Automated local backups
-
I need a way to create an automated backup of pfsense that goes to a local backup target. I know there is a backup function available in the pfSense subscription, however, for various reasons, that can't be used.
Googling finds a windows based executable that probably does it, but I need a unix shell type function.In poking around, I see that /cf/conf/ carries a config.xml with some history and some out of date logs and package information.
Is it safe to assume /cf/conf/config.xml is the latest running version of the config?
That file can be used to recover?
What triggers changes to that file?No idea why search didn't show this – finally used google and it popped up - this is what I was looking for:
Link: https://doc.pfsense.org/index.php/Remote_Config_Backup
Push it The details of this approach are covered elsewhere on the web, and it isn't recommended, but it is possible to make it work over ssh. Generate an ssh key for the root pfSense user without a passphrase. (That's the potentially dangerous part) Add a user to a remote system, and add the pfSense root user's new public key to its ~/.ssh/authorized_keys file Create a cron job on the pfSense box that would copy /cf/conf/config.xml to the remote system with scp If this is implemented, be careful to manage the remote users as such that they have limited access, perhaps lock them down to a single directory to which they can only write the config and do nothing else. Use chroot if possible.