...)\" >> /var/tmp/scriptd.out 166 | fi 167 | else 168 | echo \"DEBUG: Destination SMB mount contains no BACKUPFILENAMEEXTENSION_NODOT files (continuing...)\" >> /var/tmp/scriptd.out 169 | fi 170 | cp ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${mountp} 171 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 172 | 173 | if \[ \"PRUNINGMODE\" \!= \"Disabled\" \]; then 174 | 175 | files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 176 | for current_archive_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 177 | current_archive_file_basename=`basename \$current_archive_file` 178 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 179 | if \[ \"\$check_file\" == \"\" \] ; then 180 | rm -f \$current_archive_file 181 | fi 182 | done 183 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 184 | tar_files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 185 | for current_archive_tar_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 186 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 187 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 188 | if \[ \"\$check_file\" == \"\" \] ; then 189 | rm -f \$current_archive_tar_file 190 | fi 191 | done 192 | fi 193 | fi 194 | 195 | umount \${mountp} 196 | 197 | exit 0 198 | 199 | ========== 200 | LOCAL PRUNING 201 | ========== 202 | 203 | files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 204 | for current_archive_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 205 | current_archive_file_basename=`basename \$current_archive_file` 206 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 207 | if \[ \"\$check_file\" == \"\" \] ; then 208 | rm -f \$current_archive_file 209 | fi 210 | done 211 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 212 | tar_files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 213 | for current_archive_tar_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 214 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 215 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 216 | if \[ \"\$check_file\" == \"\" \] ; then 217 | rm -f \$current_archive_tar_file 218 | fi 219 | done 220 | fi -------------------------------------------------------------------------------- /archive/f5.automated_backup.v3.2.1.scripts.sh: -------------------------------------------------------------------------------- 1 | # Currently using tabs (not 4 spaces) throughout these scripts for ease of conversion to a single-line. 2 | # Search for tabs and replace with string "\t" 3 | # Search for newlines and replace with string "\n" 4 | # Copy into main script between 'exec echo -e "' and '" > $scriptfile' 5 | 6 | ========== 7 | SCP 8 | ========== 9 | 10 | scp_function() 11 | { 12 | f5masterkey=\$(f5mku -K) 13 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 14 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 15 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 16 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_scp.key 17 | 18 | chmod 600 /var/tmp/TMSHAPPNAME_scp.key 19 | scp -i /var/tmp/TMSHAPPNAME_scp.key SCPCIPHER SCPSTRICTHOSTKEYCHECKING BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${username}@\${server}:\${directory}/ 2>> /var/tmp/scriptd.out 20 | scp_result=\$? 21 | rm -f /var/tmp/TMSHAPPNAME_scp.key 22 | return \$scp_result 23 | } 24 | 25 | scp_function 26 | 27 | 28 | ========== 29 | SFTP 30 | ========== 31 | 32 | sftp_function() 33 | { 34 | f5masterkey=\$(f5mku -K) 35 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 36 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 37 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 38 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_sftp.key 39 | 40 | chmod 600 /var/tmp/TMSHAPPNAME_sftp.key 41 | echo put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* | sftp -b- -i /var/tmp/TMSHAPPNAME_sftp.key SFTPCIPHER SFTPSTRICTHOSTKEYCHECKING \${username}@\${server}:\${directory}/ 2>> /var/tmp/scriptd.out 42 | sftp_result=\$? 43 | rm -f /var/tmp/TMSHAPPNAME_sftp.key 44 | return \$sftp_result 45 | } 46 | 47 | sftp_function 48 | 49 | 50 | ========== 51 | FTP 52 | ========== 53 | 54 | ftp_function() 55 | { 56 | f5masterkey=\$(f5mku -K) 57 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 58 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 59 | # Escape every character for safe submission of special characters in the password 60 | password_escaped=\$(echo \${password} | sed \'s/./\\\\\\&/g\') 61 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 62 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 63 | 64 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] 65 | then 66 | ftp_return=\$(ftp -n \${server} << END_FTP 67 | quote USER \${username} 68 | quote PASS \${password_escaped} 69 | binary 70 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 71 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar 72 | quit 73 | END_FTP 74 | ) 75 | else 76 | ftp_return=\$(ftp -n \${server} << END_FTP 77 | quote USER \${username} 78 | quote PASS \${password_escaped} 79 | binary 80 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 81 | quit 82 | END_FTP 83 | ) 84 | fi 85 | 86 | if \[ \"\$ftp_return\" == \"\" \] 87 | then 88 | return 0 89 | else 90 | echo \"\$ftp_return\" >> /var/tmp/scriptd.out 91 | return 1 92 | fi 93 | } 94 | 95 | ftp_function 96 | 97 | 98 | ========== 99 | SMB/CIFS 100 | ========== 101 | 102 | \#\!/bin/sh 103 | f5masterkey=\$(f5mku -K) 104 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 105 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 106 | msdomain=\$(echo \"ENCRYPTEDMSDOMAIN\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 107 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 108 | msshare=\$(echo \"ENCRYPTEDMSSHARE\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 109 | mssubdir=\$(echo \"ENCRYPTEDMSSUBDIR\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 110 | mountp=\$(echo \"ENCRYPTEDMOUNTP\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 111 | mountvers=\$(echo \"ENCRYPTEDMOUNTVERS\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 112 | mountsec=\$(echo \"ENCRYPTEDMOUNTSEC\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 113 | cd BACKUPDIRECTORY 114 | if \[ \! -d \${mountp} \] 115 | then 116 | mkdir -p \${mountp} 117 | if \[ \$? -ne 0 \] 118 | then 119 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 120 | exit 1 121 | fi 122 | fi 123 | \# The password must be surrounded by two single-quotes to successfully handle special characters. Still does not support comma, single-quote, and double-quote. 124 | mount -t cifs //\${server}/\${msshare}\${mssubdir} \${mountp} -o user=\${username}%\'\'\${password}\'\',domain=\${msdomain},vers=\${mountvers},sec=\${mountsec} 2>> /var/tmp/scriptd.out 125 | if \[ \$? -ne 0 \] 126 | then 127 | echo \"DEBUG: Failed to mount //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 128 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 129 | exit 1 130 | else 131 | echo \"DEBUG: Successfully mounted //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 132 | fi 133 | 134 | latestFileOnSMB=\$(ls -t \${mountp}/\*.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null| head -n 1 2>/dev/null) 135 | echo \"DEBUG: Latest BACKUPFILENAMEEXTENSION_NODOT file found on SMB mount: \$latestFileOnSMB\" >> /var/tmp/scriptd.out 136 | 137 | if \[ \"X\"\${latestFileOnSMB} \!= \"X\" \] 138 | then 139 | sum1=\$(md5sum ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT | awk '{print \$1}') 140 | sum2=\$(md5sum \${latestFileOnSMB} | awk \'{print \$1}\') 141 | if \[ \${sum1} == \${sum2} \] 142 | then 143 | echo \"ERROR: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT already exists in //\${server}/\${msshare}\${mssubdir}\" >> /var/tmp/scriptd.out 144 | umount \${mountp} 145 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 146 | exit 1 147 | else 148 | echo \"DEBUG: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT does not already exist in //\${server}/\${msshare}\${mssubdir} (continuing...)\" >> /var/tmp/scriptd.out 149 | fi 150 | else 151 | echo \"DEBUG: Destination SMB mount contains no BACKUPFILENAMEEXTENSION_NODOT files (continuing...)\" >> /var/tmp/scriptd.out 152 | fi 153 | cp ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${mountp} 154 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 155 | 156 | if \[ \"PRUNINGMODE\" \!= \"Disabled\" \]; then 157 | 158 | files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 159 | for current_archive_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 160 | current_archive_file_basename=`basename \$current_archive_file` 161 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 162 | if \[ \"\$check_file\" == \"\" \] ; then 163 | rm -f \$current_archive_file 164 | fi 165 | done 166 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 167 | tar_files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 168 | for current_archive_tar_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 169 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 170 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 171 | if \[ \"\$check_file\" == \"\" \] ; then 172 | rm -f \$current_archive_tar_file 173 | fi 174 | done 175 | fi 176 | fi 177 | 178 | umount \${mountp} 179 | 180 | echo \"DEBUG: Script completed without errors\" >> /var/tmp/scriptd.out 181 | exit 0 182 | 183 | 184 | ========== 185 | LOCAL PRUNING 186 | ========== 187 | 188 | files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 189 | for current_archive_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 190 | current_archive_file_basename=`basename \$current_archive_file` 191 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 192 | if \[ \"\$check_file\" == \"\" \] ; then 193 | rm -f \$current_archive_file 194 | fi 195 | done 196 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 197 | tar_files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 198 | for current_archive_tar_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 199 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 200 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 201 | if \[ \"\$check_file\" == \"\" \] ; then 202 | rm -f \$current_archive_tar_file 203 | fi 204 | done 205 | fi 206 | -------------------------------------------------------------------------------- /archive/f5.automated_backup.v3.2.2_sftp_awk.scripts.sh: -------------------------------------------------------------------------------- 1 | # Currently using tabs (not 4 spaces) throughout these scripts for ease of conversion to a single-line. 2 | # Search for tabs and replace with string "\t" 3 | # Search for newlines and replace with string "\n" 4 | # Copy into main script between 'exec echo -e "' and '" > $scriptfile' 5 | 6 | ========== 7 | SCP 8 | ========== 9 | 10 | scp_function() 11 | { 12 | f5masterkey=\$(f5mku -K) 13 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 14 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 15 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 16 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_scp.key 17 | 18 | chmod 600 /var/tmp/TMSHAPPNAME_scp.key 19 | scp -i /var/tmp/TMSHAPPNAME_scp.key SCPCIPHER SCPSTRICTHOSTKEYCHECKING BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${username}@\${server}:\${directory}/ 2>> /var/tmp/scriptd.out 20 | scp_result=\$? 21 | rm -f /var/tmp/TMSHAPPNAME_scp.key 22 | return \$scp_result 23 | } 24 | 25 | scp_function 26 | 27 | 28 | ========== 29 | SFTP 30 | ========== 31 | 32 | sftp_function() 33 | { 34 | f5masterkey=\$(f5mku -K) 35 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 36 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 37 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 38 | keyfilepath=\"/var/tmp/TMSHAPPNAME_sftp.key\" 39 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > \${keyfilepath} 40 | 41 | # Fix key header formatting if needed 42 | if \[ \"\$(head -n 1 /var/tmp/TMSHAPPNAME_sftp.key)\" == \"-----BEGIN\" \] 43 | then 44 | keyfilelinecount=\$(wc -l \${keyfilepath} |awk \'{print \$1}\') 45 | awk \'NR==1, NR==4 {print \$0}\' ORS=\' \' \${keyfilepath} > \${keyfilepath}.tmp 46 | echo >> \${keyfilepath}.tmp 47 | awk -v count=\"\${keyfilelinecount}\" \'NR==5, NR==count-4 {print \$0}\' \${keyfilepath} >> \${keyfilepath}.tmp 48 | awk -v count=\"\${keyfilelinecount}\" \'NR==count-3, NR==count {print \$0}\' ORS=\' \' \${keyfilepath} >> \${keyfilepath}.tmp 49 | echo >> \${keyfilepath}.tmp 50 | mv \${keyfilepath}.tmp \${keyfilepath} 51 | fi 52 | 53 | chmod 600 /var/tmp/TMSHAPPNAME_sftp.key 54 | echo put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* | sftp -b- -i /var/tmp/TMSHAPPNAME_sftp.key SFTPCIPHER SFTPSTRICTHOSTKEYCHECKING SFTPSSHOPTIONS \${username}@\${server}:\${directory}/ 2>> /var/tmp/scriptd.out 55 | sftp_result=\$? 56 | #rm -f /var/tmp/TMSHAPPNAME_sftp.key 57 | return \$sftp_result 58 | } 59 | 60 | sftp_function 61 | 62 | 63 | ========== 64 | FTP 65 | ========== 66 | 67 | ftp_function() 68 | { 69 | f5masterkey=\$(f5mku -K) 70 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 71 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 72 | # Escape every character for safe submission of special characters in the password 73 | password_escaped=\$(echo \${password} | sed \'s/./\\\\\\&/g\') 74 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 75 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 76 | 77 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] 78 | then 79 | ftp_return=\$(ftp -n \${server} << END_FTP 80 | quote USER \${username} 81 | quote PASS \${password_escaped} 82 | binary 83 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 84 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar 85 | quit 86 | END_FTP 87 | ) 88 | else 89 | ftp_return=\$(ftp -n \${server} << END_FTP 90 | quote USER \${username} 91 | quote PASS \${password_escaped} 92 | binary 93 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 94 | quit 95 | END_FTP 96 | ) 97 | fi 98 | 99 | if \[ \"\$ftp_return\" == \"\" \] 100 | then 101 | return 0 102 | else 103 | echo \"\$ftp_return\" >> /var/tmp/scriptd.out 104 | return 1 105 | fi 106 | } 107 | 108 | ftp_function 109 | 110 | 111 | ========== 112 | SMB/CIFS 113 | ========== 114 | 115 | \#\!/bin/sh 116 | f5masterkey=\$(f5mku -K) 117 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 118 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 119 | msdomain=\$(echo \"ENCRYPTEDMSDOMAIN\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 120 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 121 | msshare=\$(echo \"ENCRYPTEDMSSHARE\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 122 | mssubdir=\$(echo \"ENCRYPTEDMSSUBDIR\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 123 | mountp=\$(echo \"ENCRYPTEDMOUNTP\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 124 | mountvers=\$(echo \"ENCRYPTEDMOUNTVERS\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 125 | mountsec=\$(echo \"ENCRYPTEDMOUNTSEC\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 126 | cd BACKUPDIRECTORY 127 | if \[ \! -d \${mountp} \] 128 | then 129 | mkdir -p \${mountp} 130 | if \[ \$? -ne 0 \] 131 | then 132 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 133 | exit 1 134 | fi 135 | fi 136 | \# The password must be surrounded by two single-quotes to successfully handle special characters. Still does not support comma, single-quote, and double-quote. 137 | mount -t cifs //\${server}/\${msshare}\${mssubdir} \${mountp} -o user=\${username}%\'\'\${password}\'\',domain=\${msdomain},vers=\${mountvers},sec=\${mountsec} 2>> /var/tmp/scriptd.out 138 | if \[ \$? -ne 0 \] 139 | then 140 | echo \"DEBUG: Failed to mount //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 141 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 142 | exit 1 143 | else 144 | echo \"DEBUG: Successfully mounted //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 145 | fi 146 | 147 | latestFileOnSMB=\$(ls -t \${mountp}/\*.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null| head -n 1 2>/dev/null) 148 | echo \"DEBUG: Latest BACKUPFILENAMEEXTENSION_NODOT file found on SMB mount: \$latestFileOnSMB\" >> /var/tmp/scriptd.out 149 | 150 | if \[ \"X\"\${latestFileOnSMB} \!= \"X\" \] 151 | then 152 | sum1=\$(md5sum ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT | awk '{print \$1}') 153 | sum2=\$(md5sum \${latestFileOnSMB} | awk \'{print \$1}\') 154 | if \[ \${sum1} == \${sum2} \] 155 | then 156 | echo \"ERROR: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT already exists in //\${server}/\${msshare}\${mssubdir}\" >> /var/tmp/scriptd.out 157 | umount \${mountp} 158 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 159 | exit 1 160 | else 161 | echo \"DEBUG: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT does not already exist in //\${server}/\${msshare}\${mssubdir} (continuing...)\" >> /var/tmp/scriptd.out 162 | fi 163 | else 164 | echo \"DEBUG: Destination SMB mount contains no BACKUPFILENAMEEXTENSION_NODOT files (continuing...)\" >> /var/tmp/scriptd.out 165 | fi 166 | cp ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${mountp} 167 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 168 | 169 | if \[ \"PRUNINGMODE\" \!= \"Disabled\" \]; then 170 | 171 | files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 172 | for current_archive_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 173 | current_archive_file_basename=`basename \$current_archive_file` 174 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 175 | if \[ \"\$check_file\" == \"\" \] ; then 176 | rm -f \$current_archive_file 177 | fi 178 | done 179 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 180 | tar_files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 181 | for current_archive_tar_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 182 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 183 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 184 | if \[ \"\$check_file\" == \"\" \] ; then 185 | rm -f \$current_archive_tar_file 186 | fi 187 | done 188 | fi 189 | fi 190 | 191 | umount \${mountp} 192 | 193 | echo \"DEBUG: Script completed without errors\" >> /var/tmp/scriptd.out 194 | exit 0 195 | 196 | 197 | ========== 198 | LOCAL PRUNING 199 | ========== 200 | 201 | files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 202 | for current_archive_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 203 | current_archive_file_basename=`basename \$current_archive_file` 204 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 205 | if \[ \"\$check_file\" == \"\" \] ; then 206 | rm -f \$current_archive_file 207 | fi 208 | done 209 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 210 | tar_files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 211 | for current_archive_tar_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 212 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 213 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 214 | if \[ \"\$check_file\" == \"\" \] ; then 215 | rm -f \$current_archive_tar_file 216 | fi 217 | done 218 | fi 219 | -------------------------------------------------------------------------------- /archive/f5.automated_backup.v3.2.3.scripts_reference.sh: -------------------------------------------------------------------------------- 1 | # Currently using tabs (not 4 spaces) throughout these scripts for ease of conversion to a single-line. 2 | # Search for tabs and replace with string "\t" 3 | # Search for newlines and replace with string "\n" 4 | # Copy into main script between 'exec echo -e "' and '" > $scriptfile' 5 | 6 | ========== 7 | SCP 8 | ========== 9 | 10 | scp_function() 11 | { 12 | f5masterkey=\$(f5mku -K) 13 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 14 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 15 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 16 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_scp.key 17 | 18 | chmod 600 /var/tmp/TMSHAPPNAME_scp.key 19 | scp -i /var/tmp/TMSHAPPNAME_scp.key SCPCIPHER SCPSTRICTHOSTKEYCHECKING SCPSSHOPTIONS BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${username}@\${server}:\${directory}/ 2>> /var/tmp/scriptd.out 20 | scp_result=\$? 21 | rm -f /var/tmp/TMSHAPPNAME_scp.key 22 | return \$scp_result 23 | } 24 | 25 | scp_function 26 | 27 | 28 | ========== 29 | SFTP 30 | ========== 31 | 32 | sftp_function() 33 | { 34 | f5masterkey=\$(f5mku -K) 35 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 36 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 37 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 38 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_sftp.key 39 | 40 | chmod 600 /var/tmp/TMSHAPPNAME_sftp.key 41 | echo put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* | sftp -b- -i /var/tmp/TMSHAPPNAME_sftp.key SFTPCIPHER SFTPSTRICTHOSTKEYCHECKING SFTPSSHOPTIONS \${username}@\${server}:\${directory}/ 2>> /var/tmp/scriptd.out 42 | sftp_result=\$? 43 | rm -f /var/tmp/TMSHAPPNAME_sftp.key 44 | return \$sftp_result 45 | } 46 | 47 | sftp_function 48 | 49 | 50 | ========== 51 | FTP 52 | ========== 53 | 54 | ftp_function() 55 | { 56 | f5masterkey=\$(f5mku -K) 57 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 58 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 59 | # Escape every character for safe submission of special characters in the password 60 | password_escaped=\$(echo \${password} | sed \'s/./\\\\\\&/g\') 61 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 62 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 63 | 64 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] 65 | then 66 | ftp_return=\$(ftp -n \${server} << END_FTP 67 | quote USER \${username} 68 | quote PASS \${password_escaped} 69 | binary 70 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 71 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar 72 | quit 73 | END_FTP 74 | ) 75 | else 76 | ftp_return=\$(ftp -n \${server} << END_FTP 77 | quote USER \${username} 78 | quote PASS \${password_escaped} 79 | binary 80 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 81 | quit 82 | END_FTP 83 | ) 84 | fi 85 | 86 | if \[ \"\$ftp_return\" == \"\" \] 87 | then 88 | return 0 89 | else 90 | echo \"\$ftp_return\" >> /var/tmp/scriptd.out 91 | return 1 92 | fi 93 | } 94 | 95 | ftp_function 96 | 97 | 98 | ========== 99 | SMB/CIFS 100 | ========== 101 | 102 | \#\!/bin/sh 103 | f5masterkey=\$(f5mku -K) 104 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 105 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 106 | msdomain=\$(echo \"ENCRYPTEDMSDOMAIN\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 107 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 108 | msshare=\$(echo \"ENCRYPTEDMSSHARE\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 109 | mssubdir=\$(echo \"ENCRYPTEDMSSUBDIR\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 110 | mountp=\$(echo \"ENCRYPTEDMOUNTP\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 111 | mountvers=\$(echo \"ENCRYPTEDMOUNTVERS\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 112 | mountsec=\$(echo \"ENCRYPTEDMOUNTSEC\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 113 | cd BACKUPDIRECTORY 114 | if \[ \! -d \${mountp} \] 115 | then 116 | mkdir -p \${mountp} 117 | if \[ \$? -ne 0 \] 118 | then 119 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 120 | exit 1 121 | fi 122 | fi 123 | \# The password must be surrounded by two single-quotes to successfully handle special characters. Still does not support comma, single-quote, and double-quote. 124 | mount -t cifs //\${server}/\${msshare}\${mssubdir} \${mountp} -o user=\${username}%\'\'\${password}\'\',domain=\${msdomain},vers=\${mountvers},sec=\${mountsec} 2>> /var/tmp/scriptd.out 125 | if \[ \$? -ne 0 \] 126 | then 127 | echo \"DEBUG: Failed to mount //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 128 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 129 | exit 1 130 | else 131 | echo \"DEBUG: Successfully mounted //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 132 | fi 133 | 134 | latestFileOnSMB=\$(ls -t \${mountp}/\*.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null| head -n 1 2>/dev/null) 135 | echo \"DEBUG: Latest BACKUPFILENAMEEXTENSION_NODOT file found on SMB mount: \$latestFileOnSMB\" >> /var/tmp/scriptd.out 136 | 137 | if \[ \"X\"\${latestFileOnSMB} \!= \"X\" \] 138 | then 139 | sum1=\$(md5sum ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT | awk '{print \$1}') 140 | sum2=\$(md5sum \${latestFileOnSMB} | awk \'{print \$1}\') 141 | if \[ \${sum1} == \${sum2} \] 142 | then 143 | echo \"ERROR: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT already exists in //\${server}/\${msshare}\${mssubdir}\" >> /var/tmp/scriptd.out 144 | umount \${mountp} 145 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 146 | exit 1 147 | else 148 | echo \"DEBUG: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT does not already exist in //\${server}/\${msshare}\${mssubdir} (continuing...)\" >> /var/tmp/scriptd.out 149 | fi 150 | else 151 | echo \"DEBUG: Destination SMB mount contains no BACKUPFILENAMEEXTENSION_NODOT files (continuing...)\" >> /var/tmp/scriptd.out 152 | fi 153 | cp ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${mountp} 154 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 155 | 156 | if \[ \"PRUNINGMODE\" \!= \"Disabled\" \]; then 157 | 158 | files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 159 | for current_archive_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 160 | current_archive_file_basename=`basename \$current_archive_file` 161 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 162 | if \[ \"\$check_file\" == \"\" \] ; then 163 | rm -f \$current_archive_file 164 | fi 165 | done 166 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 167 | tar_files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 168 | for current_archive_tar_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 169 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 170 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 171 | if \[ \"\$check_file\" == \"\" \] ; then 172 | rm -f \$current_archive_tar_file 173 | fi 174 | done 175 | fi 176 | fi 177 | 178 | umount \${mountp} 179 | 180 | echo \"DEBUG: Script completed without errors\" >> /var/tmp/scriptd.out 181 | exit 0 182 | 183 | 184 | ========== 185 | LOCAL PRUNING 186 | ========== 187 | 188 | files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 189 | for current_archive_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 190 | current_archive_file_basename=`basename \$current_archive_file` 191 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 192 | if \[ \"\$check_file\" == \"\" \] ; then 193 | rm -f \$current_archive_file 194 | fi 195 | done 196 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 197 | tar_files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 198 | for current_archive_tar_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 199 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 200 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 201 | if \[ \"\$check_file\" == \"\" \] ; then 202 | rm -f \$current_archive_tar_file 203 | fi 204 | done 205 | fi 206 | -------------------------------------------------------------------------------- /notes/cifs_notes.md: -------------------------------------------------------------------------------- 1 | # Notes about mount.cifs 2 | 3 | ## Example 4 | mount -t cifs /// /var/tmp/cifs -o user=,password=,domain= -o vers=2.0 5 | 6 | ## Man Pages 7 | `BIG-IP 14.1.3` excerpt from `man mount.cifs` 8 | `BIG-IP 13.1.3.4` does not list `vers` options in `man mount.cifs` 9 | ``` 10 | vers= 11 | SMB protocol version. Allowed values are: 12 | 13 | ▒ 1.0 - The classic CIFS/SMBv1 protocol. This is the default. 14 | 15 | ▒ 2.0 - The SMBv2.002 protocol. This was initially introduced in Windows Vista Service Pack 1, and Windows Server 2008. Note that the initial release version of Windows Vista spoke a slightly different dialect (2.000) 16 | that is not supported. 17 | 18 | ▒ 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2. 19 | 20 | ▒ 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012. 21 | 22 | Note too that while this option governs the protocol version used, not all features of each version are available. 23 | ``` 24 | ``` 25 | vers=arg 26 | SMB protocol version. Allowed values are: 27 | 28 | • 1.0 - The classic CIFS/SMBv1 protocol. 29 | 30 | • 2.0 - The SMBv2.002 protocol. This was initially introduced in 31 | Windows Vista Service Pack 1, and Windows Server 2008. Note 32 | that the initial release version of Windows Vista spoke a 33 | slightly different dialect (2.000) that is not supported. 34 | 35 | • 2.1 - The SMBv2.1 protocol that was introduced in Microsoft 36 | Windows 7 and Windows Server 2008R2. 37 | 38 | • 3.0 - The SMBv3.0 protocol that was introduced in Microsoft 39 | Windows 8 and Windows Server 2012. 40 | 41 | • 3.1.1 or 3.11 - The SMBv3.1.1 protocol that was introduced in 42 | Microsoft Windows Server 2016. 43 | 44 | Note too that while this option governs the protocol version 45 | used, not all features of each version are available. 46 | 47 | The default since v4.13.5 is for the client and server to nego‐ 48 | tiate the highest possible version greater than or equal to 2.1. 49 | In kernels prior to v4.13, the default was 1.0. For kernels be‐ 50 | tween v4.13 and v4.13.5 the default is 3.0. 51 | ``` 52 | 53 | ``` 54 | sec=arg 55 | Security mode. Allowed values are: 56 | 57 | • none - attempt to connection as a null user (no name) 58 | 59 | • krb5 - Use Kerberos version 5 authentication 60 | 61 | • krb5i - Use Kerberos authentication and forcibly enable packet 62 | signing 63 | 64 | • ntlm - Use NTLM password hashing 65 | 66 | • ntlmi - Use NTLM password hashing and force packet signing 67 | 68 | • ntlmv2 - Use NTLMv2 password hashing 69 | 70 | • ntlmv2i - Use NTLMv2 password hashing and force packet signing 71 | 72 | • ntlmssp - Use NTLMv2 password hashing encapsulated in Raw 73 | NTLMSSP message 74 | 75 | • ntlmsspi - Use NTLMv2 password hashing encapsulated in Raw 76 | NTLMSSP message, and force packet signing 77 | 78 | The default in mainline kernel versions prior to v3.8 was 79 | sec=ntlm. In v3.8, the default was changed to sec=ntlmssp. 80 | ``` -------------------------------------------------------------------------------- /notes/ucs_passphrase_allowed_character_testing.md: -------------------------------------------------------------------------------- 1 | # UCS Passphrase Allowed Characters 2 | 3 | ## Did not work in GUI 4 | ``` 5 | `~!@#$%^&*()aB1-_=+[{]}\|;:<.>/? 6 | `~!@#$%^&*()aB1-_ 7 | `~!@#$%^& 8 | `~!@#$%^*()aB1-_=+[{]}\|;:<.>/? 9 | `~!@#$%^*()aB1-_=+[{]}\ 10 | "double quotes are not balanced" (must be using double quotes around the passphrase so ending with \ breaks it) 11 | `~!@#$%^*()aB1-_=+[{]}|;:<.>/? 12 | `~!@#$%^*()aB1-_=+[{]}| 13 | `~!@#$%^*()aB1-_=+[{]};:<.>/? 14 | `~!@#$%^*()aB1-_=+[{]}; 15 | `~!@#$%^*()aB1-_=+[{]}:<.>/? 16 | `~!@#$%^*()aB1-_=+[{]}:< 17 | ``` 18 | 19 | ## Worked in GUI and iApp 13.1.3.4 20 | 21 | ``` 22 | `~!@#$ 23 | `~!@#$% 24 | `~!@#$%^ 25 | `~!@#$%^* 26 | `~!@#$%^*( 27 | `~!@#$%^*() 28 | `~!@#$%^*()aB1- 29 | `~!@#$%^*()aB1-_ 30 | `~!@#$%^*()aB1-_=+ 31 | 32 | `~!@#$%^*()aB1-_=+[{ 33 | `~!@#$%^*()aB1-_=+[{]}: 34 | `~!@#$%^*()aB1-_=+[{]}:. 35 | `~!@#$%^*()aB1-_=+[{]}:./ 36 | `~!@#$%^*()aB1-_=+[{]}:./? 37 | ``` 38 | 39 | ## Worked in iApp 14.1.3 40 | ``` 41 | `~!@#$ 42 | `~!@#$% 43 | `~!@#$%^ 44 | `~!@#$%^* 45 | `~!@#$%^*( 46 | `~!@#$%^*() 47 | `~!@#$%^*()aB1- 48 | `~!@#$%^*()aB1-_ 49 | `~!@#$%^*()aB1-_=+ 50 | `~!@#$%^*()aB1-_=+:./? 51 | ``` -------------------------------------------------------------------------------- /scripts/ftp.sh: -------------------------------------------------------------------------------- 1 | # Currently using tabs (not 4 spaces) throughout these scripts for ease of conversion to a single-line. 2 | # Search for tabs and replace with string "\t" 3 | # Search for newlines and replace with string "\n" 4 | # Copy into main script between 'exec echo -e "' and '" > $scriptfile' 5 | 6 | ftp_function() 7 | { 8 | f5masterkey=\$(f5mku -K) 9 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 10 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 11 | # Escape every character for safe submission of special characters in the password 12 | password_escaped=\$(echo \${password} | sed \'s/./\\\\\\&/g\') 13 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 14 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 15 | 16 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] 17 | then 18 | ftp_return=\$(ftp -n \${server} << END_FTP 19 | quote USER \${username} 20 | quote PASS \${password_escaped} 21 | binary 22 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 23 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT.tar 24 | quit 25 | END_FTP 26 | ) 27 | else 28 | ftp_return=\$(ftp -n \${server} << END_FTP 29 | quote USER \${username} 30 | quote PASS \${password_escaped} 31 | binary 32 | put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT \${directory}/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT 33 | quit 34 | END_FTP 35 | ) 36 | fi 37 | 38 | if \[ \"\$ftp_return\" == \"\" \] 39 | then 40 | return 0 41 | else 42 | echo \"\$ftp_return\" >> /var/tmp/scriptd.out 43 | return 1 44 | fi 45 | } 46 | 47 | ftp_function 48 | -------------------------------------------------------------------------------- /scripts/local_pruning.sh: -------------------------------------------------------------------------------- 1 | # Currently using tabs (not 4 spaces) throughout these scripts for ease of conversion to a single-line. 2 | # Search for tabs and replace with string "\t" 3 | # Search for newlines and replace with string "\n" 4 | # Copy into main script between 'exec echo -e "' and '" > $scriptfile' 5 | 6 | files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 7 | for current_archive_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 8 | current_archive_file_basename=`basename \$current_archive_file` 9 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 10 | if \[ \"\$check_file\" == \"\" \] ; then 11 | rm -f \$current_archive_file 12 | fi 13 | done 14 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 15 | tar_files_tokeep=\$(ls -t BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 16 | for current_archive_tar_file in `ls BACKUPDIRECTORY/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 17 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 18 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 19 | if \[ \"\$check_file\" == \"\" \] ; then 20 | rm -f \$current_archive_tar_file 21 | fi 22 | done 23 | fi 24 | -------------------------------------------------------------------------------- /scripts/scp.sh: -------------------------------------------------------------------------------- 1 | # Currently using tabs (not 4 spaces) throughout these scripts for ease of conversion to a single-line. 2 | # Search for tabs and replace with string "\t" 3 | # Search for newlines and replace with string "\n" 4 | # Copy into main script between 'exec echo -e "' and '" > $scriptfile' 5 | 6 | scp_function() 7 | { 8 | f5masterkey=\$(f5mku -K) 9 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 10 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 11 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 12 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_scp.key 13 | 14 | chmod 600 /var/tmp/TMSHAPPNAME_scp.key 15 | scp -i /var/tmp/TMSHAPPNAME_scp.key SCPCIPHER SCPSTRICTHOSTKEYCHECKING SCPSSHOPTIONS BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${username}@\${server}:\${directory}/ 2>> /var/tmp/scriptd.out 16 | scp_result=\$? 17 | rm -f /var/tmp/TMSHAPPNAME_scp.key 18 | return \$scp_result 19 | } 20 | 21 | scp_function 22 | -------------------------------------------------------------------------------- /scripts/sftp.sh: -------------------------------------------------------------------------------- 1 | # Currently using tabs (not 4 spaces) throughout these scripts for ease of conversion to a single-line. 2 | # Search for tabs and replace with string "\t" 3 | # Search for newlines and replace with string "\n" 4 | # Copy into main script between 'exec echo -e "' and '" > $scriptfile' 5 | 6 | sftp_function() 7 | { 8 | f5masterkey=\$(f5mku -K) 9 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 10 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 11 | directory=\$(echo \"ENCRYPTEDDIRECTORY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 12 | echo \"ENCRYPTEDPRIVATEKEY\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey} > /var/tmp/TMSHAPPNAME_sftp.key 13 | 14 | chmod 600 /var/tmp/TMSHAPPNAME_sftp.key 15 | echo put BACKUPDIRECTORY/${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* | sftp -b- -i /var/tmp/TMSHAPPNAME_sftp.key SFTPCIPHER SFTPSTRICTHOSTKEYCHECKING SFTPSSHOPTIONS \${username}@\${server}:\${directory}/ 2>> /var/tmp/scriptd.out 16 | sftp_result=\$? 17 | rm -f /var/tmp/TMSHAPPNAME_sftp.key 18 | return \$sftp_result 19 | } 20 | 21 | sftp_function 22 | -------------------------------------------------------------------------------- /scripts/smb_cifs.sh: -------------------------------------------------------------------------------- 1 | # Currently using tabs (not 4 spaces) throughout these scripts for ease of conversion to a single-line. 2 | # Search for tabs and replace with string "\t" 3 | # Search for newlines and replace with string "\n" 4 | # Copy into main script between 'exec echo -e "' and '" > $scriptfile' 5 | 6 | \#\!/bin/sh 7 | f5masterkey=\$(f5mku -K) 8 | username=\$(echo \"ENCRYPTEDUSERNAME\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 9 | password=\$(echo \"ENCRYPTEDPASSWORD\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 10 | msdomain=\$(echo \"ENCRYPTEDMSDOMAIN\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 11 | server=\$(echo \"ENCRYPTEDSERVER\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 12 | msshare=\$(echo \"ENCRYPTEDMSSHARE\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 13 | mssubdir=\$(echo \"ENCRYPTEDMSSUBDIR\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 14 | mountp=\$(echo \"ENCRYPTEDMOUNTP\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 15 | mountvers=\$(echo \"ENCRYPTEDMOUNTVERS\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 16 | mountsec=\$(echo \"ENCRYPTEDMOUNTSEC\" | openssl aes-256-ecb -salt -a -A -d -k \${f5masterkey}) 17 | cd BACKUPDIRECTORY 18 | if \[ \! -d \${mountp} \] 19 | then 20 | mkdir -p \${mountp} 21 | if \[ \$? -ne 0 \] 22 | then 23 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 24 | exit 1 25 | fi 26 | fi 27 | \# The password must be surrounded by two single-quotes to successfully handle special characters. Still does not support comma, single-quote, and double-quote. 28 | mount -t cifs //\${server}/\${msshare}\${mssubdir} \${mountp} -o user=\${username},password=\'\'\${password}\'\',domain=\${msdomain},vers=\${mountvers},sec=\${mountsec} 2>> /var/tmp/scriptd.out 29 | if \[ \$? -ne 0 \] 30 | then 31 | echo \"DEBUG: Failed to mount //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 32 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 33 | exit 1 34 | else 35 | echo \"DEBUG: Successfully mounted //\${server}/\${msshare}\${mssubdir}\ to \${mountp}\" >> /var/tmp/scriptd.out 36 | fi 37 | 38 | latestFileOnSMB=\$(ls -t \${mountp}/\*.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null| head -n 1 2>/dev/null) 39 | echo \"DEBUG: Latest BACKUPFILENAMEEXTENSION_NODOT file found on SMB mount: \$latestFileOnSMB\" >> /var/tmp/scriptd.out 40 | 41 | if \[ \"X\"\${latestFileOnSMB} \!= \"X\" \] 42 | then 43 | sum1=\$(md5sum ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT | awk '{print \$1}') 44 | sum2=\$(md5sum \${latestFileOnSMB} | awk \'{print \$1}\') 45 | if \[ \${sum1} == \${sum2} \] 46 | then 47 | echo \"ERROR: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT already exists in //\${server}/\${msshare}\${mssubdir}\" >> /var/tmp/scriptd.out 48 | umount \${mountp} 49 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 50 | exit 1 51 | else 52 | echo \"DEBUG: File ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT does not already exist in //\${server}/\${msshare}\${mssubdir} (continuing...)\" >> /var/tmp/scriptd.out 53 | fi 54 | else 55 | echo \"DEBUG: Destination SMB mount contains no BACKUPFILENAMEEXTENSION_NODOT files (continuing...)\" >> /var/tmp/scriptd.out 56 | fi 57 | cp ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* \${mountp} 58 | rm -f ${fname_noext}BACKUPFILENAMEEXTENSION_WITHDOT* 59 | 60 | if \[ \"PRUNINGMODE\" \!= \"Disabled\" \]; then 61 | 62 | files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null | head -n CONSERVE\) 63 | for current_archive_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT 2>/dev/null` ; do 64 | current_archive_file_basename=`basename \$current_archive_file` 65 | check_file=\$(echo \$files_tokeep | grep -w \$current_archive_file_basename) 66 | if \[ \"\$check_file\" == \"\" \] ; then 67 | rm -f \$current_archive_file 68 | fi 69 | done 70 | if \[ \"BACKUPFILENAMEEXTENSION_NODOT\" == \"scf\" \] ; then 71 | tar_files_tokeep=\$(ls -t \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null | head -n CONSERVE\) 72 | for current_archive_tar_file in `ls \${mountp}/*PRUNINGSUFFIX.BACKUPFILENAMEEXTENSION_NODOT.tar 2>/dev/null` ; do 73 | current_archive_tar_file_basename=`basename \$current_archive_tar_file` 74 | check_file=\$(echo \$tar_files_tokeep | grep -w \$current_archive_tar_file_basename) 75 | if \[ \"\$check_file\" == \"\" \] ; then 76 | rm -f \$current_archive_tar_file 77 | fi 78 | done 79 | fi 80 | fi 81 | 82 | umount \${mountp} 83 | 84 | echo \"DEBUG: Script completed without errors\" >> /var/tmp/scriptd.out 85 | exit 0 86 | --------------------------------------------------------------------------------