BackupPC Agent for WAPT
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

89 lines
4.7KB

  1. # -*- coding: utf-8 -*-
  2. from setuphelpers import *
  3. from cryptography.fernet import Fernet
  4. import json
  5. import os
  6. uninstallkey = []
  7. variables = {
  8. 'backup_servers': [ '192.168.100.31' ],
  9. 'backup_rsync_pass': 's3cretp@ssw0rd'
  10. }
  11. # Read local variables file if available
  12. if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')):
  13. print('Reading local encrypted variables file')
  14. f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read())
  15. variables.update(json.loads(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read())))
  16. overrides = ['rsyncd.conf', 'pre-exec.cmd', 'vsrsync.cmd', 'cygiconv-2.dll', 'cygwin1.dll', 'cygz.dll', 'rsync.exe']
  17. def install():
  18. print('Installing BackupPC Agent')
  19. version = control['version'].split('-',1)[0]
  20. install_exe_if_needed("backuppc-client.exe",silentflags='/S',key='BackupPC',min_version=version,killbefore=['rsync.exe'])
  21. # We override some files
  22. # cygwin and rsync are needed because version 3.1.1 is very unreliable on Win2012, so we downgrade to 3.0.9
  23. # our own pre-exec adds an exclusive lock
  24. # And vsrsync.cmd fixes an issue when PATH contains a & char
  25. print('Overriding scripts and binaries')
  26. for file in overrides:
  27. print('Copying %s' % file)
  28. filecopyto(file,makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC'))
  29. # We write credential file
  30. print('Writing credential file')
  31. open(makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC','rsyncd.secrets'),'w').write('backup:%s' % variables['backup_rsync_pass'])
  32. # The default behaviour is to add a firewall rule allowing local network. We'll remove this rule to create a more restrictive one
  33. print('Adding firewall rules')
  34. run('netsh advfirewall firewall del rule name="Agent BackupPC"', accept_returncodes=[0,1])
  35. run('netsh advfirewall firewall add rule name="Agent BackupPC" dir=in action=allow program="%s" enable=yes remoteip=%s' % (makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC','rsync.exe'),','.join(variables['backup_servers'])))
  36. # Port 445 is needed for winexe
  37. run('netsh advfirewall firewall add rule name="remote admin" dir=in action=allow protocol=TCP localport=445 enable=yes remoteip=%s' % ','.join(variables['backup_servers']))
  38. # Create the backup account
  39. print('Create a local account and add it to the admin group')
  40. run('net user lbkp /add', accept_returncodes=[0,2])
  41. if 'backup_pass' in variables:
  42. run('net user lbkp %s' % variables['backup_pass'])
  43. run('net localgroup Administrateurs lbkp /add', accept_returncodes=[0,2])
  44. # For vista and newer, UAC prevents admin shares, we need to enable it
  45. print('Enabling remote access to admin shares')
  46. if windows_version() > Version('6'):
  47. reg_key = reg_openkey_noredir(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system',sam=KEY_WRITE,create_if_missing=True)
  48. reg_setvalue(reg_key, 'LocalAccountTokenFilterPolicy', 1, REG_DWORD)
  49. def uninstall():
  50. print('Removing BackupPC Agent')
  51. print('Removing firewall rules')
  52. run('netsh advfirewall firewall del rule name="Agent BackupPC"', accept_returncodes=[0,1])
  53. run('netsh advfirewall firewall del rule name="remote admin"', accept_returncodes=[0,1])
  54. print('Removing lbkp from Admin group')
  55. run('net localgroup Administrateurs lbkp /delete', accept_returncodes=[0,2])
  56. print('Disabling remote access to admin shares')
  57. if windows_version() > Version('6'):
  58. reg_key = reg_openkey_noredir(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system',sam=KEY_WRITE)
  59. reg_delvalue(reg_key, 'LocalAccountTokenFilterPolicy')
  60. print('Removing files')
  61. for file in overrides:
  62. path =makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC',file)
  63. if isfile(path):
  64. os.unlink(path)
  65. def audit():
  66. filter_policy = registry_readstring(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system','LocalAccountTokenFilterPolicy')
  67. if not filter_policy :
  68. print(r"key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy doesn't exist")
  69. return "ERROR"
  70. elif int(filter_policy) != 1 :
  71. print("Wrong value for LocalAccountTokenFilterPolicy")
  72. return "ERROR"
  73. for file in overrides + ['rsyncd.secrets','part.cmd' ]:
  74. if not isfile(makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC',file)):
  75. print('%s is missing' % makepath(os.getenv('SYSTEMDRIVE','C:\\'),'BackupPC',file))
  76. return "ERROR"
  77. return "OK"