Expat-IT Tech Bits

Home

Contact

Links

Search this site:

Categories:

/ (287)
  Admin/ (122)
    Apache/ (10)
      HTTPS-SSL/ (4)
      PHP/ (3)
      performance/ (2)
    Cherokee/ (1)
    LAN/ (4)
    LVM/ (6)
    Monitoring/ (2)
      munin/ (2)
    SSH/ (6)
    SSL/ (1)
    Samba/ (1)
    VPN-options/ (6)
      OpenVPN/ (1)
      SSH-Proxy/ (3)
      Tinc/ (1)
      sshuttle/ (1)
    backups/ (17)
      SpiderOak/ (1)
      backuppc/ (5)
      dirvish/ (1)
      misc/ (6)
      rdiff-backup/ (1)
      rsync/ (1)
      unison/ (2)
    commandLine/ (24)
      files/ (8)
      misc/ (10)
      network/ (6)
    crontab/ (1)
    databases/ (15)
      MSSQL/ (2)
      MySQL/ (8)
      Oracle/ (3)
      PostgreSQL/ (1)
    dynamicDNS/ (2)
    email/ (11)
      Dovecot/ (1)
      deliverability/ (1)
      misc/ (1)
      postfix/ (7)
      puppet/ (1)
    iptables/ (3)
    tripwire/ (1)
    virtualization/ (9)
      VMware/ (1)
      virtualBox/ (8)
  Coding/ (14)
    bash/ (1)
    gdb/ (1)
    git/ (3)
    php/ (5)
    python/ (4)
      Django/ (2)
  Education/ (1)
  Hosting/ (27)
    Amazon/ (18)
      EBS/ (3)
      EC2/ (10)
      S3/ (1)
      commandline/ (4)
    Godaddy/ (2)
    NearlyFreeSpeech/ (3)
    Rackspace/ (1)
    vpslink/ (3)
  Linux/ (30)
    Android/ (1)
    Awesome/ (3)
    CPUfreq/ (1)
    China/ (2)
    Debian/ (8)
      APT/ (3)
      WPA/ (1)
    audio/ (1)
    encryption/ (3)
    fonts/ (1)
    misc/ (6)
    remoteDesktop/ (1)
    router-bridge/ (3)
  SW/ (45)
    Micro$soft/ (1)
    browser/ (2)
      Chrome/ (1)
      Firefox/ (1)
    business/ (28)
      Drupal/ (9)
      KnowledgeTree/ (6)
      Redmine/ (2)
      SugarCRM/ (7)
      WebERP/ (2)
      WordPress/ (1)
      eGroupware/ (1)
    chat/ (1)
    email/ (1)
    fileSharing/ (2)
      btsync/ (1)
      mldonkey/ (1)
    graphics/ (2)
    research/ (2)
    website/ (6)
      blog/ (6)
        blosxom/ (3)
        rss2email/ (1)
        webgen/ (1)
  Security/ (15)
    IMchat/ (2)
    circumvention/ (2)
    cryptoCurrency/ (1)
    e-mail/ (4)
    greatFirewall/ (1)
    hacking/ (1)
    password/ (1)
    privacy/ (2)
    skype/ (1)
  Services/ (1)
    fileSharing/ (1)
  TechWriting/ (1)
  xHW/ (14)
    Lenovo/ (1)
    Motorola_A1200/ (2)
    Thinkpad_600e/ (1)
    Thinkpad_a21m/ (3)
    Thinkpad_i1300/ (1)
    Thinkpad_x24/ (1)
    USB_audio/ (1)
    scanner/ (1)
    wirelessCards/ (2)
  xLife/ (17)
    China/ (9)
      Beijing/ (5)
        OpenSource/ (3)
    Expatriation/ (1)
    Vietnam/ (7)

Archives:

  • 2016/07
  • 2016/05
  • 2016/02
  • 2016/01
  • 2015/12
  • 2015/11
  • 2015/06
  • 2015/01
  • 2014/12
  • 2014/11
  • 2014/10
  • 2014/09
  • 2014/07
  • 2014/04
  • 2014/02
  • 2014/01
  • 2013/12
  • 2013/10
  • 2013/08
  • 2013/07
  • 2013/06
  • 2013/05
  • 2013/04
  • 2013/02
  • 2013/01
  • 2012/12
  • 2012/10
  • 2012/09
  • 2012/08
  • 2012/07
  • 2012/06
  • 2012/05
  • 2012/04
  • 2012/03
  • 2012/01
  • 2011/12
  • 2011/11
  • 2011/10
  • 2011/09
  • 2011/08
  • 2011/07
  • 2011/06
  • 2011/05
  • 2011/04
  • 2011/02
  • 2010/12
  • 2010/11
  • 2010/10
  • 2010/09
  • 2010/08
  • 2010/07
  • 2010/06
  • 2010/05
  • 2010/04
  • 2010/03
  • 2010/02
  • 2010/01
  • 2009/12
  • 2009/11
  • 2009/10
  • 2009/09
  • 2009/08
  • 2009/07
  • 2009/06
  • 2009/05
  • 2009/04
  • 2009/03
  • 2009/02
  • 2009/01
  • 2008/12
  • 2008/11
  • 2008/10
  • 2008/09
  • Subscribe XML RSS Feed

    Creative Commons License
    This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
    PyBlosxom

    This site has no ads. To help with hosting, crypto donations are accepted:
    Bitcoin: 1JErV8ga9UY7wE8Bbf1KYsA5bkdh8n1Bxc
    Zcash: zcLYqtXYFEWHFtEfM6wg5eCV8frxWtZYkT8WyxvevzNC6SBgmqPS3tkg6nBarmzRzWYAurgs4ThkpkD5QgiSwxqoB7xrCxs

    Thu, 27 May 2010


    /Admin/backups/backuppc: Using rysnc-over-SSH and BackupPC

    The goal here, of course, is to protect your login credentials and the data transferred for backup with encryption. The downside, however, is that you must give your backup server the right to SSH into the client being backed up without a password (configured thusly[1]). One must carefully consider the actual security of the backup server, and whether the degraded security of the client being backed-up is acceptable.

    Assuming passwordless authentication has been configured, test that everything is setup on both ends to do rysnc-over-SSH by running this command on the backup server:

    rsync -avz -e ssh username@client-domain.com:/path/to/testdirectory testing/
    The contents of testdirectory on the client should be copied to testing on the server. Note that one of the advantages of rysnc-over-SSH is that there *is* no other client-side configuration, other then making sure that SSH and rsync are working on that end, and installing the public key of the backup server to enable passwordless authentication.

    If that worked, go ahead and configure BackupPC. First create your /etc/backuppc/client.pl file (borrowed from [2]):

    $Conf{XferMethod} = 'rsync'; $Conf{RsyncClientPath} = '/usr/bin/rsync'; $Conf{RsyncClientCmd} = '$sshPath -q -x -l root $hostIP $rsyncPath $argList+'; $Conf{RsyncClientRestoreCmd} = '$sshPath -q -x -l root $hostIP $rsyncPath $argList+'; $Conf{RsyncShareName} = ['/etc', '/home', '/var/www'];
    Assuming your client has been added to /etc/hosts as "clienthost", one now just needs to add clienthost to /etc/backuppc/hosts thusly:
    clienthost 0 backuppc
    and restart backuppc. Now "client" should show up in BackupPC's list, and you can start the first backup.

    Should the client be using a non-standard SSH port, the easiest solution is to use an SSH alias. I have this working with the following:

    $ cat .ssh/config
    Host olmserver
    Hostname olmserver
    Port 123
    $ cat /etc/hosts | grep olmserver
    102.111.120.117 olmserver
    $ cat /etc/backuppc/hosts | grep olmserver
    olmserver 0 backuppc
    Note that there is no need to change the backuppc configuration for this to work, or in fact even to change the port of the client SSH server. All of the SSH port configuration is handled by the SSH configuration.

    [1] http://blog.langex.net/index.cgi/Admin/SSH-SSL/passwordless-ssh-authentication.html
    [2] http://www.howtoforge.com/linux_backuppc_p3

    posted at: 06:37 | path: /Admin/backups/backuppc | permanent link to this entry

    Sat, 20 Mar 2010


    /Admin/backups/backuppc: Localhost Backup Broken on Ubuntu Desktop Backuppc

    This post[1] was helpful, but not quite enough, to get backuppc working on localhost. (Note that this works out of the box on any Debian install I have ever tried....)

    Below is my /etc/backuppc/localhost.pl to get backup of /etc on localhost working on a Karmic Ubuntu Desktop machine:

    $Conf{XferMethod} = 'tar'; $Conf{TarShareName} = ['/etc']; # with some help from https://help.ubuntu.com/community/BackupPC $Conf{TarClientCmd} = '/usr/bin/env LC_ALL=C sudo $tarPath -c -v -f - -C $shareName' . ' --totals'; $Conf{TarClientRestoreCmd} = '/usr/bin/env LC_ALL=C sudo $tarPath -x -p --numeric-owner --same-owner' . ' -v -f - -C $shareName+'; # remove extra shell escapes ($fileList+ etc.) that are # needed for remote backups but may break local ones $Conf{TarFullArgs} = '$fileList'; $Conf{TarIncrArgs} = '--newer=$incrDate $fileList';

    Basically I took the existing TarClientCmd and TarClientRestoreCmd settings and prefixed them with "sudo". And added:

    backuppc ALL=NOPASSWD: ALL

    to the bottom after invoking "visudo".

    [1] https://help.ubuntu.com/community/BackupPC

    posted at: 01:38 | path: /Admin/backups/backuppc | permanent link to this entry

    Mon, 08 Jun 2009


    /Admin/backups/backuppc: Backuppc Server

    I have chosen backuppc[1] as my backup server software. It is powerful, flexible, has a web-based GUI, and yes, it does take a little bit of study to get it working. And documentation seems to be missing our favorite section: the "Quick Start". I will try to provide enough of a tutorial for a "Quick Start" here. Note that a more verbose tutorial exists here www.debianhelp.co.uk/backuppc.htm.

    First, when you install backuppc, make sure that you also install libfile-rsyncp-perl. On my Debian box, this lib is "suggested" so it does not get installed automatically. You probably need to note your GUI login id (backuppc?) and password generated during the install. And another item that may also be Debian-specific is that it installs by default already setup to backup your localhost /etc directory.

    Once installed, if you are sitting at the machine to which backuppc has been installed, point your web browser to localhost/backuppc/ then enter the userid and password noted above at the prompt. Choose "localhost" from the host drop down menu, then click the "Start Full Backup". A couple minutes later your /etc should be backed up. Then click the "Browse Backups" link on the upper left. That should give a general idea of useage.

    You can modify your backuppc password by running the following command: "htpasswd /etc/backuppc/htpasswd backuppc"

    To setup backup for another machine, you need to go to /etc/backuppc/. The main config file is config.pl, which I am trying really hard not to change so as to preserve default behavior through future upgrades. That may not work for you if you have a lot of machines to backup and want to do a lot of customization.

    To add another backup machine, first create a name.pl file, where "name" is the name of the machine in your /etc/hosts file. Sample content to use rsyncd to backup /etc/ and /home on the remote machine might be the following:

    $Conf{XferMethod} = 'rsyncd';
    $Conf{RsyncdUserName} = 'userid';
    $Conf{RsyncdPasswd} = 'password';
    $Conf{RsyncShareName} = ['etc', 'home'];
    Note that you might want to add something like
    $Conf{BackupFilesExclude} = ['/sys', '/proc', '/dev', '/cdrom', '/media', '/floppy', '/mnt', '/var/lib/backuppc', '/lost+found'];

    to the above config if you are backing up the root partition of an entire Linux system, for instance.

    Then edit /etc/backuppc/hosts to contain the following two lines:

    localhost 0 backuppc
    nameOfMachineToBeBackedUp 0 backuppc
    where "nameOfMachineToBeBackedUp" is the same as "name" from name.pl.

    [1] http://backuppc.sourceforge.net/

    posted at: 04:48 | path: /Admin/backups/backuppc | permanent link to this entry

    Sat, 04 Oct 2008


    /Admin/backups/backuppc: Prepping an Offsite Backup

    Backuppc has a builtin method (called "archiving") for generating a set of files from the backup archive that are CD/DVD burn-ready. I do something different.

    In the Backuppc GUI, to extract a directory from the backup archive in the form of a tar file, click on "Browse backups", select a directory, then click on "Restore selected files". On the next page select "Download tar archive". Do this for each directory you want to move offsite, naming the saved gtar files appropriately.

    Rename one of the files to "backup.gtar", then merge each of the other archives into backup.gtar with the command:

    tar -Af backup.gtar www.gtar
    If you then do a
    tar -tvf backup.gtar | less
    you will see that all of your directories from the original tar files are now in the same compressed gtar file.

    Now encrypt the file:

    gpg -c backup.gtar (you will be prompted for a password)
    To decrypt at a later date:
    gpg backup.gtar.gpg
    and then extract the contents of the resulting backup.gtar with
    tar -xvf backup.gtar

    posted at: 05:59 | path: /Admin/backups/backuppc | permanent link to this entry


    /Admin/backups/backuppc: rysncd on the client to be backed up

    Note that unlike rsync over ssh, transfers using rsyncd are not encrypted, so rsyncd use is recommended only within a secure local network.

    On the machine to be backed up, install rysnc and open the rsync port (873) in your firewall.

    Create a /etc/rsyncd.secrets file with the following content:

    yourUserid:yourPassword
    Edit /etc/default/rsync to contain the following:
    RSYNC_ENABLE=true
    RSYNC_NICE='10'

    (A higher value of RSYNC_NICE reduces the priority of rsync activities if this machine is being used for other things, which is highly probable.)

    Create an /etc/rsyncd.conf file with the following content:

        pid file=/var/run/rsyncd.pid
        transfer logging = no
        timeout = 600
        refuse options = checksum dry-run
        dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
        use chroot = yes
        lock file = /var/lock/rsyncd
        read only = yes
        list = yes
    
        [etc]
    
            comment = /etc directory
            path = /etc
            uid = root
            gid = root
            auth users = yourUserid
            secrets file = /etc/rsyncd.secrets
            strict modes = yes
            ignore errors = no
            ignore nonreadable = yes
    
        [home]
    
            comment = /home directory
            path = /home
            uid = root
            gid = root
            auth users = yourUserid
            secrets file = /etc/rsyncd.secrets
            strict modes = yes
            ignore errors = no
            ignore nonreadable = yes
    

    posted at: 05:53 | path: /Admin/backups/backuppc | permanent link to this entry