Difference between revisions of "Backups (Wheezy)"

From Hexwiki
Jump to navigation Jump to search
(Created page with "Disk space is plentiful these days, there is no excuse not to have an extensive backup program. == rsyncd == If you have a master-slave configuration, connected over a secur...")
(No difference)

Revision as of 00:41, 14 May 2014

Disk space is plentiful these days, there is no excuse not to have an extensive backup program.

rsyncd

If you have a master-slave configuration, connected over a secure local network or a crossover cable, rsyncd can be a simpler solution than permitting rsync connections over ssh. In my paranoia, I prefer that it not have the slightest chance of writing to the master.

/etc/rsyncd.secrets

username1:pass1
username2:pass2

chmod 640 /etc/rsyncd.secrets

etc/default/rsync

RSYNC_ENABLE=true

/etc/rsyncd.conf

# Only two groups have access to /docs folders in my config - the user they run under and
# www-data. No reason to use the uid, though.
uid = nobody
gid = www-data
max connections = 3
socket options = SO_KEEPALIVE
# www-data has read-only access anyway, but just to be sure.
read only = true
# Bind to our eth1 local ip
address = 192.168.0.1
# Only let our friend in.
hosts allow = 192.168.0.2
hosts deny = *
list = true
use chroot = true
ignore nonreadable = true
secrets file = /etc/rsyncd.secrets
dont compress = png jpg gif zip 7z rar
# Make sure you make an entry for this in rsyslog.conf
# The log file is the only way you'll find out what is really going wrong.
syslog facility = local4

[module1]
  path = /home/site1/docs
  auth users = user1
 
[module2]
  path = /home/site2/docs
  auth users = user2

Remote User

For each module/site, I make a user on the slave server to handle the backups.

/home/bluehome/sync.sh

#!/bin/sh
# The .rpass file contains user1's password as specified on the main server's
# rsync.secrets file, and nothing else.
/usr/bin/rsync -a --password-file=/home/user1/.rpass user1@192.168.0.1::module1 /home/user1/docs

crontab -e

rsync is really fast. Running it every hour is possibly a bit slow. 

14  *   *   *   *    /home/user1/sync.sh
17  7   *   *   *    /home/user1/backup.sh

backup.sh

#!/bin/sh
# If you need it. This ends up creating daily backups, rotating over the course of a week.
stamp="$(date +%a)"
file="/storage/bhomeback/docs.$stamp.tar.bz2"
if [ -e "$file" ]
then
  /bin/rm $file
fi
/bin/tar -cjf $file /home/bluehome/docs 2>&1 /dev/null
/bin/chmod 0640 $file


Debian Wheezy
Initial: Designing a Server - IPMI Installation

Core: Network - OpenSSH - Packages - sysctl.conf - Iptables - Security - User Management

Stack: Unbound - MySQL - Nginx - PHP (5.4)

Mail

Mail Setup - Mail Tables - OpenDKIM - Mail and DNS - Spamassassin - ClamAV - Postfix - Dovecot - Reputation Management

Logs and Security: Logging - Logcheck - Backups - AppArmor
Retrieved from "http://hexwiki.com/w/index.php?title=Backups_(Wheezy)&oldid=253"