Poor Man’s IDS… part 2 – ids.sh

Here is the meat.  This script compares values / files from the previous data collection (in /home/backup/…) to the current collection or directory (/etc and /data).  After the comparison email is sent off, the appropriate directories are rsync’d to the backup directory in prep for the next execution or backup.

The mysql backups keep 7 days worth of dumps.  You’ll need a user that can read and dump data without a password.

———————————–
#!/bin/bash

# Program: ids.sh, v4.0 2020-03-12
#
# Michael Smith (mike@smithware.net)
#

## look for discrepancies in the previous data collection (in /home/backup/…) compared to the current collection or directory (/etc and /data)

/usr/bin/perl /usr/local/sbin/mail-output.pl –subject “smithware.net ETC Change” –recip administrator@smithware.net “diff -b -B -p -r -I \”Updated\” –no-dereference –exclude-from=/home/backup/backup-excludes -u /home/backup/etc /etc”

/usr/bin/perl /usr/local/sbin/mail-output.pl –subject “smithware.net Config Change” –recip administrator@smithware.net “diff -a -b -B -p -r -u -I \”The system checks took\” -I \”Host is up\” /home/backup/files /data/”

## backup files that we want to save to the /home/backup directory
echo “Starting IDS data sync at `date`.” > /home/backup/backup-ids.log

## /etc – system config files for the system
echo “” >> /home/backup/backup-ids.log
echo “Backing up /etc/…” >> /home/backup/backup-ids.log
   rsync -a –munge-links –exclude-from=/home/backup/backup-excludes –delete /etc/ /home/backup/etc/ >> /home/backup/backup-ids.log 2>> /home/backup/backup-ids.err
echo “” >> /home/backup/backup-ids.log

## /data – the location the files are put from the collector.pl
echo “Backing up config files…” >> /home/backup/backup-ids.log
   rsync -a –delete /data/* /home/backup/files/ >> /home/backup/backup-ids.log 2>> /home/backup/backup-ids.err
echo “” >> /home/backup/backup-ids.log

## /usr/local/sbin – the location of the ids.p, collector.pl, mail-output.pl and my other system apps
echo “Backing up system files…” >> /home/backup/backup-ids.log
   rsync -a –delete /usr/local/sbin/* /home/backup/usr/local/sbin/ >> /home/backup/backup-ids.log 2>> /home/backup/backup-ids.err
echo “” >> /home/backup/backup-ids.log

## /boot – boot configuration files
echo “Backing up boot files…” >> /home/backup/backup-ids.log
   rsync -a –delete /boot/* /home/backup/boot/ >> /home/backup/backup-ids.log 2>> /home/backup/backup-ids.err
echo “” >> /home/backup/backup-ids.log

## ../smithware.net – website
echo “Backing up website…” >> /home/backup/backup-ids.log
   rsync -a –delete /var/www/html/smithware.net/* /home/backup/smithware.net/ >> /home/backup/backup-ids.log 2>> /home/backup/backup-ids.err
echo “” >> /home/backup/backup-ids.log

## mysql databases – keeps the last 7 days worth
echo “Backing up databases…” >> /home/backup/backup-ids.log
   TIMESTAMP=$(date +”%F”)
   DELTIMESTAMP=$(date -d ‘-7 days’ +”%F”)
   BACKUP_DIR=”/home/backup/databases/$TIMESTAMP”
   DELETE_DIR=”/home/backup/databases/$DELTIMESTAMP”
   MYSQL_USER=”backup”
   MYSQL=/usr/bin/mysql
   MYSQLDUMP=/usr/bin/mysqldump
   mkdir -p “$BACKUP_DIR”
   rm -rf “$DELETE_DIR”
   databases=`$MYSQL –user=$MYSQL_USER -e “SHOW DATABASES;” | grep -Ev “(Database|information_schema|performance_schema)”`
   for db in $databases; do
      $MYSQLDUMP –force –opt –user=$MYSQL_USER –databases $db | gzip > “$BACKUP_DIR/$db.gz”
   done
echo “” >> /home/backup/backup-ids.log

## openbdjam – blue dragon directory
#echo “Backing up openbd…” >> /home/backup/backup-ids.log
   #rsync -a –delete /opt/openbdjam/etc/* /home/backup/openbd/etc/ >> /home/backup/backup-ids.log 2>> /home/backup/backup-ids.err
   #rsync -a –delete /opt/openbdjam/jetty/contexts/* /home/backup/openbd/jetty/contexts/ >> /home/backup/backup-ids.log 2>> /home/backup/backup-ids.err
#echo “” >> /home/backup/backup-ids.log

echo “Backup finished at `date`.” >> /home/backup/backup-ids.log

Leave a Reply

Your email address will not be published. Required fields are marked *