Daniel Berteaud
6 years ago
parent
d0e9406dc3
commit
4324829135
4 changed files with 440 additions and 0 deletions
@ -0,0 +1,32 @@ |
|||||||
|
package : fws-backuppc_agent |
||||||
|
version : 1.3.4-1 |
||||||
|
architecture : all |
||||||
|
section : base |
||||||
|
priority : optional |
||||||
|
maintainer : Daniel Berteaud |
||||||
|
description : BackupPC Agent |
||||||
|
depends : |
||||||
|
conflicts : |
||||||
|
maturity : DEV |
||||||
|
locale : all |
||||||
|
target_os : windows |
||||||
|
min_os_version : 5.0 |
||||||
|
max_os_version : |
||||||
|
min_wapt_version : 1.3.12 |
||||||
|
sources : |
||||||
|
installed_size : |
||||||
|
impacted_process : |
||||||
|
description_fr : Agent de sauvegarde BackupPC |
||||||
|
description_pl : |
||||||
|
description_de : |
||||||
|
description_es : |
||||||
|
audit_schedule : 4w |
||||||
|
editor : |
||||||
|
keywords : |
||||||
|
licence : GPLv2+ |
||||||
|
homepage : http://www.michaelstowe.com/backuppc/ |
||||||
|
package_uuid : |
||||||
|
signer : Daniel Berteaud |
||||||
|
signer_fingerprint: |
||||||
|
signature_date : |
||||||
|
signed_attributes : |
||||||
@ -0,0 +1,24 @@ |
|||||||
|
use chroot = false |
||||||
|
strict modes = false |
||||||
|
pid file = rsyncd.pid |
||||||
|
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=65536 |
||||||
|
|
||||||
|
[PART1] |
||||||
|
path = /cygdrive/B/ |
||||||
|
auth users = backup |
||||||
|
secrets file = rsyncd.secrets |
||||||
|
|
||||||
|
[PART2] |
||||||
|
path = /cygdrive/L/ |
||||||
|
auth users = backup |
||||||
|
secrets file = rsyncd.secrets |
||||||
|
|
||||||
|
[PART3] |
||||||
|
path = /cygdrive/M/ |
||||||
|
auth users = backup |
||||||
|
secrets file = rsyncd.secrets |
||||||
|
|
||||||
|
[PART4] |
||||||
|
path = /cygdrive/N/ |
||||||
|
auth users = backup |
||||||
|
secrets file = rsyncd.secrets |
||||||
@ -0,0 +1,89 @@ |
|||||||
|
# -*- coding: utf-8 -*- |
||||||
|
from setuphelpers import * |
||||||
|
from cryptography.fernet import Fernet |
||||||
|
import json |
||||||
|
import os |
||||||
|
|
||||||
|
uninstallkey = [] |
||||||
|
|
||||||
|
variables = { |
||||||
|
'backup_servers': [ '192.168.100.31' ], |
||||||
|
'backup_rsync_pass': 's3cretp@ssw0rd' |
||||||
|
} |
||||||
|
|
||||||
|
# Read local variables file if available |
||||||
|
if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')): |
||||||
|
print('Reading local encrypted variables file') |
||||||
|
f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read()) |
||||||
|
variables.update(json.loads(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read()))) |
||||||
|
|
||||||
|
overrides = ['rsyncd.conf', 'pre-exec.cmd', 'vsrsync.cmd', 'cygiconv-2.dll', 'cygwin1.dll', 'cygz.dll', 'rsync.exe'] |
||||||
|
|
||||||
|
def install(): |
||||||
|
print('Installing BackupPC Agent') |
||||||
|
version = control['version'].split('-',1)[0] |
||||||
|
install_exe_if_needed("backuppc-client.exe",silentflags='/S',key='BackupPC',min_version=version,killbefore=['rsync.exe']) |
||||||
|
# We override some files |
||||||
|
# cygwin and rsync are needed because version 3.1.1 is very unreliable on Win2012, so we downgrade to 3.0.9 |
||||||
|
# our own pre-exec adds an exclusive lock |
||||||
|
# And vsrsync.cmd fixes an issue when PATH contains a & char |
||||||
|
print('Overriding scripts and binaries') |
||||||
|
for file in overrides: |
||||||
|
print('Copying %s' % file) |
||||||
|
filecopyto(file,makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC')) |
||||||
|
|
||||||
|
# We write credential file |
||||||
|
print('Writing credential file') |
||||||
|
open(makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC','rsyncd.secrets'),'w').write('backup:%s' % variables['backup_rsync_pass']) |
||||||
|
|
||||||
|
# The default behaviour is to add a firewall rule allowing local network. We'll remove this rule to create a more restrictive one |
||||||
|
print('Adding firewall rules') |
||||||
|
run('netsh advfirewall firewall del rule name="Agent BackupPC"', accept_returncodes=[0,1]) |
||||||
|
run('netsh advfirewall firewall add rule name="Agent BackupPC" dir=in action=allow program="%s" enable=yes remoteip=%s' % (makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC','rsync.exe'),','.join(variables['backup_servers']))) |
||||||
|
# Port 445 is needed for winexe |
||||||
|
run('netsh advfirewall firewall add rule name="remote admin" dir=in action=allow protocol=TCP localport=445 enable=yes remoteip=%s' % ','.join(variables['backup_servers'])) |
||||||
|
|
||||||
|
# Create the backup account |
||||||
|
print('Create a local account and add it to the admin group') |
||||||
|
run('net user lbkp /add', accept_returncodes=[0,2]) |
||||||
|
if 'backup_pass' in variables: |
||||||
|
run('net user lbkp %s' % variables['backup_pass']) |
||||||
|
run('net localgroup Administrateurs lbkp /add', accept_returncodes=[0,2]) |
||||||
|
|
||||||
|
# For vista and newer, UAC prevents admin shares, we need to enable it |
||||||
|
print('Enabling remote access to admin shares') |
||||||
|
if windows_version() > Version('6'): |
||||||
|
reg_key = reg_openkey_noredir(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system',sam=KEY_WRITE,create_if_missing=True) |
||||||
|
reg_setvalue(reg_key, 'LocalAccountTokenFilterPolicy', 1, REG_DWORD) |
||||||
|
|
||||||
|
|
||||||
|
def uninstall(): |
||||||
|
print('Removing BackupPC Agent') |
||||||
|
print('Removing firewall rules') |
||||||
|
run('netsh advfirewall firewall del rule name="Agent BackupPC"', accept_returncodes=[0,1]) |
||||||
|
run('netsh advfirewall firewall del rule name="remote admin"', accept_returncodes=[0,1]) |
||||||
|
print('Removing lbkp from Admin group') |
||||||
|
run('net localgroup Administrateurs lbkp /delete', accept_returncodes=[0,2]) |
||||||
|
print('Disabling remote access to admin shares') |
||||||
|
if windows_version() > Version('6'): |
||||||
|
reg_key = reg_openkey_noredir(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system',sam=KEY_WRITE) |
||||||
|
reg_delvalue(reg_key, 'LocalAccountTokenFilterPolicy') |
||||||
|
print('Removing files') |
||||||
|
for file in overrides: |
||||||
|
path =makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC',file) |
||||||
|
if isfile(path): |
||||||
|
os.unlink(path) |
||||||
|
|
||||||
|
def audit(): |
||||||
|
filter_policy = registry_readstring(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system','LocalAccountTokenFilterPolicy') |
||||||
|
if not filter_policy : |
||||||
|
print(r"key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy doesn't exist") |
||||||
|
return "ERROR" |
||||||
|
elif int(filter_policy) != 1 : |
||||||
|
print("Wrong value for LocalAccountTokenFilterPolicy") |
||||||
|
return "ERROR" |
||||||
|
for file in overrides + ['rsyncd.secrets','part.cmd' ]: |
||||||
|
if not isfile(makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC',file)): |
||||||
|
print('%s is missing' % makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC',file)) |
||||||
|
return "ERROR" |
||||||
|
return "OK" |
||||||
Loading…
Reference in new issue