1f68ea1058
- Fix CRITICAL: safe config parser replacing shell source, sshpass -e, CSRF with /dev/urandom, symlink-safe file I/O - Fix HIGH: input validation for timestamps/accounts, path traversal prevention in Runner.pm, AJAX CSRF on all endpoints - Fix MEDIUM: umask 077, chmod 700 on config dirs, Config.pm TOCTOU lock, rsync exit code capture bug, RSYNC_EXTRA_OPTS character validation - ShellCheck: fix word-splitting in notify.sh, safe rm in pkgacct.sh, suppress cross-file SC2034 false positives - Perl::Critic: return undef→bare return, return (sort), unpack @_, explicit return on void subs, rename Config::write→save - Remove dead code: enforce_retention_all(), rsync_dry_run() - Add require_cmd checks for rsync/ssh/hostname/gzip at startup - Escape $hint/$tip in CGI helper functions for defense-in-depth - Expand tests from 17→40: validate_timestamp, validate_account_name, _safe_source_config (including malicious input), numeric validation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
40 lines
2.6 KiB
Plaintext
40 lines
2.6 KiB
Plaintext
# gniza configuration
|
|
# Copy to /etc/gniza/gniza.conf and edit
|
|
#
|
|
# Remote destinations: /etc/gniza/remotes.d/<name>.conf
|
|
# Backup schedules: /etc/gniza/schedules.d/<name>.conf
|
|
|
|
# ── Local Settings ─────────────────────────────────────────────
|
|
TEMP_DIR="/usr/local/gniza/workdir" # Working directory for pkgacct output
|
|
|
|
# ── Account Filtering ──────────────────────────────────────────
|
|
INCLUDE_ACCOUNTS="" # Comma-separated list, empty = all accounts
|
|
EXCLUDE_ACCOUNTS="nobody" # Comma-separated list of accounts to exclude
|
|
|
|
# ── Logging ────────────────────────────────────────────────────
|
|
LOG_DIR="/var/log/gniza" # Log directory
|
|
LOG_LEVEL="info" # debug, info, warn, error
|
|
LOG_RETAIN=90 # Days to keep log files
|
|
|
|
# ── Notifications ──────────────────────────────────────────────
|
|
NOTIFY_EMAIL="" # Comma-separated email addresses (empty = disabled)
|
|
NOTIFY_ON="failure" # always, failure, never
|
|
|
|
# ── SMTP Settings (optional) ─────────────────────────────────
|
|
SMTP_HOST="" # SMTP server hostname (empty = use system mail)
|
|
SMTP_PORT=587 # SMTP port (587=TLS/STARTTLS, 465=SSL, 25=none)
|
|
SMTP_USER="" # SMTP username
|
|
SMTP_PASSWORD="" # SMTP password
|
|
SMTP_FROM="" # From address (falls back to SMTP_USER)
|
|
SMTP_SECURITY="tls" # tls (STARTTLS), ssl (implicit), none
|
|
|
|
# ── Advanced ───────────────────────────────────────────────────
|
|
LOCK_FILE="/var/run/gniza.lock"
|
|
SSH_TIMEOUT=30 # SSH connection timeout in seconds
|
|
SSH_RETRIES=3 # Number of rsync retry attempts
|
|
RSYNC_EXTRA_OPTS="" # Extra options to pass to rsync
|
|
|
|
# ── User Restore (cPanel Plugin) ─────────────────────────────
|
|
USER_RESTORE_REMOTES="all" # Remotes available for cPanel user self-service restore
|
|
# "all" = all remotes, comma-separated names, empty = disabled
|