External/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2025-12-29 16:14:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

choose which directories to back up and fix test backup.

Browse Source 
choose which directories to back up and fix test backup.
This commit is contained in:
buildplan
2025-07-07 20:25:56 +01:00
committed by GitHub
parent b9ebe756ca fa1a443b16
commit 87dec196c9
3 changed files with 71 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -1,8 +1,8 @@
# Debian & Ubuntu Server Setup & Hardening Script # Debian & Ubuntu Server Setup & Hardening Script
**Version:** v0.56 **Version:** v0.57
**Last Updated:** 2025-07-04 **Last Updated:** 2025-07-07
**Compatible With:** **Compatible With:**
@@ -75,12 +75,12 @@ sha256sum du_setup.sh
Compare the output hash to the one below. They must match exactly. Compare the output hash to the one below. They must match exactly.
`d8c56a3927972cb0e6a5c1f732a03bcdd050715a949ff58232e3bfe6d0c6d260` `7d8fa1b1682018eb5d3470630b6b28b620f090f1066035b4c483737f2697d736`
Or echo the hash to check, it should output: `du_setup.sh: OK` Or echo the hash to check, it should output: `du_setup.sh: OK`
``` ```
echo d8c56a3927972cb0e6a5c1f732a03bcdd050715a949ff58232e3bfe6d0c6d260 du_setup.sh | sha256sum --check - echo 7d8fa1b1682018eb5d3470630b6b28b620f090f1066035b4c483737f2697d736 du_setup.sh | sha256sum --check -
``` ```
### 3\. Run the Script ### 3\. Run the Script

144
du_setup.sh
View File

@@ -1,8 +1,10 @@
#!/bin/bash #!/bin/bash
# Debian 12 and Ubuntu Server Hardening Interactive Script # Debian 12 and Ubuntu Server Hardening Interactive Script
# Version: 0.56 | 2025-07-04 # Version: 0.57 | 2025-07-07
# Changelog: # Changelog:
# - v0.57: Fix for silent failure at test_backup()
# Option to choose which directories to back up.
# - v0.56: Make tailscale config optional # - v0.56: Make tailscale config optional
# - v0.55: Improving setup_user() - ssh-keygen replaced the option to skip ssh key # - v0.55: Improving setup_user() - ssh-keygen replaced the option to skip ssh key
# - v0.54: Fix for rollback_ssh_changes() - more reliable on newer Ubuntu # - v0.54: Fix for rollback_ssh_changes() - more reliable on newer Ubuntu
@@ -109,7 +111,7 @@ print_header() {
echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}" echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}║ ║${NC}"
echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}" echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}"
echo -e "${CYAN}║ v0.56 | 2025-07-04${NC}" echo -e "${CYAN}║ v0.57 | 2025-07-07${NC}"
echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}║ ║${NC}"
echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}" echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
echo echo
@@ -1486,6 +1488,35 @@ setup_backup() {
fi fi
fi fi
# --- Collect Backup Source Directories ---
local BACKUP_DIRS_ARRAY=()
while true; do
print_info "Enter the full paths of directories to back up, separated by spaces."
read -rp "$(echo -e "${CYAN}Default is '/home/${USERNAME}/'. Press Enter for default or provide your own: ${NC}")" -a user_input_dirs
if [ ${#user_input_dirs[@]} -eq 0 ]; then
BACKUP_DIRS_ARRAY=("/home/${USERNAME}/")
break
fi
local all_valid=true
for dir in "${user_input_dirs[@]}"; do
if [[ ! "$dir" =~ ^/ ]]; then
print_error "Invalid path: '$dir'. All paths must be absolute (start with '/'). Please try again."
all_valid=false
break
fi
done
if [[ "$all_valid" == true ]]; then
BACKUP_DIRS_ARRAY=("${user_input_dirs[@]}")
break
fi
done
# Convert array to a space-separated string for the backup script
local BACKUP_DIRS_STRING="${BACKUP_DIRS_ARRAY[*]}"
print_info "Directories to be backed up: $BACKUP_DIRS_STRING"
# --- Create Exclude File --- # --- Create Exclude File ---
print_info "Creating rsync exclude file at $EXCLUDE_FILE_PATH..." print_info "Creating rsync exclude file at $EXCLUDE_FILE_PATH..."
tee "$EXCLUDE_FILE_PATH" > /dev/null <<'EOF' tee "$EXCLUDE_FILE_PATH" > /dev/null <<'EOF'
@@ -1494,11 +1525,16 @@ setup_backup() {
.docker/ .docker/
.local/ .local/
.npm/ .npm/
.ssh/
.vscode-server/ .vscode-server/
*.log *.log
*.tmp *.tmp
node_modules/ node_modules/
.bashrc
.bash_history .bash_history
.bash_logout
.cloud-locale-test.skip
.profile
.wget-hsts .wget-hsts
EOF EOF
if confirm "Add more directories/files to the exclude list?"; then if confirm "Add more directories/files to the exclude list?"; then
@@ -1548,7 +1584,7 @@ EOF
# Generated by server setup script on $(date) # Generated by server setup script on $(date)
set -Euo pipefail; umask 077 set -Euo pipefail; umask 077
# --- CONFIGURATION --- # --- CONFIGURATION ---
LOCAL_DIR="/home/${USERNAME}/" BACKUP_DIRS="${BACKUP_DIRS_STRING}"
REMOTE_DEST="${BACKUP_DEST}" REMOTE_DEST="${BACKUP_DEST}"
REMOTE_PATH="${REMOTE_BACKUP_PATH}" REMOTE_PATH="${REMOTE_BACKUP_PATH}"
SSH_PORT="${BACKUP_PORT}" SSH_PORT="${BACKUP_PORT}"
@@ -1586,7 +1622,7 @@ exec 200>"$LOCK_FILE"; flock -n 200 || { echo "Backup already running."; exit 1;
touch "$LOG_FILE"; chmod 600 "$LOG_FILE"; if [[ -f "$LOG_FILE" && $(stat -c%s "$LOG_FILE") -gt 10485760 ]]; then mv "$LOG_FILE" "${LOG_FILE}.1"; fi touch "$LOG_FILE"; chmod 600 "$LOG_FILE"; if [[ -f "$LOG_FILE" && $(stat -c%s "$LOG_FILE") -gt 10485760 ]]; then mv "$LOG_FILE" "${LOG_FILE}.1"; fi
echo "--- Starting Backup at $(date) ---" >> "$LOG_FILE" echo "--- Starting Backup at $(date) ---" >> "$LOG_FILE"
# --- RSYNC COMMAND --- # --- RSYNC COMMAND ---
rsync_output=$(rsync -avz --delete --stats --exclude-from="$EXCLUDE_FILE" -e "ssh -p $SSH_PORT" "$LOCAL_DIR" "${REMOTE_DEST}:${REMOTE_PATH}" 2>&1) rsync_output=$(rsync -avz --delete --stats --exclude-from="$EXCLUDE_FILE" -e "ssh -p $SSH_PORT" $BACKUP_DIRS "${REMOTE_DEST}:${REMOTE_PATH}" 2>&1)
rsync_exit_code=$?; echo "$rsync_output" >> "$LOG_FILE" rsync_exit_code=$?; echo "$rsync_output" >> "$LOG_FILE"
# --- NOTIFICATION --- # --- NOTIFICATION ---
if [[ $rsync_exit_code -eq 0 ]]; then if [[ $rsync_exit_code -eq 0 ]]; then
@@ -1658,30 +1694,19 @@ test_backup() {
if [[ $(id -u) -ne 0 ]]; then if [[ $(id -u) -ne 0 ]]; then
print_error "Backup test must be run as root. Re-run with 'sudo -E' or as root." print_error "Backup test must be run as root. Re-run with 'sudo -E' or as root."
log "Backup test failed: Script not run as root (UID $(id -u))." log "Backup test failed: Script not run as root (UID $(id -u))."
print_info "Action: Run the script with 'sudo -E ./du_setup.sh' or as the root user."
return 0 return 0
fi fi
# Check if backup script exists and is readable
local BACKUP_SCRIPT_PATH="/root/run_backup.sh" local BACKUP_SCRIPT_PATH="/root/run_backup.sh"
if [[ ! -f "$BACKUP_SCRIPT_PATH" ]]; then if [[ ! -f "$BACKUP_SCRIPT_PATH" || ! -r "$BACKUP_SCRIPT_PATH" ]]; then
print_error "Backup script not found at $BACKUP_SCRIPT_PATH." print_error "Backup script not found or not readable at $BACKUP_SCRIPT_PATH."
log "Backup test failed: $BACKUP_SCRIPT_PATH not found." log "Backup test failed: Script not found or not readable."
print_info "Action: Ensure the backup script exists at $BACKUP_SCRIPT_PATH and is accessible."
return 0
fi
if [[ ! -r "$BACKUP_SCRIPT_PATH" ]]; then
print_error "Cannot read backup script at $BACKUP_SCRIPT_PATH. Check permissions."
log "Backup test failed: $BACKUP_SCRIPT_PATH not readable."
print_info "Action: Run 'chmod u+r $BACKUP_SCRIPT_PATH' as root to fix permissions."
return 0 return 0
fi fi
# Check if timeout command is available
if ! command -v timeout >/dev/null 2>&1; then if ! command -v timeout >/dev/null 2>&1; then
print_error "The 'timeout' command is not available. Please install coreutils." print_error "The 'timeout' command is not available. Please install coreutils."
log "Backup test failed: 'timeout' command not found." log "Backup test failed: 'timeout' command not found."
print_info "Action: Install coreutils with 'apt install coreutils' or equivalent."
return 0 return 0
fi fi
@@ -1691,69 +1716,38 @@ test_backup() {
return 0 return 0
fi fi
# Extract backup configuration from script # Extract backup configuration from the generated backup script
local BACKUP_DEST REMOTE_BACKUP_PATH BACKUP_PORT SSH_COPY_ID_FLAGS local BACKUP_DEST REMOTE_BACKUP_PATH BACKUP_PORT
BACKUP_DEST=$(grep "^REMOTE_DEST=" "$BACKUP_SCRIPT_PATH" | cut -d'"' -f2 2>/dev/null || echo "unknown") BACKUP_DEST=$(grep "^REMOTE_DEST=" "$BACKUP_SCRIPT_PATH" | cut -d'"' -f2 2>/dev/null || echo "unknown")
BACKUP_PORT=$(grep "^SSH_PORT=" "$BACKUP_SCRIPT_PATH" | cut -d'"' -f2 2>/dev/null || echo "22") BACKUP_PORT=$(grep "^SSH_PORT=" "$BACKUP_SCRIPT_PATH" | cut -d'"' -f2 2>/dev/null || echo "22")
REMOTE_BACKUP_PATH=$(grep "^REMOTE_PATH=" "$BACKUP_SCRIPT_PATH" | cut -d'"' -f2 2>/dev/null || echo "unknown") REMOTE_BACKUP_PATH=$(grep "^REMOTE_PATH=" "$BACKUP_SCRIPT_PATH" | cut -d'"' -f2 2>/dev/null || echo "unknown")
SSH_COPY_ID_FLAGS=$(grep "^SSH_COPY_ID_FLAGS=" "$BACKUP_SCRIPT_PATH" | cut -d'"' -f2 2>/dev/null || echo "")
local BACKUP_LOG="/var/log/backup_rsync.log" local BACKUP_LOG="/var/log/backup_rsync.log"
if [[ "$BACKUP_DEST" == "unknown" || "$REMOTE_BACKUP_PATH" == "unknown" ]]; then if [[ "$BACKUP_DEST" == "unknown" || "$REMOTE_BACKUP_PATH" == "unknown" ]]; then
print_error "Invalid backup configuration in $BACKUP_SCRIPT_PATH." print_error "Could not parse backup configuration from $BACKUP_SCRIPT_PATH."
log "Backup test failed: Invalid configuration in $BACKUP_SCRIPT_PATH." log "Backup test failed: Invalid configuration in $BACKUP_SCRIPT_PATH."
print_info "Action: Check $BACKUP_SCRIPT_PATH for valid REMOTE_DEST and REMOTE_PATH variables."
return 0 return 0
fi fi
# Ensure backup log is writable # Create a temporary directory and file for the test
if ! touch "$BACKUP_LOG" 2>/dev/null || ! chmod 600 "$BACKUP_LOG" 2>/dev/null; then
print_error "Cannot create or write to $BACKUP_LOG."
log "Backup test failed: Cannot write to $BACKUP_LOG."
print_info "Action: Ensure /var/log/ is writable by root and try again."
return 0
fi
# Check SSH key existence
local SSH_KEY="/root/.ssh/id_ed25519"
if [[ ! -f "$SSH_KEY" || ! -r "$SSH_KEY" ]]; then
print_error "SSH key $SSH_KEY not found or not readable."
log "Backup test failed: SSH key not found or not readable."
print_info "Action: Create or fix permissions for $SSH_KEY with 'chmod 600 $SSH_KEY'."
return 0
fi
# Create a temporary test directory
local TEST_DIR="/root/test_backup_$(date +%Y%m%d_%H%M%S)" local TEST_DIR="/root/test_backup_$(date +%Y%m%d_%H%M%S)"
if ! mkdir -p "$TEST_DIR" 2>/dev/null; then if ! mkdir -p "$TEST_DIR" || ! echo "Test file for backup verification" > "$TEST_DIR/test.txt"; then
print_error "Failed to create test directory $TEST_DIR." print_error "Failed to create test directory or file in /root/."
log "Backup test failed: Cannot create $TEST_DIR." log "Backup test failed: Cannot create test directory/file."
print_info "Action: Ensure /root/ is writable by root and try again."
return 0
fi
if ! echo "Test file for backup verification" > "$TEST_DIR/test.txt" 2>/dev/null; then
print_error "Failed to create test file in $TEST_DIR."
log "Backup test failed: Cannot create test file in $TEST_DIR."
print_info "Action: Ensure /root/ is writable by root and try again."
rm -rf "$TEST_DIR" 2>/dev/null
return 0
fi
if ! chmod 600 "$TEST_DIR/test.txt" 2>/dev/null; then
print_error "Failed to set permissions on $TEST_DIR/test.txt."
log "Backup test failed: Cannot set permissions on $TEST_DIR/test.txt."
print_info "Action: Ensure /root/ is writable by root and try again."
rm -rf "$TEST_DIR" 2>/dev/null rm -rf "$TEST_DIR" 2>/dev/null
return 0 return 0
fi fi
print_info "Running test backup to $BACKUP_DEST:$REMOTE_BACKUP_PATH..." print_info "Running test backup to $BACKUP_DEST:$REMOTE_BACKUP_PATH..."
local RSYNC_OUTPUT RSYNC_EXIT_CODE TIMEOUT_DURATION=120 local RSYNC_OUTPUT RSYNC_EXIT_CODE TIMEOUT_DURATION=120
local SSH_KEY="/root/.ssh/id_ed25519"
local SSH_COMMAND="ssh -p $BACKUP_PORT -i $SSH_KEY -o BatchMode=yes -o StrictHostKeyChecking=no" local SSH_COMMAND="ssh -p $BACKUP_PORT -i $SSH_KEY -o BatchMode=yes -o StrictHostKeyChecking=no"
if [[ -n "$SSH_COPY_ID_FLAGS" ]]; then
SSH_COMMAND="sftp -P $BACKUP_PORT -i $SSH_KEY -o BatchMode=yes -o StrictHostKeyChecking=no" set +e
fi
RSYNC_OUTPUT=$(timeout "$TIMEOUT_DURATION" rsync -avz --delete -e "$SSH_COMMAND" "$TEST_DIR/" "${BACKUP_DEST}:${REMOTE_BACKUP_PATH}test_backup/" 2>&1) RSYNC_OUTPUT=$(timeout "$TIMEOUT_DURATION" rsync -avz --delete -e "$SSH_COMMAND" "$TEST_DIR/" "${BACKUP_DEST}:${REMOTE_BACKUP_PATH}test_backup/" 2>&1)
RSYNC_EXIT_CODE=$? RSYNC_EXIT_CODE=$?
set -e # Re-enable 'exit on error'
echo "--- Test Backup at $(date) ---" >> "$BACKUP_LOG" echo "--- Test Backup at $(date) ---" >> "$BACKUP_LOG"
echo "$RSYNC_OUTPUT" >> "$BACKUP_LOG" echo "$RSYNC_OUTPUT" >> "$BACKUP_LOG"
@@ -1761,30 +1755,24 @@ test_backup() {
print_success "Test backup successful! Check $BACKUP_LOG for details." print_success "Test backup successful! Check $BACKUP_LOG for details."
log "Test backup successful." log "Test backup successful."
else else
print_warning "The backup test failed. This is not critical, and the script will continue."
print_info "You can troubleshoot this after the server setup is complete."
if [[ $RSYNC_EXIT_CODE -eq 124 ]]; then if [[ $RSYNC_EXIT_CODE -eq 124 ]]; then
print_error "Test backup timed out after $TIMEOUT_DURATION seconds. Check network connectivity or increase timeout." print_error "Test backup timed out after $TIMEOUT_DURATION seconds."
log "Test backup failed: Timeout after $TIMEOUT_DURATION seconds." log "Test backup failed: Timeout after $TIMEOUT_DURATION seconds."
print_info "Action: Verify network connectivity to $BACKUP_DEST and retry."
else else
print_error "Test backup failed (exit code: $RSYNC_EXIT_CODE). Check $BACKUP_LOG for details." print_error "Test backup failed (exit code: $RSYNC_EXIT_CODE). See $BACKUP_LOG for details."
log "Test backup failed with exit code $RSYNC_EXIT_CODE." log "Test backup failed with exit code $RSYNC_EXIT_CODE."
print_info "Troubleshooting steps:"
print_info " - Verify SSH key: cat $SSH_KEY.pub"
print_info " - Copy key: ssh-copy-id -p \"$BACKUP_PORT\" -i $SSH_KEY.pub $SSH_COPY_ID_FLAGS \"$BACKUP_DEST\""
print_info " - Test SSH: ssh -p \"$BACKUP_PORT\" -i $SSH_KEY \"$BACKUP_DEST\" true"
if [[ -n "$SSH_COPY_ID_FLAGS" ]]; then
print_info " - For Hetzner, ensure ~/.ssh/ exists: ssh -p \"$BACKUP_PORT\" \"$BACKUP_DEST\" \"mkdir -p ~/.ssh && chmod 700 ~/.ssh\""
fi
fi fi
print_info "Common troubleshooting steps:"
print_info " - Ensure the root SSH key is copied to the destination: ssh-copy-id -p \"$BACKUP_PORT\" -i \"$SSH_KEY.pub\" \"$BACKUP_DEST\""
print_info " - Check firewall rules on both this server and the destination."
fi fi
# Clean up test directory # Clean up the temporary test directory
if ! rm -rf "$TEST_DIR" 2>/dev/null; then rm -rf "$TEST_DIR" 2>/dev/null
print_warning "Failed to clean up test directory $TEST_DIR."
log "Cleanup of $TEST_DIR failed."
print_info "Action: Manually remove $TEST_DIR with 'rm -rf $TEST_DIR' as root."
fi
print_success "Backup test completed." print_success "Backup test completed."
log "Backup test completed." log "Backup test completed."
return 0 return 0

2
du_setup.sh.sha256
View File

@@ -1 +1 @@
d8c56a3927972cb0e6a5c1f732a03bcdd050715a949ff58232e3bfe6d0c6d260 du_setup.sh 7d8fa1b1682018eb5d3470630b6b28b620f090f1066035b4c483737f2697d736 du_setup.sh