From 97493434a73771b23aa66058a7c32b155a29317b Mon Sep 17 00:00:00 2001 From: Chriz Date: Fri, 17 Nov 2023 16:13:46 +0100 Subject: [PATCH 1/6] Update README.md --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index 040de53..7652aed 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,20 @@ # miyagi-pbs-zfs Secure Proxmox PVE with Proxmox Backup Server PBS and ZFS Pull Replication with a mostly turned off System + +What it does Miyagi says, best Defense, not be present + +Proxmox Backupserver is running unnecessarly 24/7 ZFS Replication is usually done by a zfs send, so its a push + +What if our Backup/Replicaserver is turned off most the time, nobody can attack it + +Consider not using a Gateway, use Routes! + +What we do... + +Turning on the Computer with a @reboot Cron Pulling all Datasets with ZFS Reporting ZFS Replication with 100% certainty to backuped PVE Host using Check_MK and checkzfs.py from #bashclub + +Regarding to the Weekday doing Maintenance on Proxmox Backup Server for getting Space Triggering a Push (only Way to do) Backup to PBS and checking Exitcode for Report Reporting PBS Result with 100% certainty in compact OK/WARN State to backuped PVE Host using Check_MK + +Verifying older Backups Protecting the PBS Backups with a ZFS Snapshot + +TURNING OFF THE MACHINE!!! From dab4a21134d7d7aa5472a902aadc45ee0e335ba1 Mon Sep 17 00:00:00 2001 From: Chriz Date: Mon, 6 May 2024 10:22:07 +0200 Subject: [PATCH 2/6] Update pbs-zfs-daily.sh Bugfix --- pbs-zfs-daily.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pbs-zfs-daily.sh b/pbs-zfs-daily.sh index 10bfb16..7fb6ed7 100644 --- a/pbs-zfs-daily.sh +++ b/pbs-zfs-daily.sh @@ -59,7 +59,7 @@ fi ### one Day is 86400 Seconds, so we going Condition grey if no new Status File will be pushed -echo ssh root@$SOURCEHOST vzdump --node $SOURCEHOSTNAME --storage $BACKUPSTORE --exclude $BACKUPEXCLUDE --mode snapshot --all 1 --notes-template '{{guestname}}' +ssh root@$SOURCEHOST vzdump --node $SOURCEHOSTNAME --storage $BACKUPSTORE --exclude $BACKUPEXCLUDE --mode snapshot --all 1 --notes-template '{{guestname}}' if [ $? -eq 0 ]; then echo command returned 0 is good From c3be43d260acb1ee29cea8eb8a00c86c58050570 Mon Sep 17 00:00:00 2001 From: Chriz Date: Fri, 10 May 2024 14:49:31 +0200 Subject: [PATCH 3/6] Create dynroute.sh Set non persistent routes for any DNS oder DYNDNS Hostname to remove your Gatway for security Reasons --- dynroute.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 dynroute.sh diff --git a/dynroute.sh b/dynroute.sh new file mode 100644 index 0000000..6330417 --- /dev/null +++ b/dynroute.sh @@ -0,0 +1,18 @@ +# DDNS Name und Gateway +# usage dynroute.sh ddnsname yourgatewayrouter +# assuming a shutdown after usage, old routes will "not" be deleted +DDNS_HOSTNAME=$1 +GATEWAY=$2 + +#DNS via One +ip route add 1.1.1.1 via 192.168.66.1 +echo "nameserver 1.1.1.1" > /etc/resolv.conf + +# ddns auflösen +CURRENT_IP=$(dig +short $DDNS_HOSTNAME) +if [[ -z "$CURRENT_IP" ]]; then + echo "Failed to resolve IP for $DDNS_HOSTNAME" + exit 1 +fi +# route setzen +ip route add $CURRENT_IP via $GATEWAY From 9e312f2d877003ef4d25b7207bca5e7fe2a47eae Mon Sep 17 00:00:00 2001 From: Chriz Date: Sat, 22 Jun 2024 11:34:00 +0200 Subject: [PATCH 4/6] Update pbs-zfs-daily.sh find checkzfs --- pbs-zfs-daily.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pbs-zfs-daily.sh b/pbs-zfs-daily.sh index 7fb6ed7..5a074e1 100644 --- a/pbs-zfs-daily.sh +++ b/pbs-zfs-daily.sh @@ -26,8 +26,10 @@ echo "zfs_auto_snapshot_label=$ZPUSHLABEL" >> /etc/bashclub/$SOURCEHOST.conf /usr/bin/bashclub-zsync -d -c /etc/bashclub/$SOURCEHOST.conf +CHECKZFS=$(which checkzfs) + # So one Day has 1440 Minutes, so we go condition Yellow on 1500 -/usr/local/bin/checkzfs --source $SOURCEHOST --replicafilter "$ZFSTRGT/" --filter "#$ZFSROOT/|#$ZFSSECOND/" --threshold 1500,2000 --output checkmk --prefix pull-$(hostname):$ZPUSHTAG> /tmp/cmk_tmp.out && ( echo "<<>>" ; cat /tmp/cmk_tmp.out ) > /tmp/90000_checkzfs +$CHECKZFS --source $SOURCEHOST --replicafilter "$ZFSTRGT/" --filter "#$ZFSROOT/|#$ZFSSECOND/" --threshold 1500,2000 --output checkmk --prefix pull-$(hostname):$ZPUSHTAG> /tmp/cmk_tmp.out && ( echo "<<>>" ; cat /tmp/cmk_tmp.out ) > /tmp/90000_checkzfs scp /tmp/90000_checkzfs $SOURCEHOST:/var/lib/check_mk_agent/spool/90000_checkzfs_$(hostname)_$ZPOOLSRC From f76f554ecb32203e54d7f43d19af40318c18b929 Mon Sep 17 00:00:00 2001 From: Chriz Date: Sat, 22 Jun 2024 11:35:00 +0200 Subject: [PATCH 5/6] Update config.example --- config.example | 1 + 1 file changed, 1 insertion(+) diff --git a/config.example b/config.example index dc5d43f..ede3e11 100644 --- a/config.example +++ b/config.example @@ -4,6 +4,7 @@ SSHPORT='22' #SSH Port, usually default 22 internally BACKUPSERVER=no #use yes for triggering Proxmox Backup to Store MAINTDAY=7 #1 Monday to 7 Sunday, dont start your System too late SHUTDOWN=no #No be there anymore +UPDATES=yes #Do PVE and PBS Updates after run SOURCEHOST='192.168.50.200' # IP from Proxmox VE System to be backuped and replicated daily SOURCEHOSTNAME='pve3' #Hostname of Proxmox VE System to be backuped and replicated daily From 88fe9c4c90c29b6fda098765573e8b86d8a431b8 Mon Sep 17 00:00:00 2001 From: Chriz Date: Sat, 22 Jun 2024 11:37:11 +0200 Subject: [PATCH 6/6] Update pbs-zfs-daily.sh System Updates optional --- pbs-zfs-daily.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/pbs-zfs-daily.sh b/pbs-zfs-daily.sh index 5a074e1..82cbccc 100644 --- a/pbs-zfs-daily.sh +++ b/pbs-zfs-daily.sh @@ -84,8 +84,15 @@ scp /tmp/90000_checkpbs root@$SOURCEHOST:/var/lib/check_mk_agent/spool #doing updates without regeret -apt dist-upgrade -y -ssh $PBSHOST apt dist-upgrade -y +if [[ "$UPDATES" == "yes" ]] +then + apt dist-upgrade -y + ssh $PBSHOST apt dist-upgrade -y + else + echo no Updates configured - Consider updating more often! + +fi + if [[ "$SHUTDOWN" == "yes" ]] then