• Category Archives Software
  • Softwareschnipsel, Codeblocks

  • pfsense 2.3 Backup as cron job

    Based on Article from pfsense.org
    ( https://doc.pfsense.org/index.php/Remote_Config_Backup#2.2.6_and_Later )

    My router has http access (Port 80), if your router uses https, change the lines from http:// into https://.

    <Password> = your admin password = the ip from your pfsense router


    The script get the config.xml file from the pfsense router. Compress the file as .tar.gz and stores it in the backup_pfsense directory from my fileserver. (adds date and time to the filename)
    example: backup-20160410-0230-pfsense-settings.tar.gz


    File: get_pfsense_backup.sh


    # Get configfile from pfsense 2.3 Router #

    cd /tmp

    # — get the config file —

    wget -qO- –keep-session-cookies –save-cookies cookies.txt –no-check-certificate \
    | grep „name=’__csrf_magic'“ | sed ’s/.*value=“\(.*\)“.*/\1/‘ > csrf.txt

    wget -qO- –keep-session-cookies –load-cookies cookies.txt –save-cookies cookies.txt –no-check-certificate \
    –post-data „login=Login&usernamefld=admin&passwordfld=<Password>&__csrf_magic=$(cat csrf.txt)“ \ | grep „name=’__csrf_magic'“ \
    | sed ’s/.*value=“\(.*\)“.*/\1/‘ > csrf2.txt

    wget –keep-session-cookies –load-cookies cookies.txt –no-check-certificate –post-data „Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 csrf2.txt)“ \ -O config-pfsense-`date +%Y%m%d%H%M%S`.xml

    # ——————-

    # — compress the file, add date and time to the filename —

    tar czf backup-`date +%Y%m%d-%H%M`-pfsense-settings.tar.gz config-pfsense*

    # change owner

    chown worker.worker backup-`date +%Y%m%d-%H%M`-pfsense-settings.tar.gz

    # move file to backup directory

    mv backup-`date +%Y%m%d-%H%M`-pfsense-settings.tar.gz /data/backup_pfsense

    # remove temp files

    rm cookies.txt
    rm config-pfsense-*.xml
    rm csrf.txt
    rm csrf2.txt


    #———— <eof> —————

    The script runs as a custom cron job on my Centos Fileserver. Very sunday at 02:30 am

    30 02 * * 0 /etc/cron.custom/get_pfsense_backup.sh # Backup firewall config

  • run cgi script as „root“

    If your cgi script needs root permissions to run (access to serial port …), you have to create a wrapper.

    DANGER ! Script runs with root permissions –> security !! 👿


    create wrapper.c

    #define REAL_PATH „/var/www/cgi-bin/test/my_script.cgi“
    main(ac, av)
    char **av;
    execv(REAL_PATH, av);


    compile it (as root)

    [root@acme test]# gcc -o wrapper.cgi wrapper.c

    [root@acme test]# chmod u+xs wrapper.cgi

    [root@acme test]# ls -la wrapper.cgi

    -rwsr-xr-x  1 root   root     6468 Oct 30 21:12 wrapper.cgi