AniNIX/Aether
AniNIX
/
Aether
2
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Moving install to root for privileged scripts rather than the user; hooks cleanup; changing test strategey to helptext for now

This commit is contained in:
DarkFeather 2023-12-07 12:28:55 -06:00
parent cf5cdb8f4f
commit e01ad632b2
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
4 changed files with 47 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -6,4 +6,5 @@ nodeslist
pkg/ pkg/
src/ src/
venv/ venv/
wiki/
**/__pycache__ **/__pycache__

41
Makefile
View File

@ -1,25 +1,21 @@
SHELL := /bin/bash SHELL := /bin/bash
BACKUPDIR := /usr/local/backup BACKUPDIR := /usr/local/backup
LIST := aether.bash aether-gen.bash remote-backup
SYSDLIST := aether-gen.service aether-gen.timer aether.service aether.timer
compile: compile:
@echo Nothing to do @echo Nothing to do
install: compile install: compile ${LIST} ${SYSDLIST}
# Scripts
mkdir -p ${pkgdir}/usr/local/sbin mkdir -p ${pkgdir}/usr/local/sbin
mkdir -p ${pkgdir}/usr/local/etc for i in ${LIST}; do install -m 700 -o root -g root ${pkgdir}/usr/local/sbin; done
install -m 0700 -o aether aether.bash ${pkgdir}/usr/local/sbin # systemd
install -m 0700 -o root -g root aether-gen.bash ${pkgdir}/usr/local/sbin
install -m 0700 -o root -g root remote-backup ${pkgdir}/usr/local/sbin
install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether
install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether/backup-entries
mkdir -p ${pkgdir}/usr/lib/systemd/system mkdir -p ${pkgdir}/usr/lib/systemd/system
for i in *.service *.timer; do install -m 0640 -o root -g root "$$i" ${pkgdir}/usr/lib/systemd/system; done for i in ${SYSDLIST}; do install -m 0664 -o root -g root ${pkgdir}/usr/lib/systemd/system; done
# Config
checkperm: mkdir -p ${pkgdir}/usr/local/etc
for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chmod 0700 "$$i"; done install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether
for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chown root: "$$i"; done
chown aether: ${pkgdir}/usr/local/sbin/aether.bash
for i in *.service *.timer; do chown root: ${pkgdir}/usr/lib/systemd/system; chmod 0640 ${pkgdir}/usr/lib/systemd/system; done
clean: clean:
@bash -c 'printf "This will irreversibly destroy all backups. Confirm? [YES/no] " ; read answer; [ "$$answer" == "YES" ] && exit 0; exit 1' @bash -c 'printf "This will irreversibly destroy all backups. Confirm? [YES/no] " ; read answer; [ "$$answer" == "YES" ] && exit 0; exit 1'
@ -29,5 +25,22 @@ clean:
find /usr/local/backup -type f -exec shred {} \; find /usr/local/backup -type f -exec shred {} \;
rm -Rf /usr/local/backup; fi rm -Rf /usr/local/backup; fi
uninstall:
rm -Rf ${pkgdir}/usr/local/sbin/aether*.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether ${pkgdir}/usr/lib/systemd/system/aether*.service ${pkgdir}/usr/lib/systemd/system/aether*.timer
test: test:
python3 -m pytest python3 -m pytest
checkperm:
for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chmod 0700 "$$i"; done
for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chown root: "$$i"; done
chown aether: ${pkgdir}/usr/local/sbin/aether.bash
for i in *.service *.timer; do chown root: ${pkgdir}/usr/lib/systemd/system; chmod 0640 ${pkgdir}/usr/lib/systemd/system; done
diff:
for i in ${LIST}; do diff ./$$i ${pkgdir}/usr/local/sbin/$$i; done
for i in ${SYSDLIST}; do diff ./$$i ${pkgdir}/usr/lib/systemd/system/$$i; done
reverse:
for i in ${LIST}; do cp ${pkgdir}/usr/local/sbin/$$i . ; done
for i in ${SYSDLIST}; do cp ${pkgdir}/usr/lib/systemd/system/$$i . ; done

14
README.md
View File

@ -7,7 +7,7 @@ Dictionary.com translates Aether as the Greek personification of the clear sky,
# Installing # Installing
You have two options to install this project: You have two options to install this project:
* Arch Linux and related distros: Run `makepkg -sri` * Arch Linux and related distributions: Install with `makepkg` or from AniNIX/Maat
* Other operating systems: Run `make install` * Other operating systems: Run `make install`
## Initial setup ## Initial setup
@ -20,11 +20,17 @@ Individual projects wanting to be backed up by the Aether system should add a fi
A SIEM filter should be set up to search for successful logins of the `aether` user. A SIEM filter should be set up to search for successful logins of the `aether` user.
# Relevant Files and Software # Relevant Files and Software
Aether installs a script for rsync-based remote backups. We implement this policy through the two 8TB hard-drives, at least one of which is always off-site, that can be plugged into a hotswap bay of a hypervisor along with a virtual machine that mounts the ArchLinux iso and the drive. Admins use the included ssh daemon in the iso to present the drive as a backup target, Aether installs a script for rsync-based remote backups. We implement this policy through the two 8TB hard-drives, at least one of which is always off-site, that can be plugged into a hot-swap bay of a hypervisor along with a virtual machine that mounts the ArchLinux iso and the drive. Admins use the included ssh daemon in the iso to present the drive as a backup target, or the backup drive can be mounted directly onto Core via a SATA cage
An additional backup is the generated `/home/aether/aether.enc` file. This is a more targeted backup of databases and file indexes. An additional backup is the generated `/home/aether/aether.enc` file. This is a more targeted backup of databases and file indexes.
Keep in mind that all of [AniNIX/Foundation](https://foundation.aninix.net) is naturally a backup solution -- so long as anyone has a clone of the repo, the data survives. Keep in mind that all of [AniNIX/Foundation](https://foundation.aninix.net) is naturally a backup solution -- so long as anyone has a clone of the repo, the data survives. Aether should only be used to back up databases, such as the following:
* Anope DB
* PostgreSQL
* Elasticsearch
One should have significant care before using the aether.enc solution for tools like AniNIX/Yggdrasil or AniNIX/Foundation.
# Available Clients # Available Clients
The only client is direct server access on one of the client nodes. The only client is direct server access on one of the client nodes.
@ -33,4 +39,4 @@ The only client is direct server access on one of the client nodes.
Equivalent services are DropBox, Google Drive, iCloud, or OneDrive. Equivalent services are DropBox, Google Drive, iCloud, or OneDrive.
# Notes # Notes
Those deploying Aether should maintain a nodeslist file that only root can read. Those deploying Aether should track the `/home/aether/.ssh/authorized_keys` file strongly on the generating server, so that all keys are specifically tracked for their origin & who handles them.

11
tests/test_units.py
View File

@ -5,7 +5,14 @@ import subprocess
# TODO Still need to devise a testing strategy (https://foundation.aninix.net/AniNIX/Aether/issues/1) # TODO Still need to devise a testing strategy (https://foundation.aninix.net/AniNIX/Aether/issues/1)
def test_aether(): def test_aether():
print(os.getcwd()) print(os.getcwd())
fh = os.popen("echo bye | timeout 3 sudo sftp -o IdentityFile=/home/aether/.ssh/aether aether@aninix.net", mode='r', buffering=-1) fh = os.popen("./aether.bash -h", mode='r', buffering=-1)
output = fh.read() output = fh.read()
retcode = fh.close() retcode = fh.close()
assert retcode == None assert retcode == None and 'Usage' in output
def test_aether_gen():
print(os.getcwd())
fh = os.popen("./aether-gen.bash -h", mode='r', buffering=-1)
output = fh.read()
retcode = fh.close()
assert retcode == None and 'Usage' in output