sssnake/setec_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9e839ee8260d389f46dadf53d643e955d9bf2c00
setec_cdm/setec-web/backup.py

180 lines
6.3 KiB
Python
Raw Normal View History

Initial commit — SETEC LABS Manager (Setec_CDM) Flask-based VPS management panel with SSH remote command execution. Includes E2E encrypted SSH tunnel (AES-256-GCM + Go agent), setup wizard, security hardening tools, DNS management, firewall configs, monitoring, backup, and .sec patch update system. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 12:39:02 -07:00
# Backup & recovery commands for encrypted remote backups
# Each function returns a bash command string that app.py executes via ssh_run()
def backup_now_cmd(paths="/etc /var/www /opt/seteclabs /root", dest="/var/backups/setec",
encrypt_pass="", remote_host="", remote_path=""):
"""Return bash cmd to create an encrypted compressed backup."""
ts = "$(date +%Y%m%d_%H%M%S)"
archive = f"{dest}/setec-backup-{ts}.tar.gz"
cmd = (
f"echo '=== Creating Backup ===' && "
f"mkdir -p {dest} && "
f"tar czf {archive} {paths} 2>&1 && "
f"SIZE=$(du -h {archive} | cut -f1) && "
f"echo \"Archive created: {archive} ($SIZE)\" "
)
if encrypt_pass:
enc_archive = f"{archive}.enc"
cmd += (
f"&& echo 'Encrypting...' && "
f"openssl enc -aes-256-cbc -salt -pbkdf2 -in {archive} "
f"-out {enc_archive} -pass pass:'{encrypt_pass}' 2>&1 && "
f"rm -f {archive} && "
f"echo 'Encrypted: {enc_archive}' "
)
archive = enc_archive
if remote_host and remote_path:
cmd += (
f"&& echo 'Transferring to remote...' && "
f"scp -o StrictHostKeyChecking=no '{archive}' "
f"'{remote_host}:{remote_path}/' 2>&1 && "
f"echo 'Transferred to {remote_host}:{remote_path}' "
)
cmd += "&& echo '' && echo 'Backup complete'"
return cmd
def backup_list_cmd(dest="/var/backups/setec"):
"""Return bash cmd to list existing backups."""
return (
f"echo '=== Backup Archive List ===' && "
f"if [ -d {dest} ]; then "
f" ls -lhS {dest}/setec-backup-* 2>/dev/null | head -30 || echo 'No backups found'; "
f" echo '' && "
f" echo '--- Disk Usage ---' && "
f" du -sh {dest} 2>/dev/null; "
f"else "
f" echo 'Backup directory {dest} does not exist'; "
f"fi"
)
def backup_restore_cmd(archive, dest="/", encrypt_pass=""):
"""Return bash cmd to restore from a backup archive."""
if encrypt_pass:
return (
f"echo '=== Restoring from Encrypted Backup ===' && "
f"DECRYPTED=$(mktemp /tmp/setec-restore-XXXXXX.tar.gz) && "
f"openssl enc -aes-256-cbc -d -salt -pbkdf2 -in '{archive}' "
f"-out \"$DECRYPTED\" -pass pass:'{encrypt_pass}' 2>&1 && "
f"echo 'Decrypted successfully' && "
f"tar xzf \"$DECRYPTED\" -C {dest} 2>&1 && "
f"rm -f \"$DECRYPTED\" && "
f"echo 'Restore complete from {archive}'"
)
return (
f"echo '=== Restoring from Backup ===' && "
f"tar xzf '{archive}' -C {dest} 2>&1 && "
f"echo 'Restore complete from {archive}'"
)
def backup_delete_cmd(archive):
"""Return bash cmd to delete a backup archive."""
return (
f"echo '=== Deleting Backup ===' && "
f"rm -f '{archive}' 2>&1 && "
f"echo 'Deleted: {archive}'"
)
def backup_schedule_cmd(paths="/etc /var/www /opt/seteclabs /root", dest="/var/backups/setec",
encrypt_pass="", schedule="daily", keep=7):
"""Return bash cmd to set up scheduled backups via cron."""
if schedule == "hourly":
cron_time = "0 * * * *"
elif schedule == "daily":
cron_time = "0 2 * * *"
elif schedule == "weekly":
cron_time = "0 2 * * 0"
else:
cron_time = "0 2 * * *"
encrypt_section = ""
if encrypt_pass:
encrypt_section = (
f"openssl enc -aes-256-cbc -salt -pbkdf2 -in \\\"$ARCHIVE\\\" "
f"-out \\\"$ARCHIVE.enc\\\" -pass pass:'{encrypt_pass}' && "
f"rm -f \\\"$ARCHIVE\\\" && "
f"ARCHIVE=\\\"$ARCHIVE.enc\\\" && "
)
script = (
"#!/bin/bash\\n"
"# Setec Labs Automated Backup\\n"
f"DEST={dest}\\n"
"TS=$(date +%Y%m%d_%H%M%S)\\n"
"ARCHIVE=$DEST/setec-backup-$TS.tar.gz\\n"
f"KEEP={keep}\\n"
"\\n"
"mkdir -p $DEST\\n"
f"tar czf \\\"$ARCHIVE\\\" {paths} 2>/dev/null\\n"
f"{encrypt_section}"
"echo \\\"$(date): Backup created: $ARCHIVE\\\" >> /var/log/setec-backup.log\\n"
"\\n"
"# Cleanup old backups\\n"
"ls -1t $DEST/setec-backup-* 2>/dev/null | tail -n +$((KEEP+1)) | xargs rm -f 2>/dev/null\\n"
)
return (
"echo '=== Setting Up Scheduled Backups ===' && "
f"mkdir -p {dest} && "
f"echo -e '{script}' > /usr/local/bin/setec-backup.sh && "
"chmod +x /usr/local/bin/setec-backup.sh && "
"touch /var/log/setec-backup.log && "
"(crontab -l 2>/dev/null | grep -v 'setec-backup.sh'; "
f"echo '{cron_time} /usr/local/bin/setec-backup.sh') | crontab - && "
f"echo 'Backup schedule: {schedule}' && "
f"echo 'Paths: {paths}' && "
f"echo 'Destination: {dest}' && "
f"echo 'Retention: {keep} backups' && "
f"echo 'Encryption: {'yes' if encrypt_pass else 'no'}'"
)
def backup_schedule_status_cmd():
"""Return bash cmd to check backup schedule status."""
return (
"echo '=== Backup Schedule Status ===' && "
"echo '' && "
"echo '--- Script ---' && "
"if [ -f /usr/local/bin/setec-backup.sh ]; then "
" echo 'Script: INSTALLED'; "
" ls -la /usr/local/bin/setec-backup.sh; "
"else "
" echo 'Script: NOT INSTALLED'; "
"fi && "
"echo '' && "
"echo '--- Cron Job ---' && "
"if crontab -l 2>/dev/null | grep -q 'setec-backup.sh'; then "
" echo 'Cron: ACTIVE'; "
" crontab -l 2>/dev/null | grep 'setec-backup.sh'; "
"else "
" echo 'Cron: NOT FOUND'; "
"fi && "
"echo '' && "
"echo '--- Recent Backup Log (last 10) ---' && "
"if [ -f /var/log/setec-backup.log ]; then "
" tail -10 /var/log/setec-backup.log; "
"else "
" echo 'No backup log found'; "
"fi"
)
def backup_schedule_remove_cmd():
"""Return bash cmd to remove scheduled backups."""
return (
"echo '=== Removing Scheduled Backups ===' && "
"(crontab -l 2>/dev/null | grep -v 'setec-backup.sh') | crontab - && "
"rm -f /usr/local/bin/setec-backup.sh && "
"echo 'Backup script removed' && "
"echo 'Cron job removed' && "
"echo 'Existing backups preserved'"
)
Reference in New Issue Copy Permalink