MediaWiki-API-Ergebnis
This is the HTML representation of the JSON format. HTML is good for debugging, but is unsuitable for application use.
Specify the format parameter to change the output format. To see the non-HTML representation of the JSON format, set format=json.
See the complete documentation, or the API help for more information.
{
"batchcomplete": "",
"continue": {
"gapcontinue": "Scalix_Lenny",
"continue": "gapcontinue||"
},
"warnings": {
"main": {
"*": "Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/> for notice of API deprecations and breaking changes."
},
"revisions": {
"*": "Because \"rvslots\" was not specified, a legacy format has been used for the output. This format is deprecated, and in the future the new format will always be used."
}
},
"query": {
"pages": {
"28": {
"pageid": 28,
"ns": 0,
"title": "Root-CA",
"revisions": [
{
"contentformat": "text/x-wiki",
"contentmodel": "wikitext",
"*": "F\u00fcr meine Zertifikate erstelle ich mir eine eigene Certificate Authority. Server-Zertifikate und User-Zertifikate werden jeweils von einer eigenen CA erstellt.\n\nEs ergibt sich folgende Struktur:\n<pre> Root-CA\n / \\\nServer-CA User-CA\n | |\n SCert 1 UCert 1\n SCert 2 UCert 2\n ... ...\n SCert n UCert m\n</pre>\n\nEs wird das Paket '''openssl''' ben\u00f6tigt:\n<pre>\napt-get install openssl\n</pre>\n\nFolgendes Script '''[[CA mk_ca_struct|mk_ca_struct]]''' legt in einem beliebigen Verzeichnis obige CA-Struktur im Filesystem an. Es ben\u00f6tigt eine angepasste '''[[CA openssl.cnf.tpl|openssl.cnf.tpl]]''' Datei, welche im gleichen Verzeichnis wie das Script selbst liegen muss: '''./scripts'''\n\n<pre>\nscx:~# tar tvjf ca-scripts.tgz\ndrwxr-xr-x root/root 0 2008-06-27 19:00 ca/\ndrwxr-sr-x root/root 0 2008-06-27 19:57 ca/scripts/\n-rw-r--r-- root/root 6500 2008-06-27 19:11 ca/scripts/openssl.cnf.tpl\n-rwxr-xr-x root/root 1559 2008-06-26 22:35 ca/scripts/mk_cert_server\n-rwxr-xr-x root/root 1564 2008-06-26 22:35 ca/scripts/mk_cert_user\n-rwxr--r-- root/root 2892 2008-06-26 22:49 ca/scripts/mk_ca_struct\n</pre>\n\nZuerst lege ich die CA Struktur mit den entsprechenden Zertifikaten an:\n\n<pre>\nscx:~/ca# ./scripts/mk_ca_struct\nWhere to install the CA directories [/root/ca] /root/ca\nmkdir: cannot create directory `/root/ca': File exists\ncp: `./scripts' and `/root/ca/scripts' are the same file\n~/ca ~/ca\n\n----------------------\nErstelle eine Root CA:\n\nGenerating a 2048 bit RSA private key\n..................................................................+++\n...........+++\nunable to write 'random state'\nwriting new private key to 'RootCA/private/RCAkey.pem'\nEnter PEM pass phrase: >>rootCA-Password<<\nVerifying - Enter PEM pass phrase: >>rootCA-Password<<\n-----\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [DE]:\nState or Province Name (full name) [Bayern]:\nLocality Name (eg, city) [Nuernberg]:\nOrganization Name (eg, company) [OrganisationName]:\nOrganizational Unit Name (eg, section or website) [OrganisationUnit]:\nCommon Name (SERVER / USER name) []:rootCA\nEmail Address (eg, YOUR email) [webmaster@company.de]:\nDoing .\n00.pem => 9c05fe89.0\n\n\n----------------------------------------------\nErstelle eine Server CA (signiert von Root CA):\n\nGenerating a 2048 bit RSA private key\n.+++\n....................................................................+++\nunable to write 'random state'\nwriting new private key to 'ServerCA/private/SCAkey.pem'\nEnter PEM pass phrase: >>ServerCA-Password<<\nVerifying - Enter PEM pass phrase: >>ServerCA-Password<<\n-----\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [DE]:\nState or Province Name (full name) [Bayern]:\nLocality Name (eg, city) [Nuernberg]:\nOrganization Name (eg, company) [OrganisationName]:\nOrganizational Unit Name (eg, section or website) [OrganisationUnit]:\nCommon Name (SERVER / USER name) []:serverCA\nEmail Address (eg, YOUR email) [webmaster@company.de]:\n\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\nA challenge password []:\ncompany.de []:\nUsing configuration from openssl.cnf\nEnter pass phrase for /root/ca/RootCA/private/RCAkey.pem: >>rootCA-Password<<\nCheck that the request matches the signature\nSignature ok\nThe Subject's Distinguished Name is as follows\ncountryName :PRINTABLE:'DE'\nstateOrProvinceName :PRINTABLE:'Bayern'\nlocalityName :PRINTABLE:'Nuernberg'\norganizationName :PRINTABLE:'OrganisationName'\norganizationalUnitName:PRINTABLE:'OrganisationUnit'\ncommonName :PRINTABLE:'serverCA'\nemailAddress :IA5STRING:'webmaster@company.de'\nCertificate is to be certified until Jun 26 18:04:15 2013 GMT (1825 days)\nSign the certificate? [y/n]:y\n\n\n1 out of 1 certificate requests certified, commit? [y/n]y\nWrite out database with 1 new entries\nData Base Updated\nunable to write 'random state'\nDoing .\n00.pem => 9c05fe89.0\n01.pem => b99e5d4b.0\n\n\n---------------------------------------------\nErstelle eine User CA (signiert von Root CA):\n\nGenerating a 2048 bit RSA private key\n.................................................................+++\n..........................................................................................+++\nunable to write 'random state'\nwriting new private key to 'UserCA/private/UCAkey.pem'\nEnter PEM pass phrase: >>UserCA-Password<<\nVerifying - Enter PEM pass phrase: >>UserCA-Password<<\n-----\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [DE]:\nState or Province Name (full name) [Bayern]:\nLocality Name (eg, city) [Nuernberg]:\nOrganization Name (eg, company) [OrganisationName]:\nOrganizational Unit Name (eg, section or website) [OrganisationUnit]:\nCommon Name (SERVER / USER name) []:userCA\nEmail Address (eg, YOUR email) [webmaster@company.de]:\n\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\nA challenge password []:\ncompany.de []:\nUsing configuration from openssl.cnf\nEnter pass phrase for /root/ca/RootCA/private/RCAkey.pem: >>rootCA-Password<<\nCheck that the request matches the signature\nSignature ok\nThe Subject's Distinguished Name is as follows\ncountryName :PRINTABLE:'DE'\nstateOrProvinceName :PRINTABLE:'Bayern'\nlocalityName :PRINTABLE:'Nuernberg'\norganizationName :PRINTABLE:'OrganisationName'\norganizationalUnitName:PRINTABLE:'OrganisationUnit'\ncommonName :PRINTABLE:'userCA'\nemailAddress :IA5STRING:'webmaster@company.de'\nCertificate is to be certified until Jun 26 18:04:42 2013 GMT (1825 days)\nSign the certificate? [y/n]:y\n\n\n1 out of 1 certificate requests certified, commit? [y/n]y\nWrite out database with 1 new entries\nData Base Updated\nunable to write 'random state'\nDoing .\n00.pem => 9c05fe89.0\n01.pem => b99e5d4b.0\n02.pem => 47efd334.0\n~/ca\n\nscx:~/ca# l\ntotal 32\ndrwxr-xr-x 2 root root 4096 2008-06-27 20:04 certs/\n-rw-r--r-- 1 root root 6657 2008-06-27 20:03 openssl.cnf\ndrwxr-xr-x 2 root root 4096 2008-06-27 20:03 private/\ndrwxr-xr-x 5 root root 4096 2008-06-27 20:04 RootCA/\ndrwxr-sr-x 2 root root 4096 2008-06-27 19:57 scripts/\ndrwxr-xr-x 5 root root 4096 2008-06-27 20:03 ServerCA/\ndrwxr-xr-x 5 root root 4096 2008-06-27 20:04 UserCA/\n</pre>\n\nIm Anschluss erzeuge mein Server Zertifikat mit '''[[CA mk_cert_server|mk_cert_server]]''' z.B. f\u00fcr einen Imap-Server (analog mit '''[[CA mk_cert_user|mk_cert_user]]''' f\u00fcr User):\n\n<pre>\nscx:~/ca# ./scripts/mk_cert_server\n~/ca ~/ca\n\nServer-Cert Name: apache\n--------\napacheKey.pem & apacheReq.pem ...\n\nGenerating a 1024 bit RSA private key\n...............................++++++\n.....................++++++\nunable to write 'random state'\nwriting new private key to 'apacheKey.pem'\nEnter PEM pass phrase: >>apache Passwort<<\nVerifying - Enter PEM pass phrase: >>apache Passwort<<\n-----\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [DE]:\nState or Province Name (full name) [Bayern]:\nLocality Name (eg, city) [Nuernberg]:\nOrganization Name (eg, company) [OrganisationName]:\nOrganizational Unit Name (eg, section or website) [OrganisationUnit]:\nCommon Name (SERVER / USER name) []:apache\nEmail Address (eg, YOUR email) [webmaster@company.de]:\n\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\nA challenge password []:\ncompany.de []:\n\nPasswort aus apacheKey.pem entfernen [y] ?\nEnter pass phrase: >>apache Passwort<<\nwriting RSA key\n====================\napacheCert.pem ...\n====================\nUsing configuration from openssl.cnf\nEnter pass phrase for /root/ca/ServerCA/private/SCAkey.pem: >>ServerCA Passwort<<\nCheck that the request matches the signature\nSignature ok\nThe Subject's Distinguished Name is as follows\ncountryName :PRINTABLE:'DE'\nstateOrProvinceName :PRINTABLE:'Bayern'\nlocalityName :PRINTABLE:'Nuernberg'\norganizationName :PRINTABLE:'OrganisationName'\norganizationalUnitName:PRINTABLE:'OrganisationUnit'\ncommonName :PRINTABLE:'apache'\nemailAddress :IA5STRING:'webmaster@company.de'\nCertificate is to be certified until Jun 27 16:58:02 2013 GMT (1825 days)\nSign the certificate? [y/n]:y\n\n\n1 out of 1 certificate requests certified, commit? [y/n]y\nWrite out database with 1 new entries\nData Base Updated\nunable to write 'random state'\n----------------------------------------------\n\ncerts:\ntotal 36\n-rw-r--r-- 1 root root 1911 2008-06-27 20:03 00.pem\n-rw-r--r-- 1 root root 5643 2008-06-27 20:04 01.pem\n-rw-r--r-- 1 root root 5641 2008-06-27 20:04 02.pem\nlrwxrwxrwx 1 root root 6 2008-06-27 20:04 47efd334.0 -> 02.pem\nlrwxrwxrwx 1 root root 6 2008-06-27 20:04 9c05fe89.0 -> 00.pem\n-rw------- 1 root root 4888 2008-06-28 18:58 apacheCert.pem\nlrwxrwxrwx 1 root root 6 2008-06-27 20:04 b99e5d4b.0 -> 01.pem\n\nprivate:\ntotal 24\n-rw------- 1 root root 887 2008-06-28 18:57 apache-Key.pem\n-rw------- 1 root root 963 2008-06-28 18:57 apacheKey.pem\n\n~/ca\n</pre>\n\nDas Zertifikat verwende ich f\u00fcr den Apache Webserver und teste es anschliessend.\nEs gibt zwei Key-Files f\u00fcr das Zertifikat '''apacheCert.pem''', eins mit Passwort ('''apacheKey.req'''), das andere ('''apache-Key.req''') ohne Passwort, damit der Server automatisch starten kann, ohne das ein Passwort erfragt wird.\n<pre>\nscx:~/ca# cat /etc/apache2/sites-enabled/default-ssl\nNameVirtualHost *:443\n\n<VirtualHost *:443>\n ServerName apache.company.de\n ServerAdmin webmaster@company.de\n\n SSLEngine On\n SSLCipherSuite HIGH:MEDIUM\n SSLCertificateFile /root/ca/certs/apacheCert.pem\n SSLCertificateKeyFile /root/ca/ServerCA/private/apache-Key.pem\n\n # SSLProxyEngine On\n\n CustomLog /var/log/apache2/access_https.log combined\n ErrorLog /var/log/apache2/error_https.log\n\n # debug, info, notice, warn, error, crit, alert, emerg\n LogLevel warn\n\n ServerSignature Off\n\n DocumentRoot /var/www/\n\n <Directory />\n Options FollowSymLinks\n AllowOverride None\n </Directory>\n\n <Directory /var/www/>\n Options Indexes FollowSymLinks MultiViews\n AllowOverride AuthConfig\n Order allow,deny\n allow from all\n RedirectMatch ^/$ /apache2-default/\n </Directory>\n\n ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/\n <Directory \"/usr/lib/cgi-bin\">\n AllowOverride None\n Options ExecCGI -MultiViews +SymLinksIfOwnerMatch\n Order allow,deny\n Allow from all\n </Directory>\n\n Alias /debian-doc/ /usr/share/doc/\n <Directory /usr/share/doc/>\n Options Indexes MultiViews FollowSymLinks\n AllowOverride None\n Order deny,allow\n Allow from all\n </Directory>\n\n</VirtualHost>\n</pre>\n<pre>\nscx:~/ca# /etc/init.d/apache2 restart\n</pre>\n\nEin Test (nach der Installation des Zertifikates auf dem lokalem Webserver) sieht dann so aus, man sieht die mehrstufige Hierarchie der Zertifikate bzw. CA inkl. ServerCA und rootCA.\n<pre>\nscx:~/ca# openssl s_client -CApath /root/ca/certs -port 443 -host localhost > /tmp/foo\ndepth=2 /C=DE/ST=Bayern/L=Nuernberg/O=OrganisationName/OU=OrganisationUnit/CN=rootCA/emailAddress=webmaster@company.de\nverify return:1\ndepth=1 /C=DE/ST=Bayern/L=Nuernberg/O=OrganisationName/OU=OrganisationUnit/CN=serverCA/emailAddress=webmaster@company.de\nverify return:1\ndepth=0 /C=DE/ST=Bayern/L=Nuernberg/O=OrganisationName/OU=OrganisationUnit/CN=apache/emailAddress=webmaster@company.de\nverify return:1\n\n>>CTRL-C<<\n</pre>\n\nIm Anschluss habe ich folgende Verzeichnisstruktur:\n<pre>\nscx:~/ca# ls -lR\n.:\ntotal 32\ndrwxr-xr-x 2 root root 4096 2008-06-27 20:20 certs/\n-rw-r--r-- 1 root root 6657 2008-06-27 20:03 openssl.cnf\ndrwxr-xr-x 2 root root 4096 2008-06-27 20:20 private/\ndrwxr-xr-x 5 root root 4096 2008-06-27 20:04 RootCA/\ndrwxr-sr-x 2 root root 4096 2008-06-27 19:57 scripts/\ndrwxr-xr-x 5 root root 4096 2008-06-27 20:20 ServerCA/\ndrwxr-xr-x 5 root root 4096 2008-06-27 20:04 UserCA/\n\n./certs:\ntotal 28\n-rw-r--r-- 1 root root 1911 2008-06-27 20:03 00.pem\n-rw-r--r-- 1 root root 5643 2008-06-27 20:04 01.pem\n-rw-r--r-- 1 root root 5641 2008-06-27 20:04 02.pem\nlrwxrwxrwx 1 root root 6 2008-06-27 20:04 47efd334.0 -> 02.pem\nlrwxrwxrwx 1 root root 6 2008-06-27 20:04 9c05fe89.0 -> 00.pem\nlrwxrwxrwx 1 root root 6 2008-06-27 20:04 b99e5d4b.0 -> 01.pem\n-rw------- 1 root root 4909 2008-06-27 20:20 apacheCert.pem\n\n./private:\ntotal 8\n-rw------- 1 root root 887 2008-06-27 20:20 apache-Key.pem\n-rw------- 1 root root 963 2008-06-27 20:20 apacheKey.pem\n\n./RootCA:\ntotal 36\ndrwxr-xr-x 2 root root 4096 2008-06-27 20:03 certs/\n-rw-r--r-- 1 root root 280 2008-06-27 20:04 index.txt\n-rw-r--r-- 1 root root 20 2008-06-27 20:04 index.txt.attr\n-rw-r--r-- 1 root root 21 2008-06-27 20:04 index.txt.attr.old\n-rw-r--r-- 1 root root 141 2008-06-27 20:04 index.txt.old\ndrwxr-xr-x 2 root root 4096 2008-06-27 20:04 newcerts/\ndrwx------ 2 root root 4096 2008-06-27 20:03 private/\n-rw-r--r-- 1 root root 3 2008-06-27 20:04 serial\n-rw-r--r-- 1 root root 3 2008-06-27 20:04 serial.old\n\n./RootCA/certs:\ntotal 0\n\n./RootCA/newcerts:\ntotal 16\n-rw-r--r-- 1 root root 5643 2008-06-27 20:04 01.pem\n-rw-r--r-- 1 root root 5641 2008-06-27 20:04 02.pem\n\n./RootCA/private:\ntotal 8\n-rw-r--r-- 1 root root 1911 2008-06-27 20:03 RCAcert.pem\n-rw-r--r-- 1 root root 1751 2008-06-27 20:03 RCAkey.pem\n\n./scripts:\ntotal 20\n-rwxr--r-- 1 root root 2892 2008-06-26 22:49 mk_ca_struct*\n-rwxr-xr-x 1 root root 1550 2008-06-27 20:19 mk_cert_server*\n-rwxr-xr-x 1 root root 1555 2008-06-27 20:31 mk_cert_user*\n-rw-r--r-- 1 root root 6500 2008-06-27 19:11 openssl.cnf.tpl\n\n./ServerCA:\ntotal 28\ndrwxr-xr-x 2 root root 4096 2008-06-27 20:20 certs/\n-rw-r--r-- 1 root root 148 2008-06-27 20:20 index.txt\n-rw-r--r-- 1 root root 21 2008-06-27 20:20 index.txt.attr\n-rw-r--r-- 1 root root 0 2008-06-27 20:03 index.txt.old\ndrwxr-xr-x 2 root root 4096 2008-06-27 20:20 newcerts/\ndrwx------ 2 root root 4096 2008-06-27 20:20 private/\n-rw-r--r-- 1 root root 3 2008-06-27 20:20 serial\n-rw-r--r-- 1 root root 3 2008-06-27 20:03 serial.old\n\n./ServerCA/certs:\ntotal 8\n-rw------- 1 root root 4909 2008-06-27 20:20 apacheCert.pem\n\n./ServerCA/newcerts:\ntotal 8\n-rw-r--r-- 1 root root 4909 2008-06-27 20:20 01.pem\n\n./ServerCA/private:\ntotal 28\n-rw------- 1 root root 887 2008-06-27 20:20 apache-Key.pem\n-rw------- 1 root root 963 2008-06-27 20:20 apacheKey.pem\n-rw-r--r-- 1 root root 737 2008-06-27 20:20 apacheReq.pem\n-rw-r--r-- 1 root root 5643 2008-06-27 20:04 SCAcert.pem\n-rw-r--r-- 1 root root 1751 2008-06-27 20:04 SCAkey.pem\n-rw-r--r-- 1 root root 1082 2008-06-27 20:04 SCAreq.pem\n\n./UserCA:\ntotal 16\ndrwxr-xr-x 2 root root 4096 2008-06-27 20:04 certs/\n-rw-r--r-- 1 root root 0 2008-06-27 20:04 index.txt\ndrwxr-xr-x 2 root root 4096 2008-06-27 20:04 newcerts/\ndrwx------ 2 root root 4096 2008-06-27 20:04 private/\n-rw-r--r-- 1 root root 3 2008-06-27 20:04 serial\n\n./UserCA/certs:\ntotal 0\n\n./UserCA/newcerts:\ntotal 0\n\n./UserCA/private:\ntotal 16\n-rw-r--r-- 1 root root 5641 2008-06-27 20:04 UCAcert.pem\n-rw-r--r-- 1 root root 1751 2008-06-27 20:04 UCAkey.pem\n-rw-r--r-- 1 root root 1078 2008-06-27 20:04 UCAreq.pem\n</pre>"
}
]
},
"48": {
"pageid": 48,
"ns": 0,
"title": "Scalix Backup",
"revisions": [
{
"contentformat": "text/x-wiki",
"contentmodel": "wikitext",
"*": "=== Scalix Backup ===\n\nSkript zum sichern der Scalix Mailboxen und Scalix Installation.\n\n<pre>#!/bin/sh\n###############################################################################\n# sxbackup:\n# a backup script for scalix mail servers\n#\n# This script is used to backup Scalix mail servers; it exports each\n# user to a bzip2 compressed file using the 'sxmboxexp' command, then\n# duplicates the scalix data directory using rsync.\n#\n# Before using this program you should set the values of the variables\n# below to match your server/preferences.\n#\n# For detailed descriptions of the available command line switches,\n# execute the program with the -h flag.\n#\n#\n# Copyright (C) 2006 Jon Allie <jon@jonallie.com>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n#\n#\n#\n# ------------------------------ Modifications ----------------------------\n#\n# Ianar\u00e9 S\u00e9vi <ianare@gmail.com> last modified on 2006-10-13:\n#\n# Combined various incarnations and patches of the original script\n# found here: http://www.scalix.com/community/viewtopic.php?t=1922\n# into a fully working script. Huge thanks to all the original\n# contributors - I am but a shadow in their footsteps.\n#\n# Added -r option and associated programming to allow rotation of backups\n# based on the day of the week (7 working backups)\n#\n# Added -c option and associated programming to allow backing up of system\n# configuration files in case of complete hardware failure for example.\n#\n# Added various error checking.\n#\n###############################################################################\n\n\n\n### Main variables:\n# You MUST modify these for the script to work!\n#\nMAILNODE=$(omshowmn | grep '**' | tr -d \\t | cut -f 3)\nbackuproot=/var/opt/scalix/backup\nROOT_BACKUP_DIR=/var/opt/scalix/backup\nSCALIX_DIR=/var/opt/scalix/${MAILNODE:0:1}${MAILNODE: -1:1}\nSCALIX_BIN=/opt/scalix/bin\nLOGFILE=/var/log/sxbackup.log\nUSERFILE=/tmp/userfile.$$\nDATE=`date +\"%Y-%m-%d\"`\nPROCESS_BLOCK_SIZE=5\nROTATE_BACKUP=Y\nBACKUP_CONFIGURATION=Y\n\n### Configuration file locations:\n# Modify these if backing up configuration files.\n# The entire directory contents will be recursively tar'ed.\n# Use a blank value to skip.\n#\nCONF_MAIL=/etc/mail\nCONF_SYSCONFIG=\nCONF_HTTPD=/etc/apache2\nCONF_AV=/etc/clamav\nCONF_STUNNEL=\nCONF_RULESET=\nCONF_OTHER=\n\n\n### function declarations\n\nfunction usage\n{\nprintf $\"\nUsage: sxbackup [-h] [-b backup dir] [-d scalix data dir] [-s scalix bin dir]\n [-l logfile] [-u user file] [-m mailnode] [-r rotate backups (Y|N)]\n [-c backup configuration files (Y|N)]\n\n sxbackup comes with ABSOLUTELY NO WARRANTY. This is free software, and you\n are welcome to redistribute it under certain conditions. See the GNU\n General Public Licence for details.\n\nsxbackup is a shell script to perform both user level and system level backups\nof a Scalix mail server. User mailboxes are backed up via the 'sxmboxexp' utility\nand are stored in a configurable backup directory in a subdirectory named the\nsame as the mailnode being backed up. Systems level backups are performed by\ncopying the whole Scalix data dir (usually /var/opt/scalix) to a backup directory\nusing rysnc.\n\nMost options can be configured by setting the values of the variables in the script\nor can be passed to the script at runtime\n\nOptions:\n -h : print this message and exit\n\n -m <mailnode> : mailnode to dump users from\n\n -b <backup dir> : backup directory. This directory will store both the user and\n system level backups. User backups are stored in a subdirectory\n under this directory users/<mailnode>/<userfile>.\n\n -d <scalix dir> : scalix data dir. Defaults to /var/opt/scalix\n\n -s <bin dir> : scalix bin dir. Contains scalix utility binaries. Defaults to\n /opt/scalix/bin\n\n -l <logfile> : path to a logfile for logging backup actions.\n\n -u <userfile> : userfile. This file is created during the user mailbox\n backup. Defaults to /tmp/userfile.[pid]\n\n -r <Y|N> : whether or not to rotate backups on 7 day schedule.\n\n -c <Y|N> : whether or not to backup configuration files.\n\n\nCopyright (C) 2006 by Jon Allie <jon@jonallie.com>\n\nWith contributions from Scalix.com forum members.\\n\\n\"\n\nexit ${1:-0}\n}\n\nfunction badInput\n{\n echo \"Use -h for more information.\"\n echo\n exit 1\n}\n\nfunction log_it\n{\n echo \"[ `date` ]: $*\" >>$LOGFILE\n}\n\nfunction echo_and_log\n{\n echo $*\n log_it $*\n}\n\nfunction clean_up\n{\n echo_and_log \"Cleaning up temporary files\"\n [ -f $USERFILE ] && rm -f $USERFILE\n}\n\nfunction restart_on_error\n{\n echo_and_log \"Error: $*\"\n start_scalix\n clean_up\n exit 1\n}\n\nfunction exit_with_error\n{\n echo_and_log \"Error: $*\"\n clean_up\n exit 1\n}\n\nfunction start_scalix\n{\n log_it \"Starting Scalix services\"\n /etc/init.d/scalix start\n [ \"$?\" != \"0\" ] && exit_with_error \"Error restarting scalix services\"\n}\n\nfunction pre_check\n{\n # look for scalix directories\n for dir in $SCALIX_BIN $SCALIX_DIR\n do\n [ -d $dir ] || exit_with_error \"A required Scalix directory $dir doesn't exist.\"\n done\n\n # make sure that the $BACKUP_DIR structure exists, try to create it if not.\n for dir in $BACKUP_DIR $CONFIG_DIR $BACKUP_DIR/users $BACKUP_DIR/users/$MAILNODE\n do\n if [ ! -d $dir ]\n then\n log_it \"$dir doesn't exist: creating it\"\n mkdir -p $dir || exit_with_error \"Unable to create required directory $dir\"\n fi\n done\n\n # clear out user backup files\n rm -rf $BACKUP_DIR/users/$MAILNODE/*\n\n # clear out timestamp\n rm -f $BACKUP_DIR/created:*\n\n # make new timestamp\n touch $BACKUP_DIR/created:\\ $DATE\n}\n\nfunction dump_users\n{\n # index for processing block\n let i=1\n let index=1\n\n # Build userfile\n $SCALIX_BIN/omshowu -m $MAILNODE|cut -f1 -d'/' >$USERFILE\n [ \"$?\" != \"0\" ] && exit_with_error \"Unable to build userfile $USERFILE from mailnode $MAILNODE\"\n\n # Loop over userfile and create backups. Use 'while read' instead of 'for' because of spaces in names\n while read sc_username\n do\n # Create a version of the username without spaces and other crappy characters\n nospaces=`echo $sc_username|sed -e \"s/[ \\.;=*'?_!]//g\"`\n\n BACKUP_FILE=\"$BACKUP_DIR/users/$MAILNODE/${nospaces}-mbox.bz2\"\n BACKUP_LIST=\"$BACKUP_DIR/users/$MAILNODE/${nospaces}-list\"\n\n if [ $i -le $PROCESS_BLOCK_SIZE ]\n then\n echo \"Adding Process: Number $index of $PROCESS_BLOCK_SIZE -- User: $sc_username\"\n ## BACKGROUND PROCESS\n #$SCALIX_BIN/omcpoutu -n \"$sc_username/$MAILNODE\" -f - -F | bzip2 | cat > $BACKUP_FILE || echo_and_log \"Error: Unable to complete backup operation for $sc_username\" &\n $SCALIX_BIN/sxmboxexp --force -u \"$sc_username\" -l $BACKUP_LIST -a - | bzip2 | cat > $BACKUP_FILE || echo_and_log \"Error: Unable to complete backup operation for $sc_username\" &\n PIDs[$index]=$!\n let i+=1\n let index=$i\n else\n echo \"Process block is full.\"\n echo \"Waiting for first complete process...\"\n while [ $i -gt $PROCESS_BLOCK_SIZE ]\n do\n for p in `seq 1 $PROCESS_BLOCK_SIZE`\n do\n ps ${PIDs[$p]} > /dev/null\n if [ \"$?\" != \"0\" ]\n then\n echo_and_log \"Process number $p of $PROCESS_BLOCK_SIZE has completed. -- User: $sc_username\"\n unset PIDs[$p]\n let index=$p\n #echo \"Adding Process: Number $index of $PROCESS_BLOCK_SIZE -- User: $sc_username\"\n ## BACKGROUND PROCESS\n #$SCALIX_BIN/omcpoutu -n \"$sc_username/$MAILNODE\" -f - -F | bzip2 | cat > $BACKUP_FILE || echo_and_log \"Error: Unable to complete backup operation for $sc_username\" &\n $SCALIX_BIN/sxmboxexp -u \"$sc_username\" -l $BACKUP_LIST -a - | bzip2 | cat > $BACKUP_FILE || echo_and_log \"Error: Unable to complete backup operation for $sc_username\" &\n PIDs[$index]=$!\n break 2\n fi\n done\n done\n fi\n done < $USERFILE\n echo \"All processes have been added.\"\n echo \"Waiting for those still running...\"\n wait\n echo_and_log \"All users done!\"\n}\n\nfunction sync_files\n{\n echo_and_log \"Beginning rsync of $SCALIX_DIR to $BACKUP_DIR\"\n rsync -a -q --delete --link-dest=${LINK_DIR}/ $SCALIX_DIR $BACKUP_DIR/ >>$LOGFILE\n\n if [ \"$?\" != \"0\" ]\n then\n restart_on_error \"Rsync operation of $SCALIX_DIR to $BACKUP_DIR did not complete successfully\"\n else\n echo_and_log \"Completed rsync of $SCALIX_DIR to $BACKUP_DIR\"\n fi\n}\n\n# Mount and Dismount commands for all reasons are in the following functions\n# you can also mount windows-shares via smbclient e.g.\n# here: mount for writing during backup, and mount readonly afterwards\n\nmounting ()\n{\n precom=0\n mount -o remount,rw ${backuproot} || mountfail\n}\n\numounting ()\n{\n postcom=0\n mount -o remount,ro ${backuproot} || umountfail\n}\n\nmountfail ()\n{\n echo >&2 \"I can't mount filesystem ${backuproot}\"\n exit 1\n}\n\numountfail ()\n{\n echo >&2 \"I can't unmount filesystem ${backuproot}\"\n exit 1\n}\n\n# process command line arguments\n# -h : show help\n# -b <dir> : backup directory\n# -l <file> : log file\n# -u <userfile> : userfile\n# -m <mailnode> : main mailnode\n# -d <dir> : location of the scalix data dir\n# -s <dir> : location of the scalix bin dir\n# -r <Y|N> : rotate backups or not\n# -c <Y|N> : backup config files or not\n\nwhile getopts hb:l:u:m:s:r:c: opt\ndo\n case \"$opt\" in\n h) usage ;;\n b) BACKUP_DIR=$OPTARG ;;\n l) LOGFILE=$OPTARG ;;\n u) USERFILE=$OPTARG ;;\n m) MAILNODE=$OPTARG ;;\n d) SCALIX_DIR=$OPTARG ;;\n s) SCALIX_BIN=$OPTARG ;;\n r) ROTATE_BACKUP=$OPTARG ;;\n c) BACKUP_CONFIGURATION=$OPTARG ;;\n \\?) badInput ;;\n esac\ndone\n\n# validate that all required options are set\nfor x in \"$LOGFILE\" \"$ROOT_BACKUP_DIR\" \"$MAILNODE\" \"$SCALIX_DIR\" \"$SCALIX_BIN\" \"$USERFILE\" \"$ROTATE_BACKUP\" \"$BACKUP_CONFIGURATION\"\ndo\n if [ -z \"$x\" ]\n then\n echo \"A required parameter is missing, please check your command arguments.\"\n badInput\n fi\ndone\n\n# mounting $backuproot write enable\nmounting\n\n# rotate backups or not\nif [ \"$ROTATE_BACKUP\" = \"Y\" ]\n then\n DAYWEEK=`date +%A`\n DAYLINK=`date +%A -d '1 day ago'`\n BACKUP_DIR=$ROOT_BACKUP_DIR/$DAYWEEK\n LINK_DIR=$ROOT_BACKUP_DIR/$DAYLINK\n else\n BACKUP_DIR=$ROOT_BACKUP_DIR\nfi\n\nif [ \"$BACKUP_CONFIGURATION\" = \"Y\" ]\n then\n CONFIG_DIR=$BACKUP_DIR/configs\n else\n CONFIG_DIR=$BACKUP_DIR\nfi\n\n# initialize the logfile\n>$LOGFILE\n\n# call pre_check function to verify backup directory structure\npre_check\n\n# backup configuration directories or not\nif [ \"$BACKUP_CONFIGURATION\" = \"Y\" ]\n then\n # clear out old file first\n rm -f $CONFIG_DIR/* || echo \"No backup config file to delete.\"\n\n for dir in $CONF_MAIL $CONF_SYSCONFIG $CONF_HTTPD $CONF_AV $CONF_STUNNEL $CONF_RULESET $CONF_OTHER\n do\n # don't process if no value given\n if [ ! -z \"$dir\" ]\n then\n # directory must exist\n if [ ! -d $dir ]\n then\n echo_and_log \"Config dir $dir doesn't exist: aborting!\"\n else\n # tar 'em up!\n end=`expr match \"$dir\" '/.*/'`\n tar -cf $CONFIG_DIR/${dir:$end}.tar $dir 2>&1| grep -v \"^tar: Removing leading \"\n\n echo_and_log \"tared $dir to $CONFIG_DIR/${dir:$end}.tar\"\n fi\n fi\n done\nfi\n\n# call dump_users function to make backups of user mailboxes\ndump_users\n\n# stop scalix before doing the rsync\necho_and_log \"Stopping scalix services\"\n/etc/init.d/scalix stop\n[ \"$?\" != \"0\" ] && exit_with_error \"Unable to halt scalix services\"\n\n# call sync_files function to make a backup of the $SCALIX_DIR\nsync_files\n\n# restart scalix services\nstart_scalix\n\n# explicily call the clean_up function to erase leftover files\nclean_up\n\n# mounting $backuproot readonly\numounting\n\n# exit successfully\necho_and_log \"All operations complete\"\nexit 0\n</pre>"
}
]
}
}
}
}