Openwrt /etc/rc.button/reset 保存配置安全脚本

写一个/etc/rc.button/reset脚本来对安全,状态还有配置改变的反馈做相应的处理

远程操作按下reset按键,并存储配置,脚本文件:

#!/bin/sh

PATH="$PATH:/usr/local/sbin/:/usr/local/bin/"

# Only run on button release.
[[ "${ACTION}" = "released" ]] || exit 0

# logger "$BUTTON pressed for $SEEN seconds"
# env >> /tmp/reset-button

if [[ "$SEEN" -le 1 ]] ; then
    MESSAGE="RESET BUTTON: Retain current overlay, restore safebackup, and reboot"
    echo "$MESSAGE" > /dev/console
    logger "$MESSAGE"
    safebackup restore && reboot &
elif [[ "$SEEN" -ge 3 -a "$SEEN" -le 5 ]] ; then
    MESSAGE="RESET BUTTON: Wipe overlay, restore safebackup, and reboot"
    echo "$MESSAGE" > /dev/console
    logger "$MESSAGE"
    safebackup fullrestore
elif [[ "$SEEN" -ge 9 -a "$SEEN" -le 12 ]] ; then
    MESSAGE="RESET BUTTON: Wipe overlay (factory reset) and reboot"
    echo "$MESSAGE" > /dev/console
    logger "$MESSAGE"
    jffs2reset -y && reboot &
else
    MESSAGE="RESET BUTTON: Error. Pressed for $SEEN seconds. Do nothing."
    echo "$MESSAGE" > /dev/console
    logger "$MESSAGE"
fi

另一个安全备份脚本:

#!/bin/sh
# This script was written to run under the busybox ash shell.
#
# Save and restore a safe configuration backup state for the host.

export BAKDIR="/safebackups"
export SAVEFILE="/safebackups/safebackup-$(hostname)-$(date +%Y%m%d%H%M%S)-$$.tar.gz"
export RESTOREFILE=$(find /safebackups/ -maxdepth 1 -mindepth 1 -type f -name ‘safebackup-*.tar.gz‘ | head -n 1 2> /dev/null)
export SYSUPGRADE_CONF_TAR="/tmp/sysupgrade.tgz"

PIDFILE="/tmp/$(basename $0.pid)"
MYNAME=$(basename $0)

#--

echoerr() {
    # Print errors to stderr.
    echo "[email protected]" 1>&2;
}

f_validate_restore() {
    # Validate before a restoration.
    # If there is no restore file, there is nothing we can do.
    if ! [[ -f "$RESTOREFILE" ]] ; then
        echoerr ""
        echoerr "ERROR: No restore file could be found."
        echoerr ""
        exit 1
    fi
}

f_save() {
    # Save a backup.
    echo ""
    # Make sure the BAKDIR exists. If not, create it.
    if ! [[ -d "$BAKDIR" ]] ; then
        echo "$BAKDIR does not exist, so creating it."
        mkdir "$BAKDIR"
        chmod o-rwx "$BAKDIR"
    fi
    # Remove old backups prior to the new save. We only keep one backup at a time.
    echo -n "Removing old backups..."
    rm -rf /safebackups/safebackup-*.tar.gz
    echo " Done"
    # Save the new backup.
    sysupgrade -b "$SAVEFILE"
    echo "sysupgrade backup saved to $SAVEFILE"
    echo ""
}

f_restore() {
    # Restore the backup.
    f_validate_restore
    echo ""
    echo "Restoring sysupgrade backup from file: $RESTOREFILE"
    sysupgrade -r "$RESTOREFILE"
    echo " Done"
    echo ""
}

f_fullrestore() {
    # Wipe the overlay flash, and restore from backup.
    # This is a complicated and dangerous process. This is mostly based on what the sysupgrade script does.
    # FIXME: ext-root problems? Reference notes.
    f_validate_restore
    echo ""
    echo "Wiping overlay and restoring sysupgrade backup from file: $RESTOREFILE"
    echoerr "WARNING: Network access will be lost during this process and the host will be rebooted."
    echo ""
    # Copy the safe backup to /tmp
    cp "$RESTOREFILE" "$SYSUPGRADE_CONF_TAR" || { echoerr "ERROR: Unable cp restore file to /tmp" ; exit 1 ; }
    #
    # Source required functions.
    source /lib/functions.sh
    for EACH in /lib/upgrade/*.sh ; do source "$EACH" ; done
    #
    # run_hooks will disable the process watchdog and do other important tasks.
    run_hooks "" $sysupgrade_pre_upgrade
    #
    # No idea what this does, and may not be needed at all.
    ubus call system upgrade
    #
    # Kill off all non-critical processes.
    kill_remaining TERM ; sleep 3 ; kill_remaining KILL
    #
    # This is the important part. This runs the ramfs, pivots root, erases the overlay, and restores the config backup.
    # WARNING: Remember that when we do run_ramfs, we lose access to the old filesystem, possibly functions, envrionment, etc.
    run_ramfs ‘mtd -e rootfs_data jffs2write $SYSUPGRADE_CONF_TAR rootfs_data ; reboot -f‘
    #
    # Nothing from here on our matters. We‘ve already rebooted.
    # SYSUPGRADE_CONF_TAR is restored on reboot by /lib/preinit/80_mount_root and erased by /etc/init.d/done
    #
    echo " Done"
    echo ""
}
#--

case "$1" in
    save )
        f_save
    ;;
    restore )
        f_restore
    ;;
    fullrestore )
        f_fullrestore
    ;;
    *)
        echo ""
        echo "Usage: $MYNAME save|restore|fullrestore"
        echo "  WARNING: fullrestore implies a overlay wipe and reboot"
        echo ""
        exit 1
    ;;
esac

在做reset复位之前,先要进行安全备份,没有备份,就不会进行复位:

button按下0-1秒,保存配置并重启,overlay没有擦除

button按下3-5秒,overly被擦除,存储配置,重启

button按下9-12秒,进行出厂复位,overlay配擦除,没有配置存储

warning: 该脚本不是Openwrt通用脚本,仅作参考,需要根据不用的路由器做出对应修改

时间: 2024-10-09 22:35:28

Openwrt /etc/rc.button/reset 保存配置安全脚本的相关文章

OpenWrt 系统定制WR841N Reset Button不工作

前言: 移植AR9341到开发板上,64M RAM, 8M ROM, 工作内容就是系统能跑起来,最好无线性能好,但是这个真的不是我的目前能搞定的. 开始: 从openwrt trunk上下载最新正在开发的trunk,但是编译还是遇到问题(之前编译的mt7620n),改编AR9341后编译出来的结果并不理想.有很多WR841N的版本 1, 1.1,3,5,7 唯独没有我想要的v8.无奈之下只好求救于各种论坛,讨论群,可是仍然没有发现.最后是在openwrt 的主页上找到了wiki.openwrt.

[Openwrt 项目开发笔记]:MySQL配置(六)

在本人的项目中,运行在路由器上的服务器采用Nginx+MySQL+PHP 架构.通常较为常见的web框架为Lamp(Linux+Apache+Mysql+PHP),为何我们选择LNMP呢?我将在后续的几篇文章中给出答案. 首先我们来介绍如何在Openwrt上搭建MySQL数据库. 参考文章:(http://blog.csdn.net/yufei_email/article/details/21845935) 一.安装MySQL数据库(在backfire10.3版本中,package已经包含mys

Cisco 2960保存配置到本地,其他思科路由和交换系列同样适用

还是一台Cisco 2960坏了,但是没有管理人员,也没有之前配置,虽然2960很简单,但是连VLAN什么的信息都没有怎么搞啊,于是挨个询问大致了解VLAN的划分后,配了上去,客户也没反应什么问题,应该是没配错了,但是为了下次麻烦给客户做了个备份. 虽然是2960,但是在3560.3700.4500.6500.1800.2800.3800等系列我都试过,同等适用. (1)你本机要接到交换机,记得交换机配置管理IP地址:192.168.117.11: (2)要是直连交换机的话,本机和交换机必须在同

Putty 工具 保存配置的 小技巧

用Putty 已经很长时间了,但一直被一个问题困扰,有时候是懒得去弄,反正也不怎么碍事,今天小研究了下,把这个问题解决了,心里也舒服了. Putty是一个免费小巧的Win32平台下的telnet,rlogin和ssh客户端. 它的主程序不到1M, 是完全免费的telnet和ssh客户端工具. 而且无需安装,下载后在桌面建个快捷方式就行 . Putty官网的下载地址: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html 主

WEB-IOU中,由于NVRAM问题导致设备无法保存配置的问题

在使用WEB-IOU进行试验的时候,偶然发现一个试验拓扑中,20台左右的设备,有6台设备无法保存配置,保存的时候还出现报错,报错内容如下: *Jun 30 05:49:50.842: %SYS-2-NV_BAD_PTR: Bad NVRAM pointer. NV Header values are, nv: 0x0x10FAD788 .textbase: 0x0xAB736714 .textsize: 2542 .magic: 0xABCD .checksum: 0xA495 .system_

[转载]请教各位高手光盘版或者U盘版的BT保存配置的问题

这样安装的bt4默认是不能保存配置的,每次你更改了设置,下次重启又没有了.在网上下载一个叫做"saveFile.rar"的压缩包,大小40K左右,这个是bt4能够保存配置关键,当然还有其他的办法,只不过这个最简单.解压那个压缩包之后,里面有对应的大小,选一个合适的大小,用来做为bt4保存配置的空间,我是8G的U盘,选了个2G的,再解压.这里注意,网上很多地方说只要把第一次解压出来的文件,选个合适的大小,改名为"casper-rw",拷贝到U盘根目录下就可以了,其实是

centos7下/etc/rc.local文件里配置的开机启动项不执行的解决办法

习惯于在/etc/rc.local文件里配置我们需要开机启动的服务,这个在centos6系统下是正常生效的.但是到了centos7系统下,发现/etc/rc.local文件里的开机启动项不执行了!仔细研究/etc/rc.local文件内容,发现问题如下: [[email protected] ~]# cat /etc/rc.local #!/bin/bash # THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES # # It is highly advi

egrep、bash环境配置及脚本、vim编辑器

egrep及扩展的正则表达式 egrep = grep -E egrep [options] pattern [file..] 扩展正则表达式的元字符字符匹配.:匹配任意单个字符[[email protected] ~]# grep -E . /tmp/123ABC123boy []:匹配指定范围内的单个字符[[email protected] ~]# grep -E [abc] /tmp/123boyabc [^]:匹配指定范围外的单个字符[[email protected] ~]# grep

PHP_环境配置_python脚本_2017

Apache配置 需要安装:VC2015 httpd-2.4.16-win32-VC14.zip VC14就是2015的环境. 又比如:php-5.6.12-Win32-VC11-x86 VC11就是2012的环境. 如果没有安装对应的环境,在配置php + apache时,提示内容会很奇怪. 可能会提示"提示NET HELPMSG 3547"在 语句填写正确的情况下,VC环境也是造成其原因之一,切记. 将Apache解压到C:\www\Apache24\,进入C:\www\Apach