BackupPC Agent for WAPT
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

97 lines
4.4KB

  1. # -*- coding: utf-8 -*-
  2. from setuphelpers import *
  3. import os, random, string, time
  4. from jinja2 import Environment, FileSystemLoader
  5. uninstallkey = []
  6. variables = {
  7. 'backup_servers': [ '192.168.100.31' ],
  8. 'backup_rsync_pass': 's3cretp@ssw0rd',
  9. 'backup_ssh_keys': []
  10. }
  11. # Read local variables file if available
  12. if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')):
  13. print('Reading local encrypted variables file')
  14. from cryptography.fernet import Fernet
  15. import yaml
  16. f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read())
  17. variables.update(yaml.safe_load(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read())))
  18. # Create a random pass for the local backup account if not defined
  19. if not 'backup_pass' in variables:
  20. variables['backup_pass'] = ''.join(random.sample(string.lowercase+string.uppercase+string.digits,60))
  21. overrides = ['rsyncd.conf', 'rsync.cmd', 'pre-exec.cmd', 'vsrsync.cmd', 'cygiconv-2.dll', 'cygwin1.dll', 'cygz.dll', 'rsync.exe']
  22. install_dir = makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC')
  23. def install():
  24. print('Installing BackupPC Agent')
  25. version = control['version'].split('-',1)[0]
  26. install_exe_if_needed("backuppc-client.exe",silentflags='/S',key='BackupPC',min_version=version,killbefore=['rsync.exe'])
  27. # We override some files
  28. # cygwin and rsync are needed because version 3.1.1 is very unreliable on Win2012, so we downgrade to 3.0.9
  29. # our own pre-exec adds an exclusive lock
  30. # And vsrsync.cmd fixes an issue when PATH contains a & char
  31. print('Overriding scripts and binaries')
  32. for file in overrides:
  33. print('Copying %s' % file)
  34. filecopyto(file, install_dir)
  35. # We write credential file
  36. print('Writing credential file')
  37. open(r'%s\rsyncd.secrets' % install_dir,'w').write('backup:%s' % variables['backup_rsync_pass'])
  38. # The default behaviour is to add a firewall rule allowing local network. We'll remove this rule to create a more restrictive one
  39. print('Removing uneeded firewall rules')
  40. run('netsh advfirewall firewall del rule name="Agent BackupPC"', accept_returncodes=[0,1])
  41. # Create the backup account
  42. print('Create a local account and add it to the admin group')
  43. run('net user lbkp /add', accept_returncodes=[0,2])
  44. run('net user lbkp %s' % variables['backup_pass'])
  45. run('net localgroup Administrateurs lbkp /add', accept_returncodes=[0,2])
  46. print('Restricting permissions on private files')
  47. run(r'icacls.exe "%s" /inheritance:d' % install_dir)
  48. run(r'icacls.exe "%s" /remove:g "*S-1-5-32-545" /t /c /q' % install_dir)
  49. run(r'icacls.exe "%s" /remove:g "*S-1-5-11" /t /c /q' % install_dir)
  50. run(r'icacls.exe "%s" /remove:g "*S-1-5-1" /t /c /q' % install_dir)
  51. run(r'icacls.exe "%s" /remove:g "*S-1-1-0" /t /c /q' % install_dir)
  52. print('Creating the deploy_keys.bat')
  53. jinja2 = Environment(
  54. loader=FileSystemLoader('.'),
  55. trim_blocks=True
  56. )
  57. open(r'%s\deploy_keys.bat' % install_dir,'w').write(
  58. jinja2.get_template('deploy_keys.bat.j2').render(
  59. ssh_keys = variables['backup_ssh_keys']
  60. )
  61. )
  62. # We need to create lbkp profile dir and put it's .ssh.authorized_keys file.
  63. # We can't use runas, we can't use psexec either as waptservice runs as SYSTEM. So we create a one-time task running as user lbkp
  64. # This task just creates .ssh and populate .ssh/authorized_keys
  65. print('Deploying ssh keys through a scheduled task')
  66. run(r'schtasks /Create /SC ONCE /TN "deploy_backup_ssh_keys" /TR "%s\deploy_keys.bat" /ST "%s" /RU lbkp /RP %s /F /V1 /Z' % (install_dir, time.strftime('%H:%M:%S',time.localtime(time.time() + 120)), variables['backup_pass']))
  67. run_task('deploy_backup_ssh_keys')
  68. #delete_task('deploy_backup_ssh_keys')
  69. def uninstall():
  70. print('Removing BackupPC Agent')
  71. print('Removing lbkp account')
  72. delete_user('lbkp')
  73. print('Removing files')
  74. for file in overrides:
  75. path = makepath(install_dir, file)
  76. if isfile(path):
  77. os.unlink(path)
  78. def audit():
  79. for file in overrides + ['rsyncd.secrets','part.cmd' ]:
  80. if not isfile(makepath(install_dir, file)):
  81. print('%s is missing' % makepath(install_dir, file))
  82. return "ERROR"
  83. return "OK"