Help with pfsense backup script
-
The first one looks like you didn't add any permissions to the 'backup' user so it can't access that page.
I'm not sure that second error is related at all. Are you sure it appears everytime after running the script?
Steve
-
@stephenw10
The backup user has permission for webcfg- backup and restore. Should I add more?The second error is definitely related to the script. If I run the script manually I see the error immediately in the pfsense system log, every time the script is run.
-
@wgstarks said in Help with pfsense backup script:
attempted to access /index.php
It tries to access the idex page first do give it permission to remove that error. It's not actually causing a problem though, it just gets redirected to the only page it had access to.
Steve
-
You saw https://www.netgate.com/docs/pfsense/backup/remote-config-backup.html ?
I just tested the 3 wget lines at the top (I only changed the password ...)
Worked perfectly well, I recived a file called " config-router-20181005171831.xml" which is a copy of my config.Btw : ran the wget commands from my NAS, a Synology drive.
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
Ah, well spotted. I'd assumed it was that script. I should know to assume nothing by now!
Steve
-
@gertjan
Yes. The script works, just trying to clear up the errors generated in pfsense when I use it. -
You'll notice the script linked though is slightly different to the one you're using and doesn't generate errors.
I would switch to that, it's relatively well tested.
Steve
-
@stephenw10
Yeah. I’m a little slow sometimes.
Didn’t see the difference right off. I’ll give the changes a shot later today and probably change the users permissions too, to get rid of that error as well.@Gertjan
Thanks for posting the link. -
You shouldn't need to change the permissions with the script change. It opens the backup page directly.
Steve
-
@stephenw10
Thanks again. -
Here's what I finally worked out-
BACKUP_HOST=<gateway_IP> BACKUP_USER=<user_name> BACKUP_PASSWORD=<user_password> # Create config file directory if it doesn't exist [ -d files/ ] || mkdir files # Fetch the login form and save the cookies and CSRF token: wget -qO- --keep-session-cookies --save-cookies cookies.txt \ --no-check-certificate https://${BACKUP_HOST}/diag_backup.php \ | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt # Submit the login form along with the first CSRF token and save the second CSRF token (can’t reuse the same file) – now the script is logged in and can take action: wget -qO- --keep-session-cookies --load-cookies cookies.txt \ --save-cookies cookies.txt --no-check-certificate \ --post-data "login=Login&usernamefld=${BACKUP_USER}&passwordfld=${BACKUP_PASSWORD}&__csrf_magic=$(cat csrf.txt)" \ https://${BACKUP_HOST}/diag_backup.php | grep "name='__csrf_magic'" \ | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt # Submit the download form along with the second CSRF token to save a copy of config.xml: wget --keep-session-cookies --load-cookies cookies.txt --no-check-certificate \ --post-data "download=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 csrf2.txt)" \ https://${BACKUP_HOST}/diag_backup.php -O ./files/config_${BACKUP_HOST}_$(date +%Y-%m-%d-%H-%M-%S).xml 2>/dev/null # Clean up rm cookies.txt csrf.txt csrf2.txt unset BACKUP_HOST BACKUP_USER BACKUP_PASSWORD # Remove files older than 100 days find /mnt/user/odin_backup/OdinBackUp/files/ -type f -name '*.xml' -mtime +100 -exec rm {} \;I did have to change permissions for the backup user though. Even when I used the code in the link that @Gertjan provided and just substituted the correct IP, user and password I would still get the error shown in my first post. Once I added "all pages" to the backup user's permissions the errors went away. I think that the default code in the link didn't generate an error because it uses the default admin/pfsense user which has full privileges IIRC. Just a guess.
@Gertjan and @stephenw10 Thanks again for your help. Very much appreciate it.
