Modify

Opened 10 years ago

Closed 8 years ago

#3718 closed enhancement (fixed)

sysupgrade only restores /etc/config/*

Reported by: b.candler@… Owned by: developers
Priority: low Milestone:
Component: base system Version: Kamikaze trunk
Keywords: Cc:

Description

sysupgrade only restores files under /etc/config/

This means that:

  • if you have added firewall rules in /etc/firewall.{config,user} to allow remote management, you may be locked out
  • ssh is disabled; telnet with no password is enabled (allowing anyone to get in)
  • even after setting a password, the ssh host key has been regenerated, causing ssh errors about man-in-the-middle attacks

I'd like to see at least the following backed up in addition:

  • /etc/dropbear/
  • /etc/passwd, /etc/group
  • /etc/firewall.config, /etc/firewall.user

although there are good cases to be made for /etc/ppp/, /etc/crontabs/, /etc/sysctl.conf, /etc/hosts and others.

Perhaps a simpler solution for squashfs+jffs2 systems is to back up everything in /jffs/etc (apart from the META_* file), as this will be everything which was user-modified.

Attachments (0)

Change History (5)

comment:1 Changed 10 years ago by thepeople

I added the following files to sysupgrade:

  • /etc/dropbear/
  • /etc/passwd, /etc/group
  • /etc/firewall.config, /etc/firewall.user

Maybe there should be a command line option to allow more files/folders to be included.

comment:2 Changed 10 years ago by thepeople

  • Resolution set to fixed
  • Status changed from new to closed

comment:3 Changed 10 years ago by b.candler@…

I just realised there is a more general solution. /usr/lib/ipkg/status lists all the package conffiles, together with their initial md5sums. e.g.

Package: base-files-brcm-2.4
Status: install ok installed
Root: /
Conffiles: /etc/banner b39a7af8ff978a14ca8a587ca4293336 /etc/hosts 89f616defd47
b22702e3158ca7e70487 /etc/inittab b32300b974fdaf89bf58c80a144d6d3a /etc/group 3
1c4c2ea7b79761476954e66f9d4ed19 /etc/passwd b85ef5a2b789f8cf124ec14246aa9e73 /e
tc/profile 4d576d06e70c2b1c2cb179486004663a /etc/shells 725ba6f40dff0612f61ecd3
f171bb3e1 /etc/ipkg.conf 1fff16ab8e263b83e9369d25aa0cb537 /etc/sysctl.conf a755
09ee61474477a189d10dc25c6f87 /etc/config/fstab ff06e6fb3522b2300f9761f1eab233e9
 /etc/config/system d010fff2064adca79fddde95a1991bf0 /etc/config/fstab ff06e6fb
3522b2300f9761f1eab233e9 /etc/config/system d010fff2064adca79fddde95a1991bf0
Version: 13-r11579
...
Package: iptables
Status: install ok installed
Root: /
Conffiles: /etc/firewall.config 4f8ae0dac82f7a269b6587d4c4d0b285 /etc/firewall.
user f626143fa22ae40fe361eaceb69d2942
Version: 1.3.8-3

So I propose the following algorithm: add to the backup every file listed there whose current md5sum is different to the listed md5sum.

That should cover everything you've had to add explicitly, apart from /etc/dropbear/

This gives the bonus that if you haven't touched a file like /etc/firewall.user you get the new default automatically, but if you have touched it, you get to keep your old one.

comment:4 Changed 10 years ago by thepeople

  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:5 Changed 8 years ago by thepeople

  • Resolution set to fixed
  • Status changed from reopened to closed
  • Version set to Kamikaze trunk

fixed r19964.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.