Download Latest Version
GetFirewallConfig-1.3.1.0.zip (518.6 kB)
Get an email when there's a new version of GetFirewallConfig
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README | 2023-06-23 | 3.9 kB | |
| GetFirewallConfig-1.1.2.1.zip | 2023-06-23 | 502.5 kB | |
| Totals: 2 Items | 506.4 kB | 0 | |
README
######
Support: th@thuit.ch
How to configure
-------------------------------------------------------------------------------------------------------------------------------------------------------
GetFirewallConfig.exe
-------------------------------------------------------------------------------------------------------------------------------------------------------
Task:
- Collects specific config-files of remote hosts by using sftp and stores all collected files in a local ConfigStore.
- Integrated houskeeping capabilities keep the local ConfigStore clean.
1. Configure remote hosts in Settings.conf
2. Format of Settings.conf
Separator: | (pipe)
Columns : Type|Hostname|IP-address|Port|Username|EncryptedPassword|RemoteFileName|ConfigStore|Compress|RemoveAfterDays
Values for pfse: pfse|my.fqdn.local|10.0.0.2|443|admin|rwJYAfIOJuvEfxvpIy74RkSLC2IGIhZCErrobQz/2v7u5hR4XnlIYjyoQcnPAMZn|/diag_backup.php|D:\Data\firewall-configs\ConfigStore|Compress|30
Values for sftp: sftp|my.fqdn.local|10.0.0.1|22|admin|rwJYAfIOJuvEfxvpIy74RkSLC2IGIhZCErrobQz/2v7u5hR4XnlIYjyoQcnPAMZn|/cf/conf/config.xml|D:\Data\firewall-configs\ConfigStore|Compress|30
3. Explanation:
Type : Valid type of backup, possible values: pfse - for pfSense specific backups (incl. RRD graphs, package-configuration, SSH-keys) via https-request, use /diag_backup.php in column RemoteFileName.
sshd - for sftp transfer of a config-file, filename reqires to be specified in column RemoteFileName.
Hostname : Individual string, used to identify the device in ConfigStore (fqdn, ip-address, hostname, serial no, etc..).
IP-address : Valid ip4 address, used to connect to the device by using sftp.
Port : Valid tcp port address, used to connect to the device by using sftp or by using https.
Username : Valid username, used to connect to the device by using sftp of by using https.
EncryptedPassword : Valid encrypted password, used to connect to the device by using sftp or by using https.
RemoteFileName : Valid remote path to config-file or https-post target, in case of Type sftp used to identify the config to back up, in case of Type pfse used to specify https-target, for example /diag_backup.php.
ConfigStore : Valid local path to ConfigStore, used to store the remote config-file locally (Format: $hostname\yyyymmdd_$hostname.xml)
Compress : Valid string, possible values: Compress - this will create a zip file of the downloaded config and will remove the downloaded config afterwards.
Raw - this will keep the downloaded config as it was downloaded.
RemoveAfterDays : Valid period of days, used to keep the ConfigStore clean. Files older then n days will be removed from ConfigStore.
4. Create EncryptedPasswords to be used with Settings.conf by using EncryptPassword.exe
-------------------------------------------------------------------------------------------------------------------------------------------------------
EncryptPassword.exe
-------------------------------------------------------------------------------------------------------------------------------------------------------
Tasks:
- Create encrypted strings of passwords be used with Settings.conf of GetFirewallConfig.exe.
1. Execute via cmd: EncryptPassword.exe -password:"<my_string_to_encrypt>"
2. Output:
- Cleartext: SwLTC6Sp5gM1ivhzfwHjSKdc5
- Encrypted: PaumquLTwLoHoFsOLaf0yQUNMau+GjC8/kGXoB3lcltsDHcb97k3j5cbRqy7jEZvlBjet5jIEY4vN0Om/5QC7g==
3. Add the value after - Encrypted: to the column EncryptedPassword of Settings.conf
