From ed1075b8c722f4681154cf7c91a845fb83134560 Mon Sep 17 00:00:00 2001 From: Ali Date: Sat, 28 Jun 2025 17:42:48 +0100 Subject: [PATCH] fix summary output --- setup_harden_debian_ubuntu.sh | 105 +++++++++++++++++++++++++--------- 1 file changed, 79 insertions(+), 26 deletions(-) diff --git a/setup_harden_debian_ubuntu.sh b/setup_harden_debian_ubuntu.sh index 5cba1ca..223b157 100644 --- a/setup_harden_debian_ubuntu.sh +++ b/setup_harden_debian_ubuntu.sh @@ -1091,18 +1091,26 @@ EOF if [[ "$n_choice" == "2" ]]; then NOTIFICATION_SETUP="discord" read -rp "$(echo -e "${CYAN}Enter Discord Webhook URL: ${NC}")" DISCORD_WEBHOOK - if [[ ! "$DISCORD_WEBHOOK" =~ ^https://discord.com/api/webhooks/ ]]; then print_error "Invalid Discord webhook URL."; return 1; fi + if [[ ! "$DISCORD_WEBHOOK" =~ ^https://discord.com/api/webhooks/ ]]; then + print_error "Invalid Discord webhook URL." + log "Invalid Discord webhook URL provided." + return 1 + fi else NOTIFICATION_SETUP="ntfy" read -rp "$(echo -e "${CYAN}Enter ntfy URL/topic (e.g., https://ntfy.sh/my-backups): ${NC}")" NTFY_URL read -rp "$(echo -e "${CYAN}Enter ntfy Access Token (optional): ${NC}")" NTFY_TOKEN - if [[ ! "$NTFY_URL" =~ ^https?:// ]]; then print_error "Invalid ntfy URL."; return 1; fi + if [[ ! "$NTFY_URL" =~ ^https?:// ]]; then + print_error "Invalid ntfy URL." + log "Invalid ntfy URL provided." + return 1 + fi fi fi # --- Generate the Backup Script --- print_info "Generating the backup script at $BACKUP_SCRIPT_PATH..." - tee "$BACKUP_SCRIPT_PATH" > /dev/null < /dev/null < /dev/null <<'EOF' + then + print_error "Failed to create backup script at $BACKUP_SCRIPT_PATH." + log "Failed to create backup script at $BACKUP_SCRIPT_PATH." + return 1 + fi + if ! tee -a "$BACKUP_SCRIPT_PATH" > /dev/null <<'EOF' # --- BACKUP SCRIPT LOGIC --- send_notification() { local status="$1" message="$2" title color @@ -1153,12 +1166,51 @@ else send_notification "FAILURE" "$message" fi EOF - chmod 700 "$BACKUP_SCRIPT_PATH" + then + print_error "Failed to append to backup script at $BACKUP_SCRIPT_PATH." + log "Failed to append to backup script at $BACKUP_SCRIPT_PATH." + return 1 + fi + if ! chmod 700 "$BACKUP_SCRIPT_PATH"; then + print_error "Failed to set permissions on $BACKUP_SCRIPT_PATH." + log "Failed to set permissions on $BACKUP_SCRIPT_PATH." + return 1 + fi print_success "Backup script created." # --- Configure Cron Job --- print_info "Configuring root cron job..." - (crontab -u root -l 2>/dev/null || true | grep -v "$CRON_MARKER"; echo "$CRON_SCHEDULE $BACKUP_SCRIPT_PATH $CRON_MARKER") | crontab -u root - + # Ensure crontab is writable + local CRON_DIR="/var/spool/cron/crontabs" + mkdir -p "$CRON_DIR" + chmod 1730 "$CRON_DIR" + chown root:crontab "$CRON_DIR" + # Validate inputs + if [[ -z "$CRON_SCHEDULE" || -z "$BACKUP_SCRIPT_PATH" ]]; then + print_error "Cron schedule or backup script path is empty." + log "Cron configuration failed: CRON_SCHEDULE='$CRON_SCHEDULE', BACKUP_SCRIPT_PATH='$BACKUP_SCRIPT_PATH'" + return 1 + fi + if [[ ! -f "$BACKUP_SCRIPT_PATH" ]]; then + print_error "Backup script $BACKUP_SCRIPT_PATH does not exist." + log "Cron configuration failed: Backup script $BACKUP_SCRIPT_PATH not found." + return 1 + fi + # Create temporary cron file + local TEMP_CRON + TEMP_CRON=$(mktemp) + if ! crontab -u root -l 2>/dev/null | grep -v "$CRON_MARKER" > "$TEMP_CRON"; then + print_warning "No existing crontab found or error reading crontab. Creating new one." + : > "$TEMP_CRON" # Create empty file + fi + echo "$CRON_SCHEDULE $BACKUP_SCRIPT_PATH $CRON_MARKER" >> "$TEMP_CRON" + if ! crontab -u root "$TEMP_CRON" 2>&1 | tee -a "$LOG_FILE"; then + print_error "Failed to configure cron job." + log "Cron configuration failed: Error updating crontab." + rm -f "$TEMP_CRON" + return 1 + fi + rm -f "$TEMP_CRON" print_success "Backup cron job scheduled: $CRON_SCHEDULE" log "Backup configuration completed." } @@ -1336,6 +1388,7 @@ final_cleanup() { log "Final system cleanup completed." } +```bash generate_summary() { print_section "Setup Complete!" print_info "Checking critical services..." @@ -1372,26 +1425,26 @@ generate_summary() { echo -e " Hostname: $SERVER_NAME" echo -e " SSH Port: $SSH_PORT" echo -e " Server IP: $SERVER_IP" - if [[ -f /root/backup.sh ]]; then - local CRON_SCHEDULE=$(crontab -u root -l 2>/dev/null | grep -F "/root/backup.sh" | awk '{print $1, $2, $3, $4, $5}' || echo "Not configured") - local NOTIFICATION_STATUS="None" - local BACKUP_DEST=$(grep "^BACKUP_DEST=" /root/backup.sh | cut -d'"' -f2 || echo "Unknown") - local BACKUP_PORT=$(grep "^SSH_PORT=" /root/backup.sh | cut -d'"' -f2 || echo "Unknown") - local REMOTE_BACKUP_DIR=$(grep "^REMOTE_DIR=" /root/backup.sh | cut -d'"' -f2 || echo "Unknown") - if grep -q "NTFY_URL" /root/backup.sh; then + if [[ -f /root/run_backup.sh ]]; then + local CRON_SCHEDULE=$(crontab -u root -l 2>/dev/null | grep -F "/root/run_backup.sh" | awk '{print $1, $2, $3, $4, $5}' || echo "Not configured") + local NOTIFICATION_STATUS="None" + local BACKUP_DEST=$(grep "^REMOTE_DEST=" /root/run_backup.sh | cut -d'"' -f2 || echo "Unknown") + local BACKUP_PORT=$(grep "^SSH_PORT=" /root/run_backup.sh | cut -d'"' -f2 || echo "Unknown") + local REMOTE_BACKUP_PATH=$(grep "^REMOTE_PATH=" /root/run_backup.sh | cut -d'"' -f2 || echo "Unknown") + if grep -q "NTFY_URL=" /root/run_backup.sh && ! grep -q 'NTFY_URL=""' /root/run_backup.sh; then NOTIFICATION_STATUS="ntfy" - elif grep -q "DISCORD_WEBHOOK" /root/backup.sh; then + elif grep -q "DISCORD_WEBHOOK=" /root/run_backup.sh && ! grep -q 'DISCORD_WEBHOOK=""' /root/run_backup.sh; then NOTIFICATION_STATUS="Discord" - fi - echo -e " Remote Backup: Enabled" - echo -e " - Backup Script: /root/backup.sh" - echo -e " - Destination: $BACKUP_DEST" - echo -e " - SSH Port: $BACKUP_PORT" - echo -e " - Remote Path: $REMOTE_BACKUP_DIR" - echo -e " - Cron Schedule: $CRON_SCHEDULE" - echo -e " - Notifications: $NOTIFICATION_STATUS" + fi + echo -e " Remote Backup: Enabled" + echo -e " - Backup Script: /root/run_backup.sh" + echo -e " - Destination: $BACKUP_DEST" + echo -e " - SSH Port: $BACKUP_PORT" + echo -e " - Remote Path: $REMOTE_BACKUP_PATH" + echo -e " - Cron Schedule: $CRON_SCHEDULE" + echo -e " - Notifications: $NOTIFICATION_STATUS" else - echo -e " Remote Backup: Not configured" + echo -e " Remote Backup: Not configured" fi echo echo -e "${PURPLE}Log File: ${LOG_FILE}${NC}" @@ -1410,12 +1463,12 @@ generate_summary() { if command -v tailscale >/dev/null 2>&1; then echo -e " - Tailscale status: tailscale status" fi - if [[ -f /root/backup.sh ]]; then + if [[ -f /root/run_backup.sh ]]; then echo -e " - Remote Backup:" echo -e " - Verify SSH key: cat /root/.ssh/id_ed25519.pub" echo -e " - Copy key if needed: ssh-copy-id -p $BACKUP_PORT -s $BACKUP_DEST" - echo -e " - Test backup: sudo /root/backup.sh" - echo -e " - Check logs: sudo less /var/log/backup_*.log" + echo -e " - Test backup: sudo /root/run_backup.sh" + echo -e " - Check logs: sudo less /var/log/backup_rsync.log" fi print_warning "\nACTION REQUIRED: If remote backup is enabled, ensure the root SSH key is copied to the destination server." print_warning "A reboot is required to apply all changes cleanly."