wapt-backuppc-agent/setup.py

# -*- coding: utf-8 -*-
from setuphelpers import *
from cryptography.fernet import Fernet
import json
import os

uninstallkey = []

variables = {
    'backup_servers': [ '192.168.100.31' ],
    'backup_rsync_pass': 's3cretp@ssw0rd',
    'backup_ssh_keys': []
}

# Read local variables file if available
if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')):
    print('Reading local encrypted variables file')
    f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read())
    variables.update(json.loads(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read())))

overrides = ['rsyncd.conf', 'rsync.cmd', 'pre-exec.cmd', 'vsrsync.cmd', 'cygiconv-2.dll', 'cygwin1.dll', 'cygz.dll', 'rsync.exe']

def install():
    print('Installing BackupPC Agent')
    version = control['version'].split('-',1)[0]
    install_exe_if_needed("backuppc-client.exe",silentflags='/S',key='BackupPC',min_version=version,killbefore=['rsync.exe'])
    # We override some files
    # cygwin and rsync are needed because version 3.1.1 is very unreliable on Win2012, so we downgrade to 3.0.9
    # our own pre-exec adds an exclusive lock
    # And vsrsync.cmd fixes an issue when PATH contains a & char
    print('Overriding scripts and binaries')
    for file in overrides:
        print('Copying %s' % file)
        filecopyto(file,makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC'))

    # We write credential file
    print('Writing credential file')
    open(makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC','rsyncd.secrets'),'w').write('backup:%s' % variables['backup_rsync_pass'])

    # The default behaviour is to add a firewall rule allowing local network. We'll remove this rule to create a more restrictive one
    print('Removing uneeded firewall rules')
    run('netsh advfirewall firewall del rule name="Agent BackupPC"', accept_returncodes=[0,1])

    # Create the backup account
    print('Create a local account and add it to the admin group')
    run('net user lbkp /add', accept_returncodes=[0,2])
    if 'backup_pass' in variables :
        run('net user lbkp %s' % variables['backup_pass'])
    run('net localgroup Administrateurs lbkp /add', accept_returncodes=[0,2])
    print('Writing SSH Keys for the backup account')
    mkdirs(makepath(os.getenv('SYSTEMDRIVE','C:\\'),'Users','lbkp','.ssh'))
    open(makepath(os.getenv('SYSTEMDRIVE','C:\\'),'Users','lbkp','.ssh','authorized_keys'),'w').write("\n".join(variables['backup_ssh_keys']))
    run(r'icacls.exe "%s" /inheritance:d' % makepath(os.getenv('SYSTEMDRIVE','C:\\'),'Users','lbkp','.ssh','authorized_keys'))
    run(r'icacls.exe "%s" /remove:g "*S-1-5-32-545" /t /c /q' % makepath(os.getenv('SYSTEMDRIVE','C:\\'),'Users','lbkp','.ssh','authorized_keys'))
    run(r'icacls.exe "%s" /remove:g "*S-1-5-11" /t /c /q' %  makepath(os.getenv('SYSTEMDRIVE','C:\\'),'Users','lbkp','.ssh','authorized_keys'))
    run(r'icacls.exe "%s" /grant "NT SERVICE\sshd":(R)' % makepath(os.getenv('SYSTEMDRIVE','C:\\'),'Users','lbkp','.ssh','authorized_keys'))


def uninstall():
    print('Removing BackupPC Agent')
    print('Removing lbkp from Admin group')
    run('net localgroup Administrateurs lbkp /delete', accept_returncodes=[0,2])
    print('Removing files')
    for file in overrides:
        path = makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC',file)
        if isfile(path):
            os.unlink(path)

def audit():
    for file in overrides + ['rsyncd.secrets','part.cmd' ]:
        if not isfile(makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC',file)):
            print('%s is missing' % makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC',file))
            return "ERROR"
    return "OK"