Merge pull request #1379 from Security-Onion-Solutions/feature/config_backup

Feature/config backup

salt/common/init.sls

@@ -192,6 +192,18 @@ sensorrotateconf:
 
 {% endif %}
 
+{% if role in ['eval', 'manager', 'managersearch', 'standalone'] %}
+# Add config backup
+/usr/sbin/so-config-backup:
+  cron.present:
+    - user: root
+    - minute: '1'
+    - hour: '0'
+    - daymonth: '*'
+    - month: '*'
+    - dayweek: '*'
+{% endif %}
+
 # Make sure Docker is always running
 docker:
   service.running:
@@ -203,4 +215,4 @@ common_state_not_allowed:
   test.fail_without_changes:
     - name: common_state_not_allowed
 
-{% endif %}
+{% endif %}

salt/common/tools/sbin/so-config-backup

@@ -0,0 +1,44 @@
+!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.. /usr/sbin/so-common
+{% set BACKUPLOCATIONS = salt['pillar.get']('backup:locations', {}) %}
+
+TODAY=$(date '+%Y_%m_%d')
+BACKUPFILE="/nsm/backup/so-config-backup-$TODAY.tar"
+MAXBACKUPS=7
+
+# Create backup dir if it does not exist
+mkdir -p /nsm/backup
+
+# If we haven't already written a backup file for today, let's do so
+if [ ! -f $BACKUPFILE ]; then
+
+  # Create empty backup file
+  tar -cf $BACKUPFILE -T /dev/null
+
+  # Loop through all paths defined in global.sls, and append them to backup file
+  {%- for LOCATION in BACKUPLOCATIONS %}
+  tar -rf $BACKUPFILE {{ LOCATION }}
+  {%- endfor %}
+
+fi
+
+# Find oldest backup file and remove it
+NUMBACKUPS=$(find /nsm/backup/ -type f -name "so-config-backup*" | wc -l)
+OLDESTBACKUP=$(find /nsm/backup/ -type f -name "so-config-backup*" | ls -1t | tail -1)
+if [ "$NUMBACKUPS" -gt "$MAXBACKUPS" ]; then
+  rm -f /nsm/backup/$OLDESTBACKUP
+fi

setup/so-functions

@@ -1245,7 +1245,10 @@ manager_global() {
 		"  time_file: 1"\
 		"  upload_queue_size: 4"\
 		"  encoding: gzip"\
-		"  interval: 5" >> "$global_pillar"
+		"  interval: 5"\
+	        "backup:"\
+                "  locations:"\
+                "    - /opt/so/saltstack/local" >> "$global_pillar"
 		
 	printf '%s\n'  '----' >> "$setup_log" 2>&1
 }