微慑信息网-VulSee.com备份策略一
写shell脚本分别置放于各个网站下,根据实际情况配置,然后在需要备份的时候,登录每个vps进行备份,略感麻烦
备份策略二
通过本地脚本,预先配置每个vps的信息,如IP、端口、用户密码、路径等;在本地执行脚本,并获取下载链接,及时下载备份文件;目前采用策略二;
优点:备份方便
风险:若脚本泄露将导致vps失陷;但可通过ssh证书登录,降低风险;若如此,策略二脚本配置文件可单独存放,在执行脚本时读取即可,降低风险,
(1)直接配置到脚本:
注:可对备份文件进行一些hash,即文件名随机化,避免被探测
#coding:utf-8
'''
python2.7
'''
import paramiko
import datetime
import time
def backup(website,ssh_ip,ssh_port,ssh_user,ssh_pass,webpath,bkClass):
currenttime = datetime.datetime.now().strftime("%Y_%m_%d")
#存放备份文件的路径
#webpath = '/home/wwwroot/default/'+website+'/'
if bkClass == 'conf':
#需要备份的路径
backup_path = '/usr/local/nginx/conf/'
else:
backup_path = '/usr/local/mysql/var/'
#存放备份的文件名
filename = '{}-{}-{}.tar.gz'.format(website,bkClass,currenttime)
#存放备份的文件地址
filePath = webpath + filename
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(ssh_ip,port=ssh_port,username = ssh_user,password=ssh_pass)
cmd = 'tar -zcvf {} {}'.format(filePath,backup_path)
ssh.exec_command(cmd)
time.sleep(5)
cmd_check = 'du -h {}'.format(filePath)
stdin,stdout,stderr = ssh.exec_command(cmd_check)
#stdin.write("Y")
res = stdout.readlines()
print 'File Size:',res[0].split(' ')[0]
print 'File Path:',res[0].split(' ')[1].strip()
print 'Download Url :','http://'+website+'/'+filename
def start():
weblist = [
#{"website":"11.com","ssh_ip":"1.0.0.1","ssh_port":"22","ssh_user":"root","ssh_pass":"123456","webpath":"/home/wwwroot/default/test.com/"},
{"website":"22.com","ssh_ip":"1.2.3.4","ssh_port":"2222","ssh_user":"root","ssh_pass":"root","webpath":"/home/wwwroot/default/ali/"}
]
for webinfo in weblist:
website = webinfo["website"]
ssh_ip = webinfo["ssh_ip"]
ssh_port = webinfo["ssh_port"]
ssh_user = webinfo["ssh_user"]
ssh_pass = webinfo["ssh_pass"]
webpath = webinfo["webpath"]
backup_class = ['db','conf']
for bkClass in backup_class:
backup(website,ssh_ip,ssh_port,ssh_user,ssh_pass,webpath,bkClass)
def main():
start()
if __name__ == '__main__':
main()
(2)配置到ini文件:
#coding:utf-8
'''
python2.7
'''
import paramiko
import datetime
import time
import random
import hashlib
import configparser
def backup(website,ssh_ip,ssh_port,ssh_user,ssh_pass,webpath,bkClass):
currenttime = datetime.datetime.now().strftime("%Y_%m_%d")
#存放备份文件的路径
#webpath = '/home/wwwroot/default/'+website+'/'
if bkClass == 'conf':
#需要备份的路径
backup_path = '/usr/local/nginx/conf/'
else:
backup_path = '/usr/local/mysql/var/'
#存放备份的文件名
filename = '{}-{}-{}.tar.gz'.format(website,bkClass,currenttime)
#存放备份的文件地址
filePath = webpath + filename
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh.connect(ssh_ip,port=ssh_port,username = ssh_user,password=ssh_pass)
cmd = 'tar -zcvf {} {}'.format(filePath,backup_path)
ssh.exec_command(cmd)
time.sleep(5)
cmd_check = 'du -h {}'.format(filePath)
stdin,stdout,stderr = ssh.exec_command(cmd_check)
#stdin.write("Y")
res = stdout.readlines()
print ' [-]File Size:',res[0].split(' ')[0]
print ' [-]File Path:',res[0].split(' ')[1].strip()
print ' [-]Download Url :','http://'+website+'/'+filename
except Exception as e:
print website,e
def start():
config = configparser.ConfigParser()
iniPath = 'server.ini'
config.read(iniPath)
section = config.sections()
for info in section:
print '[+] starting backup :',info
website = info
ssh_ip = config[info]['ssh_ip']
ssh_port = int(config[info]['ssh_port'])
ssh_user = config[info]['ssh_user']
ssh_pass = config[info]['ssh_pass']
webpath = config[info]['webpath']
backup_class = ['db','conf']
for bkClass in backup_class:
backup(website,ssh_ip,ssh_port,ssh_user,ssh_pass,webpath,bkClass)
def main():
start()
if __name__ == '__main__':
main()
ini文件示例,节点为网站域名:
以上,
1、File Size 非实际大小,仅确认是否开始备份,如果要确认实际大小,考虑监控tar压缩进程是否存在,不存在则压缩结束,再判断文件大小,应为实际大小
2、每执行一次备份就连接了一次ssh,可优化仅连接一次;
拓展阅读(点评/知识):
参考:https://www.cnblogs.com/XhyTechnologyShare/p/11935553.html
# 导包
import configparser
config = configparser.ConfigParser() # 类实例化
# 定义文件路径
path = r'D:\Python_Script\new_framework\source_file\broswer_config.ini'# 第一种读取ini文件方式,通过read方法
config.read(path)
value = config['select']['url']
print('第一种方法读取到的值:',value)
# 第二种读取ini文件方式,通过get方法
value = config.get('select','url')
print('第二种方法读取到的值:',value)
# 第三种读取ini文件方式,读取到一个section中的所有数据,返回一个列表
value = config.items('select')
print('第三种方法读取到的值:',value)# 将数据写入到ini文件中
config.add_section('login') # 首先添加一个新的section
config.set('login','username','admin') # 写入数据
config.set('login','password','123456') # 写入数据
config.write(open(path,'a')) #保存数据# 读取ini文件中所有的section
section = config.sections()
print(section)
| 本文标题: | 网站备份策略の脚本 – 2021-09-06-vulsee.com |
| 本文链接: (转载请附上本文链接) | https://vulsee.com/archives/vulsee_2021/0906_14740.html |