Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Backup script problem since pfSense 2.2.6

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      footman
      last edited by

      Hello,

      Since pfSense 2.2.6 (CSRF), the backup script doesn't work. I use the new documentation : https://doc.pfsense.org/index.php/Remote_Config_Backup#2.2.6_and_Later

      The first command witch generate csrf.txt seems OK :

      $wget -O- --keep-session-cookies --save-cookies cookies.txt   --no-check-certificate https://X.X.X.X/diag_backup.php   | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt
--2016-05-23 16:17:04--  https://X.X.X.X/diag_backup.php
Connexion vers X.X.X.X... connecté.
AVERTISSEMENT : impossible de vérifier l'attribut X.X.X.X du certificat, émis par «/C=US/ST=Somewhere/L=Somecity/O=CompanyName/OU=Organizational Unit Name (eg, section)/CN=Common Name (eg, YOUR name)/emailAddress=Email Address» :
  Récupération d'un certificat auto-signé.
    AVERTISSEMENT : le nom commun du certificat «Common Name (eg, YOUR name)» ne concorde pas avec le nom de l'hôte demandé «X.X.X.X».
requête HTTP transmise, en attente de la réponse... 200 OK
Taille : non spécifié [text/html]
Enregistre : «STDOUT»

    [ <=>                                                                                                                ] 3 976       --.-K/s   ds 0s      

2016-05-23 16:17:04 (105 MB/s) - envoi sur stdout [3976]

      $ cat csrf.txt 
sid:40cd77611dd43035f2977d732de534802315ade1,1464013094;ip:c909354356740834bd7573ef85313f90883ef9e3,1464013094

      The second command witch generate csrf2.txt returns 403 forbidden error :

      $ wget -O- --keep-session-cookies --load-cookies cookies.txt --save-cookies cookies.txt --no-check-certificate --post-data 'login=Login&usernamefld=XXXXX&passwordfld=XXXXX&__csrf_magic=$(cat csrf.txt)' https://X.X.X.X/diag_backup.php  | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt
--2016-05-24 15:18:58--  https://X.X.X.X/diag_backup.php
Connexion vers X.X.X.X... connecté.
AVERTISSEMENT : impossible de vérifier l'attribut X.X.X.X du certificat, émis par «/C=US/ST=Somewhere/L=Somecity/O=CompanyName/OU=Organizational Unit Name (eg, section)/CN=Common Name (eg, YOUR name)/emailAddress=Email Address» :
  Récupération d'un certificat auto-signé.
    AVERTISSEMENT : le nom commun du certificat «Common Name (eg, YOUR name)» ne concorde pas avec le nom de l'hôte demandé «X.X.X.X».
requête HTTP transmise, en attente de la réponse... 403 Forbidden
2016-05-24 15:18:58 ERREUR 403: Forbidden.

      $ cat csrf2.txt

      I use wget 1.14 on Linux Mint 16.

      Best regards,

      Footman.

      1 Reply Last reply Reply Quote 0
      • F
        footman
        last edited by

        Hello,

        I tried with a more recent version :

        Debian 8.4.0
        wget 1.16

        Unfortunately, I have the same problem…

        Is this script functional for everybody ?

        Best regards,

        Footman.

        1 Reply Last reply Reply Quote 0
        • A
          azekiel
          last edited by

          Here is my version of a Backup-Script for pre-2.3 versions and post-2.3 versions

          Hope this helps you.

          
#!/bin/bash
die () {
    echo >&2 "$@"
    exit 1
}

SOURCE="${BASH_SOURCE[0]}"
while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
  SOURCE="$(readlink "$SOURCE")"
  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"

if [ -z "$6" ] 
then
set -- "${@:1:5}" $DIR
fi
[ "$#" -eq 6 ] || die "6 arguments required, $# provided. parameters required are: IP PORT username password (1|2 for pre2.3 or post2.3) DIRECTORY"
echo $2 | grep -E -q '^[0-9]+$' || die "Numeric argument required, $2 provided"
echo $3 | grep -E -q '^[a-zA-Z]+$' || die "Numeric argument required, $3 provided"
echo $4 | grep -E -q '^[a-zA-Z]+$' || die "Numeric argument required, $4 provided"
echo $5 | grep -E -q '^[0-9]+$' || die "Numeric argument required, $5 provided"
echo $(date +"%d.%m.%Y %H:%M:%S") $1 $2 $3 $4 $5 $6/$1 >> $6/logfile.txt

mkdir -p $6/$1

if [ "$5" -eq "1" ] 
then
#pre 2.3
wget -qO- --keep-session-cookies --save-cookies $1-cookies.txt --no-check-certificate https://$1:$2/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $1-csrf.txt 
wget -qO- --keep-session-cookies --load-cookies $1-cookies.txt --save-cookies $1-cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=$3&passwordfld=$4&__csrf_magic=$(cat $1-csrf.txt)" https://$1:$2/diag_backup.php  | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $1-csrf2.txt
wget -q --keep-session-cookies --load-cookies $1-cookies.txt --no-check-certificate --post-data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(cat $1-csrf2.txt)" https://$1:$2/diag_backup.php -O $6/$1/`date +%Y%m%d%H%M%S`.xml
else
#post 2.3
wget -qO- --keep-session-cookies --save-cookies $1-cookies.txt --no-check-certificate https://$1:$2/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $1-csrf.txt
wget -qO- --keep-session-cookies --load-cookies $1-cookies.txt --save-cookies $1-cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=$3&passwordfld=$4&__csrf_magic=$(cat $1-csrf.txt)" https://$1:$2/diag_backup.php  | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $1-csrf2.txt
wget -q --keep-session-cookies --load-cookies $1-cookies.txt --no-check-certificate --post-data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 $1-csrf2.txt)" https://$1:$2/diag_backup.php -O $6/$1/`date +%Y%m%d%H%M%S`.xml
fi
rm -r $1-cookies.txt
rm -r $1-csrf.txt
rm -r $1-csrf2.txt

          Example usage:

          Pre 2.3 Version (1 at the end)  ./pfbackup.sh IP PORT USERNAME PASSWORD 1 
          Post 2.3 Version (2 at the end)  ./pfbackup.sh IP PORT USERNAME PASSWORD 2

          1 Reply Last reply Reply Quote 0
          • F
            footman
            last edited by

            Hello azekiel,

            Thanks a lot ! I blocked on this problem for weeks and it was just a quote problem (' instead of ") ! I can see the difference with your script, witch worked well. :)

            Best regards,

            Footman.

            1 Reply Last reply Reply Quote 0
            • I
              it-marmalade
              last edited by

              This script has solved my similar problem reported in:

              https://forum.pfsense.org/index.php?topic=114445.0

              1 Reply Last reply Reply Quote 0
              • A
                azekiel
                last edited by

                Script works for 2.4 also!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.