#ANNEXE 8 - Script de backup
#===========================
#
#/home/system/scripts/backup/system_backup.sh
#
#!/bin/sh

#
# Debian-secinst v0.1.5 : ANNEXE 8 - Script de backup
# Simon Castro
#

#################
# CONFIGURATION #
#################

### Set these values to run backup.sh

# Location of the last backup date file : The one used to get the 'from date' in incremental mode
LAST_DONE_FILE=/home/system/scripts/backup/.last_done

# The backup partition : it can be unmounted or mounted read-only.
BACKUP_PARTITION=/backup

# Set here the directories or files you want to backup (absolute location from /)
BACKUP_FROM="/bin /boot /dev /etc /home /lib /root /sbin /usr /var"

# Set here the filename containing the file/directories you want to exclude from the backup archive
# This file must exist but may be empty
EXCLUDE="/home/system/scripts/backup/exclude"

# Logger phrase : Used to send the message to syslog but also displays error on stderr
SYSLOG_THIS="-s -p syslog.notice -t Backup"

### Set these values for the ciphering mode 

# This file contains the filenames to backup separately - encoding them with the password
# This file must exist but may be empty
CIPHERED="/home/system/scripts/backup/include_but_ciphered"

# This is the password used to encode the archive
PASSWORD="toto"

# This is the command used to cipher the archive
CIPHER="/usr/bin/openssl enc -des3 -e -k $PASSWORD "

### Set these values if you really need to

# Binaries location
CAT=/bin/cat
CPIO=/bin/cpio
DATE=/bin/date
FIND=/usr/bin/find
GREP=/bin/grep
LOGGER=/usr/bin/logger
MD5SUM=/usr/bin/md5sum
MOUNT=/bin/mount
SED=/bin/sed
SYNC=/bin/sync
UMOUNT=/bin/umount

#############################################
# SYSTEM CONFIGURATION AND INITIAL CHECKING #
#############################################

# Check the $CIPHERED file exists
if [ ! $CIPHERED ] || [ ! -f $CIPHERED ]
  then
  $LOGGER $SYSLOG_THIS "Error : The 'ciphered' file is not set or does not exist"
  exit -1
fi

# Check the $EXCLUDE file exists
if [ ! $EXCLUDE ] || [ ! -f $EXCLUDE ]
  then
  $LOGGER $SYSLOG_THIS "Error : The 'exclude' file is not set or does not exist"
  exit -1
fi

# Check if user forced the full mode

FORCED=0
if [ $1 ] && [ $1 == "-f" ]
  then
  $LOGGER $SYSLOG_THIS "User forced the full backup mode"
  FORCED=1
fi

# Remove first '/' from $BACKUP_FROM directories and go to '/'
BACKUP_FROM=`echo "$BACKUP_FROM" | $SED 's/\(^\/\)\|\(\ \/\)/ /g'`
cd /

# Check if last_done file exist and is set
LAST_DONE_DATE=
if [ $FORCED == 0 ] && [ -f $LAST_DONE_FILE ] && [ -s $LAST_DONE_FILE ]
  then 
    LAST_DONE_DATE=`$CAT $LAST_DONE_FILE`
    $LOGGER $SYSLOG_THIS "Incremental backup beginning : $LAST_DONE_DATE"
  else
    $LOGGER $SYSLOG_THIS "Full backup"
fi

# Check the backup partition and mount it read-write
IS_RO=
ISNT_MOUNTED="mounted" # Remember to always set this value to anything you want but not null
if [ -d $BACKUP_PARTITION ]
  then
    IS_R0=`$MOUNT | $GREP -E "$BACKUP_PARTITION.*ro"`
    ISNT_MOUNTED=`$MOUNT | $GREP -E "$BACKUP_PARTITION"`
    if [ "$IS_R0" ] 
      then
        $LOGGER $SYSLOG_THIS "  Remounting rw $BACKUP_PARTITION"
        $MOUNT -o remount,rw $BACKUP_PARTITION
    fi
    if [ ! "$ISNT_MOUNTED" ]
      then
        $LOGGER $SYSLOG_THIS "  Mounting rw $BACKUP_PARTITION"
        $MOUNT -o rw $BACKUP_PARTITION
    fi

  else
    $LOGGER $SYSLOG_THIS "Error : Won't be able to write backup on $BACKUP_PARTITION"
    exit -1
fi

####################
# DO A FULL BACKUP #
####################

if [ ! "$LAST_DONE_DATE" ]
  then

    # Set the last_done file
    $DATE > $LAST_DONE_FILE

    # Create the backup directory
    DESTDATE=`date "+%d%m%y-%H%M%S"`
    DESTDIR=$BACKUP_PARTITION"/"full_$DESTDATE
    mkdir $DESTDIR

    # Begin the backup in the previously created directory
    for i in $BACKUP_FROM
      do
        # Get the date of THIS file backuping process begin and set the destination backup filename
        DESTDATE=`date "+%d%m%y-%H%M%S"`
        # Set the dest file name from its real name but move '/' to '_'
        DESTFILE=`echo $i | $SED 's/\//_/g'`
        DESTFILE=$DESTDIR"/"$DESTFILE"_"$DESTDATE".tar.gz"

        # Time to backup the file
        $LOGGER $SYSLOG_THIS "    Backuping $DESTFILE"
        tar zcvfp $DESTFILE -X $CIPHERED -X $EXCLUDE $i > /dev/null 2>> $DESTDIR".log"

        # Time to check if errors occurred
        if [ -f $DESTDIR".log" ] && [ -s $DESTDIR".log" ] && $GREP "Error" $DESTDIR".log" > /dev/null
          then
            $LOGGER $SYSLOG_THIS "Error while backuping $i"
          else
            HASH=`$MD5SUM $DESTFILE 2>> $DESTDIR".log"`
            $LOGGER $SYSLOG_THIS "      Hash : $HASH"
            echo $HASH >> $DESTDIR.md5
            HASH=
        fi
    done

    # Begin the backup of the excluded directories in a cpio archive and don't forget quotas configuration files if any...    
    cd / # First : Go to /
    $LOGGER $SYSLOG_THIS "    Backuping excluded files into a cpio archive"
    DESTFILE=$DESTDIR"/excluded.cpio"
    for i in `$CAT $EXCLUDE`
      do
        if [ ! -f $DESTFILE ]
          then
            # First call to cpio => Create the cpio archive
            echo $i | $CPIO -o --quiet > $DESTFILE 2>> $DESTDIR".log"
          else
            # The Cpio archive exists => Appends data
            echo $i | $CPIO -o --quiet -O $DESTFILE -A > /dev/null 2>> $DESTDIR".log"
            # Don't forget the quotas files...
            $FIND $i -name "quota*.[gu]*" | $CPIO -o --quiet -O $DESTFILE -A > /dev/null 2>> $DESTDIR".log"
        fi
    done
    cd - # Last : go to previous directory

    # Time to check if errors occurred
    if [ -f $DESTDIR".log" ] && [ -s $DESTDIR".log" ] && $GREP "Error" $DESTDIR".log" > /dev/null
      then
        $LOGGER $SYSLOG_THIS "Error while backuping $DESTFILE"
      else
        HASH=`$MD5SUM $DESTFILE 2>> $DESTDIR".log"`
        $LOGGER $SYSLOG_THIS "      Hash : $HASH"
        echo $HASH >> $DESTDIR.md5
        HASH=
    fi

fi

############################
# DO AN INCREMENTAL BACKUP #
############################

if [ "$LAST_DONE_DATE" ]
  then

    # Get the last_done date
    LAST_DONE_DATE=`$CAT $LAST_DONE_FILE`
    # Save the new date
    # What kind of incremental backup do we want ?
    #  1. A 'full' incremental backup from the last full backup ?
    #  2. A incremental backup with the day to day changes from the last full backup ?
    #
    # If you choice the 2. solution, uncomment the next line. 
    # $DATE > $LAST_DONE_FILE

    # Create the backup directory
    DESTDATE=`date "+%d%m%y-%H%M%S"`
    DESTDIR=$BACKUP_PARTITION"/"incr_$DESTDATE
    mkdir $DESTDIR

    # Begin the backup
    for i in $BACKUP_FROM
      do
        # Get the date of THIS file backuping process begin and set the destination backup filename
        DESTDATE=`date "+%d%m%y-%H%M%S"`
    # Set the dest file name from its real name but move '/' to '_'
        DESTFILE=`echo $i | $SED 's/\//_/g'`
        DESTFILE=$DESTDIR"/"$DESTFILE"_"$DESTDATE".tar.gz"

    # Time to backup the file
        $LOGGER $SYSLOG_THIS "    Backuping $DESTFILE (incremental)"
        tar zcvfp $DESTFILE -X $CIPHERED -X $EXCLUDE "$DESTFILE" --after-date "$LAST_DONE_DATE" $i 2>> $DESTDIR".log" > /dev/null

    # Time to check if errors occurred
    if [ -f $DESTDIR".log" ] && [ -s $DESTDIR".log" ] && $GREP "Error" $DESTDIR".log" > /dev/null
      then
        $LOGGER $SYSLOG_THIS "Error while backuping $i"
      else
        HASH=`$MD5SUM $DESTFILE 2>> $DESTDIR".log"`
        $LOGGER $SYSLOG_THIS "      Hash : $HASH"
        echo $HASH >> $DESTDIR.md5
        HASH=
    fi
    done
fi

##########################################
# DO A CIPHERED BACKUP OF SPECIFIC FILES #
##########################################

if [ -f $CIPHERED ] && [ -s $CIPHERED ]
  then
    # Time to backup the files
    $LOGGER $SYSLOG_THIS "    Backuping $CIPHERED files"
    DESTFILE=$DESTDIR"/ciphered_"$DESTDATE".tar.gz"
    tar zcvfp $DESTFILE -T $CIPHERED 2>> $DESTDIR".log" > /dev/null

    # Time to cipher the tarball
    $LOGGER $SYSLOG_THIS "      Ciphering $DESTFILE"
    $CIPHER -in $DESTFILE -out $DESTFILE.des3 2>> $DESTDIR".log" > /dev/null

    # Time to remove the original
    $LOGGER $SYSLOG_THIS "      Removing $DESTFILE"
    rm -f $DESTFILE 2>> $DESTDIR".log" > /dev/null

    # Time to get the hash
    if [ -f $DESTDIR".log" ] && [ -s $DESTDIR".log" ] && $GREP "Error" $DESTDIR".log" > /dev/null
      then
        $LOGGER $SYSLOG_THIS "Error while backuping $DESTFILE"
      else
        HASH=`$MD5SUM $DESTFILE.des3 2>> $DESTDIR".log"`
        $LOGGER $SYSLOG_THIS "      Hash : $HASH"
        echo $HASH >> $DESTDIR.md5
        HASH=
    fi
fi

#################################################################
# END : Sync and : remount read-only or umount Backup partition #
#################################################################

$LOGGER $SYSLOG_THIS "  Syncing disks"
$SYNC

if [ "$IS_R0" ]
  then
    $LOGGER $SYSLOG_THIS "  Remounting ro $BACKUP_PARTITION"
    $MOUNT -o remount,ro $BACKUP_PARTITION
fi

if [ ! "$ISNT_MOUNTED" ]
  then
    $LOGGER $SYSLOG_THIS "  Unmounting $BACKUP_PARTITION"
    $UMOUNT $BACKUP_PARTITION
fi