def set_backup_schedule(user_data):
redis_client = RedisClient()
redis_client.hmset("backup_schedule_task", user_data)
if user_data["enabled"]:
if user_data["cycle"].lower() == "day":
os.system(
"echo \"%s %s * * * root /opt/skyguard/www/app/backup_utility.py doschedule > /dev/null 2>&1 \" > /etc/cron.d/sgBackupSchedule"
% (user_data["minute"], user_data["hour"]))
elif user_data["cycle"].lower() == "week":
weekdays = ""
for i in range(len(user_data["weekday"])):
if i == 0:
weekdays = user_data["weekday"][i]
else:
weekdays = weekdays + "," + user_data["weekday"][i]
os.system(
"echo \"%s %s * * %s root /opt/skyguard/www/app/backup_utility.py doschedule > /dev/null 2>&1 \" > /etc/cron.d/sgBackupSchedule"
% (user_data["minute"], user_data["hour"], weekdays))
elif user_data["cycle"].lower() == "month":
os.system(
"echo \"%s %s %s * * root /opt/skyguard/www/app/backup_utility.py doschedule > /dev/null 2>&1 \" > /etc/cron.d/sgBackupSchedule"
% (user_data["minute"], user_data["hour"],
user_data["dayofMonth"]))
utils.app_command_quiet("service cron restart")
else:
utils.app_command("rm -f /etc/cron.d/sgBackupSchedule")
utils.app_command_quiet("service cron restart")
return 0
def _get_backup_networking_files(tmp_folder):
'''
Get networking files need to be backup
:param tmp_folder: files wiil be stored into tmp_folder
:return: file name list that will be backup
'''
# get networking files of backup
ret_files = []
# backup hostname info into redis
bk_hostname = _get_hostname()
if bk_hostname != "":
utils.app_command("echo %s > /tmp/hostname.backup" % _get_hostname())
utils.app_command_quiet("sudo cp /tmp/hostname.backup " + tmp_folder +
"/")
ret_files.append("hostname.backup")
utils.app_command_quiet("sudo cp /etc/network/interfaces " + tmp_folder +
"/")
utils.app_command_quiet("sudo chmod 777 " + tmp_folder + "/interfaces")
ret_files.append("interfaces")
utils.app_command_quiet("sudo cp /etc/resolv.conf " + tmp_folder + "/")
utils.app_command_quiet("sudo chmod 777 " + tmp_folder + "/resolv.conf")
ret_files.append("resolv.conf")
# if UCSG, also return pbr files
device_type = utils.get_device_type()
if device_type == 2 or device_type == 6 or device_type == 13:
dir_path = "/opt/skyguard/www/app"
for f in os.listdir(dir_path):
if isfile(join(dir_path, f)) and f.find("pbr-") != -1:
shutil.copy(join(dir_path, f), tmp_folder + "/")
ret_files.append(f)
return ret_files
def set_itms_config(itms_config, password):
#TODO port -> iptables
os.system("/sbin/iptables -t filter -C FORWARD -d 172.238.238.241/32 -p udp -m udp --dport 5000 -j ACCEPT > /dev/null 2>&1 || /sbin/iptables -t filter -A FORWARD -d 172.238.238.241/32 -p udp -m udp --dport 5000 -j ACCEPT")
if os.path.isfile(iptable_restore_file):
os.system("sed -i \'/-t filter/d' %s" % iptable_restore_file)
os.system("echo \"/sbin/iptables -t filter -A FORWARD -d 172.238.238.241/32 -p udp -m udp --dport 5000 -j ACCEPT\" >> %s" % iptable_restore_file)
(ret, output) = utils.app_command("/sbin/iptables-save | grep itp-")
if not output[0] == "":
port = get_port_from_rule(output[0])
if not port == itms_config["port"]:
# remove all nat rules from restore file
if os.path.isfile(iptable_restore_file):
os.system("sed -i \'/-t nat/d\' %s" % iptable_restore_file)
for rule in output:
utils.app_command("/sbin/iptables -t nat %s" % rule.replace("-A", "-D"))
new_rule = rule.replace("--dport %d" % port, "--dport %d" % itms_config["port"])
utils.app_command("/sbin/iptables -t nat %s" % new_rule)
os.system("echo \"iptables -t nat %s\" >> %s" % (new_rule, iptable_restore_file))
if not password == "":
import hashlib
itm_user = {"username": itms_config["username"].encode("utf-8"), "password": hashlib.sha256(password).hexdigest()}
add_user.update(**itm_user)
# create crontab to rotate ES index
os.system("echo \"13 1 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index.sh network http://172.238.238.239:9200 30 >> /var/log/esrotate.log\" > /etc/cron.d/rotateES")
os.system("echo \"23 1 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index.sh swg http://172.238.238.239:9200 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"33 1 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index.sh incidentlog http://172.238.238.239:9200 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"43 1 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index.sh dns http://172.238.238.239:9200 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"48 1 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index.sh endpoint http://172.238.238.239:9200 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"53 1 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index.sh aclog http://172.238.238.239:9200 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"58 1 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index.sh ssl http://172.238.238.239:9200 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"10 2 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index.sh ep_dlp http://172.238.238.239:9200 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"15 2 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index.sh ep_others http://172.238.238.239:9200 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"20 2 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index.sh ep_process http://172.238.238.239:9200 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"25 2 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index.sh ep_system http://172.238.238.239:9200 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"30 2 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index.sh ep_systemlog http://172.238.238.239:9200 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
# clean itp results
os.system("echo \"35 2 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index-ts.sh ers_results http://172.238.238.239:9200 timestamp 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"40 2 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index-ts.sh ers_interval_results http://172.238.238.239:9200 timestamp 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"45 2 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index-ts.sh anomalies_scores http://172.238.238.239:9200 timestamp 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"45 2 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index-ts.sh ars_scores http://172.238.238.239:9200 timestamp 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"45 2 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index-ts.sh ars_result http://172.238.238.239:9200 timestamp 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("echo \"45 2 * * * root bash /opt/skyguard/itpcli/rotate-elasticsearch-index-ts.sh eas_result http://172.238.238.239:9200 timestamp 30 >> /var/log/esrotate.log\" >> /etc/cron.d/rotateES")
os.system("systemctl restart cron")
#load docker images and start docker-compose
init_itp_compose()
def get_itm_conf():
#TODO get port from iptables
(ret, output) = utils.app_command("/sbin/iptables-save | grep itp-")
if not output[0] == "":
port = get_port_from_rule(output[0])
else:
port = 514
user = add_user.show()
return {"port" : port, "username" : user["username"]}
def do_show(self, paras):
try:
args = paras.strip().split()
if len(args) != 1:
print u"输入参数数目不合法, 请参考帮助文档"
return
if args[0] == "model" or args[0] == "hostname" or args[
0] == "device-id":
info = _get_device_info(args[0])
print info if info != "" else u"获取信息失败, 请联系技术支持人员"
elif args[0] == "cpu" or args[0] == "memory" or args[0] == "disk":
info = _get_monitoring_info(args[0])
print info if info != "" else u"获取信息失败, 请联系技术支持人员"
elif args[0] == "date" or args[0] == "time" or args[
0] == "timezone":
info = _get_time_info(args[0])
print info if info != "" else u"获取信息失败, 请联系技术支持人员"
elif args[0] == "route":
info = _get_route_info()
print info if info != "" else u"获取路由信息失败, 请联系技术支持人员"
elif args[0] == "interface":
info = _get_interface_info()
print info if info != "" else u"获取interface信息失败, 请联系技术支持人员"
elif args[0] == "gateway":
gateway = _get_ip_info("gateway")
print gateway if gateway != "" else u"获取gateway失败, 请联系技术支持人员"
elif args[0] == "dns":
dns = _get_ip_info("dns")
print dns if dns != "" else u"获取DNS失败, 请联系技术支持人员"
elif args[0] == "version":
info = _get_version_info()
print info if info != "" else u"获取版本信息失败, 请联系技术支持人员"
elif args[0] == "mtu":
(ret, output) = utils.app_command(
"netstat -i | awk -F' ' '{print $1,$2}' | tail -n +3")
if ret == 0:
print output
else:
print u"获取网卡MTU失败, 请联系技术支持人员"
else:
print u"输入不合法, 请参考帮助文档"
except Exception, e:
print u"执行命令失败, 请联系技术支持人员。错误内容: " + e.message
def _update_nic_mtu(nic_name, mtu_value):
if nic_name == "lo":
return u"不能指定lo网卡的MTU"
if not mtu_value.isdigit():
return u"请指定MTU值为整数"
intf = interfaces.Interfaces()
adapter = intf.getAdapter(nic_name)
if adapter is None:
return u"指定的网卡不存在"
nic_info = adapter.export()
cmd = "ifconfig %s mtu %s" % (nic_name, str(mtu_value))
if nic_info.has_key("post-up") and isinstance(nic_info["post-up"], list):
nic_info["post-up"].append(cmd)
else:
nic_info["post-up"] = [cmd]
intf.writeInterfaces()
(ret, output) = utils.app_command(cmd)
if ret == 0:
return ""
else:
print u"设置网卡MTU失败"
def _restore_appliance(app_filename):
tmp_folder = tempfile.mkdtemp(prefix="backup.", dir="/tmp")
(ret, output) = utils.app_command("tar xfvz %s -C %s" %
(app_filename, tmp_folder))
current_path = os.getcwd()
os.chdir(tmp_folder)
app_filename = os.path.basename(app_filename)
device_type = utils.get_device_type()
# copy networking files to some place, _post_restore will use them
cur_dir = os.getcwd()
if os.path.exists(cur_dir + "/interfaces"):
shutil.rmtree(temp_dir_networking, ignore_errors=True)
os.makedirs(temp_dir_networking)
utils.app_command_quiet("cp interfaces " + temp_dir_networking)
utils.app_command_quiet("cp resolv.conf " + temp_dir_networking)
utils.app_command_quiet("cp hostname.backup " + temp_dir_networking)
if device_type == 2 or device_type == 6 or device_type == 13:
utils.app_command_quiet("cp pbr-* " + temp_dir_networking)
# restore hostname
if os.path.exists(cur_dir + "/hostname.backup"):
utils.app_command_quiet("cp hostname.backup " +
temp_dir_networking)
_restore_hostname(temp_dir_networking + "/hostname.backup")
#restore pcap config file
if device_type == 2:
has_file = False
for bro_cfg in bro_backup_filelist:
if os.path.isfile(os.path.basename(bro_cfg)):
has_file = True
shutil.copy(os.path.basename(bro_cfg), bro_cfg)
common_bro_rep_str = 'redef snaplen = 32768;\\nconst store_disk_length = 4096 \\&redef;\\nconst ftp_capture_max_file_size =100000000 \\&redef;\\nconst smb_capture_max_file_size =100000000 \\&redef;\\nconst http_capture_max_file_size =100000000 \\&redef;\\nconst smtp_capture_max_file_size =100000000 \\&redef;\\nconst imap_capture_max_file_size =100000000 \\&redef;\\nconst pop3_capture_max_file_size =100000000 \\&redef;'
os.system(
"sed -i ':a;N;$!ba;s/\\(.*\\)redef snaplen = 32768;\\(.*\\)/\\1%s\\2/' /usr/local/bro/share/bro/policy/protocols/spe-common/common.bro"
% (common_bro_rep_str))
if has_file == True:
device_mode = utils.get_device_work_mode()
current_mode = utils.get_monitor_mode()
restore_mode = utils.get_monitor_mode()
if device_mode == 1 and not current_mode == restore_mode:
utils.logger("Restore monitor mode to %s" % restore_mode)
utils.app_command(
"/opt/skyguard/www/app/device_work_mode.py switch force")
if device_type == 2 or device_type == 4 or device_type == 6 or device_type == 8:
#Restore iptables, ebtables first - in case device work doesn't change which will not refresh these tables
for bk_file in app_backup_filelist:
if (device_type == 4
or device_type == 8) and "ebtables" in bk_file:
continue
if os.path.isfile(os.path.basename(bk_file)):
shutil.copy(os.path.basename(bk_file), bk_file)
device_mode = utils.get_device_work_mode()
# Flush ebtables
if device_type == 2 or device_type == 6 and device_mode != 4: # device mode is not proxy mode
utils.app_command_quiet("/sbin/ebtables -t broute -F")
utils.app_command_quiet(
"/bin/sh /opt/skyguard/www/app/ebtables-rules-%d" %
int(device_mode))
utils.app_command_quiet(
"/sbin/iptables-restore < /opt/skyguard/www/app/iptables-rules-%d"
% int(device_mode))
app_restore = app_filename.replace(".tar.gz", ".conf")
with open(app_restore) as config_data:
config = json.load(config_data)
monitor_mode = utils.get_monitor_mode()
agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT)
# restore device work mode
if config.has_key("device_work_mode"):
device_work_mode = config["device_work_mode"]
device_type = utils.get_device_type()
if device_type == 2 or device_type == 6:
res = agent_client.set_information(
{"device_work_mode": device_work_mode})
res_json = json.loads(res)
if res_json["responseCode"] != 200:
utils.app_logger("Restore device_work_mode encounter error",
"error")
return False
if device_work_mode == 1:
utils.app_command(
"sudo /opt/skyguard/www/app/device_work_mode.py switch %s"
% monitor_mode)
# restore protocol settings
device_work_mode = utils.get_device_work_mode()
if config.has_key("protocol"):
utils.app_conf_write({"protocol": config["protocol"]})
if device_work_mode == 1 and monitor_mode == "pcap" and config[
"protocol"].has_key("netObject"):
try:
res = agent_client.set_protocol_settings(
"netObject", config["protocol"]["netObject"])
except httplib.HTTPException:
agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT)
res = agent_client.set_protocol_settings(
"netObject", config["protocol"]["netObject"])
#restore pcap file in swg
if device_type == 6:
for bro_cfg in bro_backup_filelist_swg:
if os.path.isfile(os.path.basename(bro_cfg)):
shutil.copy(os.path.basename(bro_cfg), bro_cfg)
# if bro run ,restart
ret = os.system(
"ps -ef |grep /usr/local/bro/bin/bro |grep -v grep > /dev/null 2>&1"
)
if ret == 0:
os.system("/usr/local/bro/bin/broctl deploy > /dev/null 2>&1")
import time
time.sleep(1)
# restore global bypass
if config.has_key("globalbypass"):
res = utils.app_conf_write({"globalbypass": config["globalbypass"]})
#restore exception list
if config.has_key("exception"):
res = utils.app_conf_write({"exception": config["exception"]})
# restore backup settings
if config.has_key("backup_settings"):
backup_settings = config["backup_settings"]
try:
res = agent_client.set_backup_settings(backup_settings)
except httplib.HTTPException:
agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT)
res = agent_client.set_backup_settings(backup_settings)
res_json = json.loads(res)
if res_json["responseCode"] != 200:
utils.app_logger("Restore backup_settings encounter error",
"error")
return False
# restore snmp settings
if config.has_key("snmp_settings"):
snmp_settings = config["snmp_settings"]
try:
res = agent_client.set_information(
{"snmp_settings": snmp_settings})
except httplib.HTTPException:
agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT)
res = agent_client.set_information(
{"snmp_settings": snmp_settings})
res_json = json.loads(res)
if res_json["responseCode"] != 200:
utils.app_logger("Restore snmp_settings encounter error", "error")
return False
# restore device time info
if config.has_key("device_time_info"):
device_time_info = config["device_time_info"]
if device_time_info.has_key("ntp") and device_time_info["ntp"]:
new_time_info = json.loads(
agent_client.get_device_time())["device_time_info"]
new_time_info["ntp"] = device_time_info["ntp"]
new_time_info["ntpserver"] = device_time_info["ntpserver"]
config = {}
config["device_time_info"] = new_time_info
try:
res = agent_client.set_config(config)
except httplib.HTTPException:
agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT)
res = agent_client.set_config(config)
res_json = json.loads(res)
if res_json["responseCode"] != 200:
utils.app_logger("Restore device_time_info encounter error",
"error")
return False
# restore proxy settings
if config.has_key("proxy_settings"):
proxy_settings = config["proxy_settings"]
try:
res = agent_client.set_proxy_settings(proxy_settings)
except httplib.HTTPException:
agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT)
res = agent_client.set_proxy_settings(proxy_settings)
res_json = json.loads(res)
if res_json["responseCode"] != 200:
utils.app_logger("Restore proxy_settings encounter error", "error")
return False
# restore block pages settings
if config.has_key("block_page_settings"):
utils.app_logger("begim to restore block_page_settings")
block_page_settings = config["block_page_settings"]
bps = BlockPageSettings()
# first restore the backup block pages
bps.delete_backup_zip()
shutil.copy(os.path.basename(blockpage_backup_customized_zip),
blockpage_backup_customized_zip)
shutil.copy(os.path.basename(blockpage_backup_uploaded_zip),
blockpage_backup_uploaded_zip)
bps.restore_blockpage_dir()
# then update the setting
ret = bps.set_settings(block_page_settings)
utils.app_command_quiet(
"chown -R www-data:www-data /opt/skyguard/download/")
if ret["responseCode"] == 0 or ret["responseCode"] == 1:
utils.app_logger("Succeed to restore block_page_settings")
else:
utils.app_logger("Restore block_page_settings encounter error",
"error")
return False
# restore device base info
if config.has_key("device_base_info"):
agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT)
agent_client.set_information(
{"device_base_info": config["device_base_info"]})
#(ret, output) = utils.app_command("sudo /opt/skyguard/www/app/device_base_info.py set %s" % "'"+json.dumps(config["device_base_info"])+"'")
#if ret != 0:
# utils.app_logger(str(output))
# restore forensics storage
if config.has_key("forensics_storage"):
forensics_storage.set_forensics_capacity(
config["forensics_storage"]["capacity"])
#restore forensic file
if device_type != 1:
if os.path.exists("forensics"):
filelist = os.listdir("forensics")
if filelist != []:
if not os.path.exists(forensics_dir):
os.makedirs(forensics_dir)
FileUtil.copyFilesToDir("forensics", forensics_dir)
#for f in filelist:
# shutil.copy("forensics/"+f,forensics_dir)
#restore collect log dir
if os.path.exists("collect_log"):
filelist = os.listdir("collect_log")
if filelist != []:
if not os.path.exists(collect_log_dir):
os.makedirs(collect_log_dir)
FileUtil.copyFilesToDir("collect_log/", collect_log_dir)
# Restore hybrid.conf if exist
if os.path.isfile("hybrid.conf"):
shutil.copy("hybrid.conf", "/opt/skyguard/www/app/hybrid.conf")
# Resotre hybrid settings
if (device_type == 4
or device_type == 8) and os.path.isfile("gre_info.conf"):
shutil.copy("gre_info.conf", "/opt/skyguard/www/app/gre_info.conf")
'''
with open("hybrid_settings.conf", "r") as hybrid_conf:
hybrid_settings = json.load(hybrid_conf)
agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT)
agent_client.set_hybrid_config(hybrid_settings)
'''
#restore synctime task setting
if config.has_key("synctime_schedule_task"):
redis_client = RedisClient()
if redis_client.exist_key("synctime_schedule_task"):
redis_client.delete_key("synctime_schedule_task")
redis_client.hmset("synctime_schedule_task",
config["synctime_schedule_task"])
#restore backup task setting
if config.has_key("backup_schedule_task"):
redis_client = RedisClient()
if redis_client.exist_key("backup_schedule_task"):
redis_client.delete_key("backup_schedule_task")
redis_client.hmset("backup_schedule_task",
config["backup_schedule_task"])
set_backup_schedule(config["backup_schedule_task"])
#restore ts setting
#if config.has_key("ts_account_info"):
#redis_client = RedisClient()
#if redis_client.exist_key("ts"):
# redis_client.delete_key("ts")
#redis_client.set("ts",config["ts_account_info"])
# restore network setting
bk_interface_file = temp_dir_networking + "/interfaces"
if os.path.exists(bk_interface_file):
import time
time.sleep(5)
utils.app_logger("Restore network setting...")
#utils.app_command_quiet("/etc/init.d/networking stop")
for nic in [
"eth0", "eth1", "eth2", "eth3", "bond0", "bond1", "bond2",
"bond3", "br0"
]:
_remove_old_pbr(nic)
utils.app_logger("Restore /etc/network/interfaces...")
shutil.copy(bk_interface_file, "/etc/network/interfaces")
bk_resolv_file = temp_dir_networking + "/resolv.conf"
utils.app_logger("Restore /etc/resolv.conf...")
shutil.copy(bk_resolv_file, "/etc/resolv.conf")
if device_type == 2 or device_type == 6 or device_type == 13:
utils.app_logger("Restore /opt/skyguard/www/app/pbr-*...")
for f in listdir(temp_dir_networking):
if f.find("pbr-") != -1:
shutil.copy(join(temp_dir_networking, f),
"/opt/skyguard/www/app/")
shutil.rmtree(temp_dir_networking, ignore_errors=True)
#utils.app_command_quiet("/etc/init.d/networking start")
utils.app_logger("Finish to restore network setting.")
# notify mta to update mta ip
if device_type == 2 or device_type == 6:
if utils.get_bonding_status("bond1") == True:
mta_ip = utils.get_ip_address("bond1")
else:
mta_ip = utils.get_ip_address("eth1")
mtaclient = MTA_CLIENT(MTA_ADDR, MTA_PORT)
mtaclient.set_mta_nics("eth1", mta_ip)
os.chdir(current_path)
shutil.rmtree(tmp_folder)
print "Finished restore"
return True
def _remove_old_pbr(nicName):
(ret, output) = utils.app_command("ip rule ls | grep %s" % nicName)
if output != [] and output[0] != "":
for rule in output:
utils.app_command("ip rule del %s" % rule.split(":\t")[1])
# notify mta to update mta ip
if device_type == 2 or device_type == 6:
if utils.get_bonding_status("bond1") == True:
mta_ip = utils.get_ip_address("bond1")
else:
mta_ip = utils.get_ip_address("eth1")
mtaclient = MTA_CLIENT(MTA_ADDR, MTA_PORT)
mtaclient.set_mta_nics("eth1", mta_ip)
os.chdir(current_path)
shutil.rmtree(tmp_folder)
print "Finished restore"
return True
if __name__ == "__main__":
forensics_file = "/opt/skyguard/www/app/forensics_incidents_store_setting.py"
(ret,
output) = utils.app_command("grep \'umount -f -l\' %s" % (forensics_file))
if ret != 0:
os.system('sed -i \'s/umount /umount -f -l /g\' %s' % (forensics_file))
os.system('/etc/init.d/apache2 restart')
if sys.argv[1] == "backup":
filename = _backup_appliance("/tmp/", whether_backup_network=True)
print "/tmp/" + filename
elif sys.argv[1] == "restore":
print _restore_appliance(sys.argv[2])
os.system('/etc/init.d/apache2 restart')