diff options
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | examples/example.sys | 16 | ||||
| -rw-r--r-- | handlers/sys.helper.in | 8 | ||||
| -rwxr-xr-x | handlers/sys.in | 65 | 
4 files changed, 89 insertions, 3 deletions
| @@ -18,6 +18,9 @@ version 0.9.7 -- UNRELEASED  	   does not prevent mysqldump to work.  	 . Fix the error message displayed when mysqld is not running:  	   mysqladmin ping indeed returns 0 when authentication fails. +	sys: +	 . New luksheaders option (default=disabled) to backup the Luks header +	   of every Luks device.  version 0.9.6 -- July 21, 2008      backupninja changes diff --git a/examples/example.sys b/examples/example.sys index af28fd6..a4bffc4 100644 --- a/examples/example.sys +++ b/examples/example.sys @@ -1,6 +1,6 @@  #  # this config file will save various reports of vital system information. -# by default, all the reports are enabled and are saved in /var/backups. +# by default, all the reports are saved in /var/backups.  #  # requires dpkg, debconf-utils, sfdisk, and hwinfo  # @@ -25,6 +25,12 @@  # (4) hardware information.   #     detailed information on most important aspects of the hardware.  # +# (5) the Luks header of every Luks block device, if option luksheaders +#     is enabled. +#     in case you (have to) scramble such a Luks header (for some time), +#     and restore it later by running "dd if=luksheader.sda2.bin of=/dev/sda2" +#     (MAKE SURE YOU PASS THE CORRECT DEVICE AS of= !!!) +#  # here are the defaults, commented out: @@ -47,6 +53,14 @@  # hardwarefile = /var/backups/hardware.txt  # dohwinfo = yes +# luksheaders = no +# NOTE: the __star__ below will be replaced by the Luks partitions found on the +# system (e.g. luksheader.sda2.bin, luksheader.sdb3.bin). If you change  +# the luksheadersfile default below, be sure to include the __star__  +# replacement in the filename, or you will get one file for only one partition, +# the others being written to the same file, and then overwritten by the next. +# luksheadersfile = /var/backups/luksheader.__star__.bin +  # If vservers = yes in /etc/backupninja.conf then the following variables can  # be used:  # vsnames = all | <vserver1> <vserver2> ... (default = all) diff --git a/handlers/sys.helper.in b/handlers/sys.helper.in index d3d99a5..48841e8 100644 --- a/handlers/sys.helper.in +++ b/handlers/sys.helper.in @@ -8,19 +8,22 @@ sys_wizard() {         "packages" "list of all installed packages." on \         "partitions" "the partition table of all disks." on  \         "sfdisk" "use sfdisk to get partition information." on \ -       "hardware" "detailed hardware information" on +       "hardware" "detailed hardware information" on \ +       "luksheaders" "Luks headers of all Luks partitions." off     [ $? = 1 ] && return;         result="$REPLY"     packages="packages = no"     partitions="partitions = no"     sfdisk="dosfdisk = no"     hardware="hardware = no" +   luksheaders="luksheaders = no"     for opt in $result; do        case $opt in          '"packages"') packages="packages = yes";;          '"partitions"') partitions="partitions = yes";;          '"sfdisk"') sfdisk="dosfdisk = yes";;          '"hardware"') hardware="hardware = yes";; +        '"luksheaders"') luksheaders="luksheaders = yes";;        esac     done     get_next_filename $configdirectory/10.sys @@ -29,10 +32,13 @@ $packages  $partitions  $sfdisk  $hardware +$luksheaders +  # packagesfile = /var/backups/dpkg-selections.txt  # selectionsfile = /var/backups/debconfsel.txt  # partitionsfile = /var/backups/partitions.__star__.txt  # hardwarefile = /var/backups/hardware.txt +# luksheadersfile = /var/backups/luksheader.__star__.bin  # If vservers = yes in /etc/backupninja.conf then the following variables can  # be used: diff --git a/handlers/sys.in b/handlers/sys.in index f293840..de81435 100755 --- a/handlers/sys.in +++ b/handlers/sys.in @@ -1,7 +1,7 @@  # -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-  #  # this handler will save various reports of vital system information. -# by default, all the reports are enabled and are saved in /var/backups. +# by default, all the reports are saved in /var/backups.  #  # (1) a capture of the debconf package selection states. This file  #     can be used to restore the answers to debconf questions for @@ -24,6 +24,12 @@  # (4) hardware information.   #     write to a text file the important things which hwinfo can gleen.  # +# (5) the Luks header of every Luks block device, if option luksheaders +#     is enabled. +#     in case you (have to) scramble such a Luks header (for some time), +#     and restore it later by running "dd if=luksheader.sda2.bin of=/dev/sda2" +#     (MAKE SURE YOU PASS THE CORRECT DEVICE AS of= !!!) +#  if [ -f /etc/debian_version ]  then @@ -82,6 +88,11 @@ getconf HWINFO `which hwinfo`  getconf sfdisk_options ""  getconf hwinfo_options "" +getconf CRYPTSETUP `which cryptsetup` +getconf DD `which dd` +getconf luksheaders no +getconf luksheadersfile $parentdir/luksheader.__star__.bin +  getconf vsnames all  # If vservers are configured, check that the ones listed in $vsnames are running. @@ -97,6 +108,19 @@ if [ $vservers_are_available = yes ]; then     usevserver=yes  fi +## SANITY CHECKS ######################### + +if [ "$luksheaders" == "yes" ]; then +   if [ ! -x "$DD" ]; then +      warning "can't find dd, skipping backup of Luks headers." +      luksheaders="no" +   fi +   if [ ! -x "$CRYPTSETUP" ]; then +      warning "can't find cryptsetup, skipping backup of Luks headers." +      luksheaders="no" +   fi +fi +  ## PACKAGES ##############################  # @@ -541,3 +565,42 @@ if [ "$partitions" == "yes" ]; then        $HWINFO --disk >> $hardwarefile     fi  fi + +if [ "$luksheaders" == "yes" ]; then +   devices=`LC_ALL=C $SFDISK -l 2>/dev/null | grep "^Disk /dev" | @AWK@ '{print $2}' | cut -d: -f1` +   [ -n "$devices" ] || warning "No block device found" +   targetdevices="" +   for dev in $devices; do +      [ -b $dev ] || continue +      debug "$CRYPTSETUP isLuks $dev" +      $CRYPTSETUP isLuks $dev +      [ $? -eq 0 ] && targetdevices="$targetdevices $dev" +   done +   for dev in $targetdevices; do +      label=${dev#/dev/} +      label=${label//\//-} +      outputfile=${luksheadersfile//__star__/$label} +      # the following sizes are expressed in terms of 512-byte sectors +      debug "Let us find out the Luks header size for $dev" +      debug "$CRYPTSETUP luksDump \"$dev\" | grep '^Payload offset:' | @AWK@ '{print $3}'" +      headersize=`$CRYPTSETUP luksDump "$dev" | grep '^Payload offset:' | @AWK@ '{print $3}'` +      if [ $? -ne 0 ]; then +         warning "Could not compute the size of Luks header, skipping device $dev" +         continue +      elif [ -z "$headersize" -o -n "`echo \"$headersize\" | sed 's/[0-9]*//g'`" ]; then +         warning "The computed size of Luks header is not an integer, skipping device $dev" +         continue +      fi +      debug "Let us backup the Luks header of device $dev" +      debug "$DD if=\"${dev}\" of=\"${outputfile}\" bs=512 count=\"${headersize}\"" +      output=`$DD if="${dev}" of="${outputfile}" bs=512 count="${headersize}" 2>&1` +      exit_code=$? +      if [ $exit_code -eq 0 ]; then +         debug $output +         info "The Luks header of $dev was saved to $outputfile." +      else +         debug $output +         fatal "The Luks header of $dev could not be saved." +      fi +   done +fi | 
