From 0400e311783bb6c9bafd437b4e09f247822bee34 Mon Sep 17 00:00:00 2001
From: Bram Prieshof <bram@bprieshof.nl>
Date: Thu, 17 Sep 2020 14:00:11 +0200
Subject: [PATCH] Added encrypted backup function

---
 Backup-Util.conf.example                    | 11 ++++-
 Backup-Util.sh                              | 45 ++++++++++++++++++---
 config/Backup-Util/Backup-Util.unconfigured |  3 +-
 3 files changed, 51 insertions(+), 8 deletions(-)

diff --git a/Backup-Util.conf.example b/Backup-Util.conf.example
index af4de00..0ee8485 100644
--- a/Backup-Util.conf.example
+++ b/Backup-Util.conf.example
@@ -2,6 +2,7 @@
 RMDAYS=14                                                                          #Days until first backup gets removed
 DOMC=01                                                                            #Day of month for monthly backups
 SYSTEMFILES="/etc/nginx/ /etc/apache2/ /etc/php/ /etc/mysql/ /etc/crontab /opt/"   #Folders and files that will be backed
+SYSBACKENC=0                            #Sets if system files use encrypyed tar archive
 
 #Remote
 BACKUPSERVICE=sftp                       #Transfer prtocal use ftp or sftp
@@ -15,6 +16,10 @@ REMOTEPATH=/home                         #Path were backup wil be stored on FTP
 DBUSER='root'                            #MySQL Username
 DBPASS='<MSQLRootPW>'                    #MySQL Root password (syntax '<MSQLRootPW>')
 
+#RSYNC
+RSPORT=22                              #Rsync port
+
+
 ##SiteBackup site backup command, multiple commands are allowed
 #example: SiteBackup -d domain.com -sn domain -db wp_093 -sd "/var/www/domain.com/html" -ext-files "/ext/test.txt" -ai1 -wpupdate
 #
@@ -26,6 +31,8 @@ DBPASS='<MSQLRootPW>'                    #MySQL Root password (syntax '<MSQLRoot
 # -ai1                                   #Enable WP all in one migration backup
 # -wpupdate                              #Enable WP updatedb
 # -nodb                                  #Disable databse backup
-# -snotar                                #Disable site Tar backup
-
+# -snotar                                #Disable site tar creation
+# -srsync                                #syncs site folder via rsync
+# -srsyncdel                             #also syncs deletes monthly (day set by DOMC)
+# -tarenc                               #Enables encrypyed site Tar backup
 
diff --git a/Backup-Util.sh b/Backup-Util.sh
index ddfb4f1..4272ea5 100644
--- a/Backup-Util.sh
+++ b/Backup-Util.sh
@@ -11,8 +11,9 @@ function SiteBackup () {
 
 WPUPDATE=0
 AI1=0
+SITEBACKENC=0
 
-TEMP=`getopt -a -o d: -l sn:,db:,sd:,ext-files:,ai1,wpupdate,nodb,snotar,srsync,srsyncdel -- "$@"`
+TEMP=`getopt -a -o d: -l sn:,db:,sd:,ext-files:,ai1,wpupdate,nodb,snotar,srsync,srsyncdel,tarenc -- "$@"`
 eval set -- "$TEMP"
 while true ; do
     case "$1" in
@@ -60,6 +61,10 @@ while true ; do
             SRSYNCDEL=1
             shift 1
         ;;
+        --tarenc )
+           SITEBACKENC=1
+            shift 1
+        ;;        
         --ext-files )
             SITEEF=$2
             shift 2
@@ -74,6 +79,11 @@ DBARRY=($DBNAME)
 
 echo "Making backup of $SITENAME"
 
+if [ ! -f "$ScriptLocation/key.bin" ] && [ $SITEBACKENC -eq 1 ] ; then
+    echo "Encription key not found"
+    exit
+fi
+
 ##SITE Run
 #creating folder
 SITESENDDIR="$SENDDIR/$TODAY/$SITENAME/"
@@ -84,7 +94,12 @@ if [ "$AI1" = "1" ]; then
     sudo -u "$SITENAME" wp --path="$SITEDIR" plugin update all-in-one-wp-migration-unlimited-extension
     sudo -u "$SITENAME" wp --path="$SITEDIR" plugin update all-in-one-wp-migration
     sudo -u "$SITENAME" wp --path="$SITEDIR" ai1wm backup
-    find "$SITEDIR"/wp-content/ai1wm-backups/ -name "*.wpress" -printf "%P\n"| tar -czf /"$SITESENDDIR"/"$SITENAME"-ai1wm.tar.gz --no-recursion -C "$SITEDIR"/wp-content/ai1wm-backups/ -T - #Create ai1wm tar File
+    if [ $SITEBACKENC -eq 1 ] ; then
+        find "$SITEDIR"/wp-content/ai1wm-backups/ -name "*.wpress" -printf "%P\n"| tar -czf - --no-recursion -C "$SITEDIR"/wp-content/ai1wm-backups/ -T - | openssl enc -e -aes256 -pass file:"$ScriptLocation"/key.bin -out /"$SITESENDDIR"/"$SITENAME"-ai1wm.tar.gz #Create ai1wm tar File
+        cp "$ScriptLocation"/key.bin.enc /"$SITESENDDIR"/"$SITENAME"-ai1wm.key.enc
+    else
+        find "$SITEDIR"/wp-content/ai1wm-backups/ -name "*.wpress" -printf "%P\n"| tar -czf /"$SITESENDDIR"/"$SITENAME"-ai1wm.tar.gz --no-recursion -C "$SITEDIR"/wp-content/ai1wm-backups/ -T - #Create ai1wm tar File
+    fi
     rm -f "$SITEDIR"/wp-content/ai1wm-backups/*.wpress
 fi
 
@@ -94,13 +109,23 @@ if [ "$NODB" != "1" ]; then
     do
         mysqldump -u "$DBUSER" "$i" --password="$DBPASS" --default-character-set=utf8  > "$TMPDIR"/"$SITENAME"-"$i".sql
     done
-    find "$TMPDIR" -name "*.sql" -printf "%P\n"| tar -czf /"$SITESENDDIR"/"$SITENAME"-DB.tar.gz --no-recursion -C "$TMPDIR" -T - #Create tar File                                                                                                                          
+    if [ $SITEBACKENC -eq 1 ] ; then
+        find "$TMPDIR" -name "*.sql" -printf "%P\n"| tar -czf - --no-recursion -C "$TMPDIR" -T - | openssl enc -e -aes256 -pass file:"$ScriptLocation"/key.bin -out /"$SITESENDDIR"/"$SITENAME"-DB.tar.gz  #Create tar File
+        cp "$ScriptLocation"/key.bin.enc  /"$SITESENDDIR"/"$SITENAME"-DB.key.enc
+    else
+        find "$TMPDIR" -name "*.sql" -printf "%P\n"| tar -czf /"$SITESENDDIR"/"$SITENAME"-DB.tar.gz --no-recursion -C "$TMPDIR" -T - #Create tar File 
+    fi                                                                                                                     
     rm -f /"$TMPDIR"/*.sql
 fi
 
 #Taronmogelijking SiteFiles files
 if [ "$SNOTAR" != "1" ]; then
-tar -zcf /"$SITESENDDIR"/"$SITENAME"-Files.tar.gz  $SITEDIR  $SITEEF
+    if [ $SITEBACKENC -eq 1 ] ; then
+        tar -zcf -  $SITEDIR  $SITEEF | openssl enc -e -aes256 -pass file:"$ScriptLocation"/key.bin -out /"$SITESENDDIR"/"$SITENAME"-Files.tar.gz  #Create tar File
+        cp "$ScriptLocation"/key.bin.enc  /"$SITESENDDIR"/"$SITENAME"-Files.key.enc
+    else
+        tar -zcf /"$SITESENDDIR"/"$SITENAME"-Files.tar.gz  $SITEDIR  $SITEEF
+    fi
 fi
 
 #Running WP Update
@@ -135,10 +160,20 @@ source "$ScriptLocation/Backup-Util.conf"
 
 echo "Making backup of System"
 #SYSTEM run
+if [ ! -f "$ScriptLocation/key.bin" ] && [ $SYSBACKENC -eq 1 ] ; then
+    echo "Encription key not found"
+    exit
+fi
+
 #Taring SiteFiles files
 SYSSENDDIR="$SENDDIR/$TODAY/System/"
 mkdir -p $SYSSENDDIR
-tar -zcf /"$SYSSENDDIR"/$(hostname -s)-Files.tar.gz  $SYSTEMFILES
+if [ $SYSBACKENC -eq 1 ] ; then
+    tar -zcf - $SYSTEMFILES | openssl enc -e -aes256 -pass file:"$ScriptLocation"/key.bin -out /"$SYSSENDDIR"/$(hostname -s)-Files.tar.gz
+    cp "$ScriptLocation"/key.bin.enc /"$SYSSENDDIR"/$(hostname -s)-Files.key.enc
+else
+    tar -zcf /"$SYSSENDDIR"/$(hostname -s)-Files.tar.gz  $SYSTEMFILES
+fi
 
 
 echo "Sending files to remote server"
diff --git a/config/Backup-Util/Backup-Util.unconfigured b/config/Backup-Util/Backup-Util.unconfigured
index 866fa04..6550507 100644
--- a/config/Backup-Util/Backup-Util.unconfigured
+++ b/config/Backup-Util/Backup-Util.unconfigured
@@ -2,6 +2,7 @@
 RMDAYS=14                                                                          #Days until first backup gets removed
 DOMC=01                                                                            #Day of month for monthly backups
 SYSTEMFILES="/etc/nginx/ /etc/apache2/ /etc/php/ /etc/mysql/ /etc/crontab /opt/"   #Folders and files that will be backed
+SYSBACKENC=0                            #Sets if system files use encrypyed tar archive
 
 #Remote
 BACKUPSERVICE=sftp                       #Transfer prtocal use ftp or sftp
@@ -33,6 +34,6 @@ RSPORT=22                              #Rsync port
 # -snotar                                #Disable site tar creation
 # -srsync                                #syncs site folder via rsync
 # -srsyncdel                             #also syncs deletes monthly (day set by DOMC)
-
+# -tarenc                               #Enables encrypyed site Tar backup