addons
/
mb-backup-manager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Enhance Restic password management and directory permissions 

- Updated \manifest.jps\ to generate a random password for the Restic password file during installation, enhancing security by avoiding static passwords.
- Ensured the Restic password file is created with appropriate permissions and ownership (\litespeed:litespeed\) to ensure accessibility by the \litespeed\ user.
- Adjusted the \importScripts\ section in \manifest.jps\ to set the correct ownership for all backup-related directories to \litespeed:litespeed\, ensuring proper access rights.
- Modified \ackup-logic.sh\ to load the Restic password from the \/etc/restic-password\ file, ensuring consistent password usage across scripts.
- Updated \manage_backup_schedule.sh\ to verify that a Restic password is provided, preventing schedule updates without a valid password.
- Ensured \ackup_database.sh\ and \ackup_media.sh\ scripts read and verify the Restic password from the file, maintaining consistency and security.
- Added logging to track password creation and usage, aiding in debugging and audit trails.
- Improved error handling in scripts to provide clear feedback when password mismatches occur, enhancing user experience and troubleshooting.

These changes collectively improve the security and reliability of the backup system by ensuring that sensitive credentials are managed securely and consistently across the codebase.
main
Anthony 2025-01-04 01:11:34 +08:00
parent c41466de6e
commit 6fb6805f6f
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changelogs.md
View File

@ -8,6 +8,11 @@
### Fixed ### Fixed
- Resolved issue with missing Restic password file causing auto backup configuration to fail. - Resolved issue with missing Restic password file causing auto backup configuration to fail.
- Corrected permissions and ownership for the Restic password file to ensure it is accessible by the `litespeed` user.
- Updated the `installRestic` section in `manifest.jps` to generate a random password for the Restic password file during installation.
- Ensured consistent usage of the Restic password across all scripts by reading it from the `/etc/restic-password` file.
- Adjusted the `importScripts` section in `manifest.jps` to set the correct ownership for all backup-related directories to `litespeed:litespeed`.
### Updated ### Updated
- Updated `manifest.jps` to ensure Restic password file creation and log rotation setup. - Updated `manifest.jps` to ensure Restic password file creation and log rotation setup.

11
manifest.jps
View File

@ -288,12 +288,15 @@ actions:
# Move it to a directory in your PATH # Move it to a directory in your PATH
sudo mv restic /usr/local/bin/ sudo mv restic /usr/local/bin/
# Create the Restic password file if it doesn't exist # Create the Restic password file with a random password if it doesn't exist
if [ ! -f /etc/restic-password ]; then if [ ! -f /etc/restic-password ]; then
echo "YourResticPassword" | sudo tee /etc/restic-password head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16 | sudo tee /etc/restic-password
sudo chmod 600 /etc/restic-password
fi fi
# Set the correct permissions and ownership for the password file
sudo chown litespeed:litespeed /etc/restic-password
sudo chmod 640 /etc/restic-password
# Set up log rotation for backup logs # Set up log rotation for backup logs
echo "/var/log/backup_addon.log { echo "/var/log/backup_addon.log {
weekly weekly
@ -314,6 +317,7 @@ actions:
- mkdir -p /home/litespeed/mb-backups/logs/auto - mkdir -p /home/litespeed/mb-backups/logs/auto
- mkdir -p /home/litespeed/mb-backups/logs/manual - mkdir -p /home/litespeed/mb-backups/logs/manual
- mkdir -p /home/litespeed/mb-backups/logs/restore - mkdir -p /home/litespeed/mb-backups/logs/restore
- chown -R litespeed:litespeed /home/litespeed/mb-backups
- cd /home/jelastic/mb-backups - cd /home/jelastic/mb-backups
- curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/backup_all.sh - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/backup_all.sh
- curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/backup_core_files.sh - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/backup_core_files.sh
@ -323,5 +327,4 @@ actions:
- curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/manage_backup_schedule.sh - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/manage_backup_schedule.sh
- curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/restore_backup_direct.sh - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/restore_backup_direct.sh
- curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/view_snapshots.sh - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/view_snapshots.sh
- curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/backup-logic.sh
- chmod +x /home/litespeed/mb-backups/*.sh - chmod +x /home/litespeed/mb-backups/*.sh