#!/bin/bash## Author: Grayson Peddie# Twitter handle: @graysonpeddie##

1. #!/bin/bash
2. #
3. # Author: Grayson Peddie
4. # Twitter handle: @graysonpeddie
5. #
6. # I've been working tirelessly throughout the night trying to come up with the
7. # script so that other Linux professionals and enthusiasts can implement an
8. # automatic backup plan. This script is based in the following website from
9. # Netgate:
10. #
11. # https://docs.netgate.com/pfsense/en/latest/backup/remote-config-backup.html
12. #
13. # This is useful in combination with crontab. Once you open up "crontab -e",
14. # you can add the following:
15. #
16. # 0 0 * * * /usr/local/scripts/backup_pfsense.sh
17. #
18. # Be sure you execute "chmod +x /usr/local/scripts/backup_pfsense.sh"
19. # so that you and cron can execute the script. "chmod +x" adds executable
20. # permissions to a script. "r" is for read permissions and "w" is for write
21. # permissions, but a beginnner tutorial in Linux is beyond the scope of this
22. # script.
23. #
24.  
25. # Specify the hostname or IP address.
26. IPHOST="192.168.1.1"
27. # If you don't have a valid certificate, or your certificate does not contain
28. # a valid IP or hostname/fully-qualified domain name, then leave
29. # "--no-check-certificate" as it is. If you do have a valid certificate, then
30. # omit the "--no-check-certificate" but leave NOVALIDCERT="" as it is.
31. # Or you can remove $NOVALIDCERT from the $WGETSESSION variable.
32. NOVALIDCERT="--no-check-certificate"
33. # Specify the administrator username and password when you log into pfSense
34. # as an administrator.
35. USERNAME="admin"
36. PASSWORD="pfsense"
37.  
38. # The rest can be left as it is. The OUTFILE specifies the output file with
39. # the date and time when the backup occurred.
40. OUTFILE="config-router-`date +%Y%m%d%H%M%S`.xml"
41. # This next variable eliminates repetition.
42. WGETSESSION="wget -qO- $NOVALIDCERT --keep-session-cookies"
43. # pfSense will leave a cookie file for the cross-site request forgery token.
44. COOKIEFILE="cookie.txt"
45. # This is the URL that is used to login to pfSense for performing a backup.
46. URL="https://$IPHOST/diag_backup.php"
47.  
48. #
49. # This combines two commands into one with a pipe but grep will complain
50. # that "sed" and everything else after the pipe is not found if quoted next
51. # to a variable.
52. #
53. # This statement below when declared as a variable...
54. # CSRFMAGIC="\"name='__csrf_magic'\" | sed 's/.*value=\"\(.*\)\".*/\1/'"
55. # ...generates a "sed: ... command not found `''" message. Sed will chock
56. # either in single quote or double quote. A BASH function is used instead.
57. #
58. CSRFMAGIC() {
59.     grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/';
60. }
61.  
62. # The next couple of lines generates a CSRF token.
63. CSRF1=$($WGETSESSION --save-cookies $COOKIEFILE $URL | CSRFMAGIC)
64. # Debugging purposes only
65. #echo $CSRF1
66. # Having a LOGIN variable helps break up long string of text into smaller
67. # version for making code easy to read.
68. LOGIN="login=Login&usernamefld=$USERNAME&passwordfld=$PASSWORD"
69. CSRF2=$($WGETSESSION --load-cookies $COOKIEFILE --save-cookies $COOKIEFILE \
70.         --post-data "$LOGIN&__csrf_magic=$CSRF1" $URL | CSRFMAGIC)
71. CSRF2=$(echo $CSRF2 | grep -o '^\S*')
72. # Debugging purposes only
73. #echo $CSRF2
74. # If successful, this will output the configuration settings to an output file
75. # specified earlier in this script.
76. $($WGETSESSION --load-cookies $COOKIEFILE --post-data \
77.     "download=download&donotbackuprrd=yes&__csrf_magic=$(echo $CSRF2)" $URL \
78.     -O $OUTFILE)