Backups (Wheezy)

From Hexwiki
Revision as of 00:41, 14 May 2014 by Vekseid (talk | contribs) (Created page with "Disk space is plentiful these days, there is no excuse not to have an extensive backup program. == rsyncd == If you have a master-slave configuration, connected over a secur...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Disk space is plentiful these days, there is no excuse not to have an extensive backup program.

rsyncd

If you have a master-slave configuration, connected over a secure local network or a crossover cable, rsyncd can be a simpler solution than permitting rsync connections over ssh. In my paranoia, I prefer that it not have the slightest chance of writing to the master.

/etc/rsyncd.secrets

username1:pass1
username2:pass2

chmod 640 /etc/rsyncd.secrets

etc/default/rsync

RSYNC_ENABLE=true

/etc/rsyncd.conf

# Only two groups have access to /docs folders in my config - the user they run under and
# www-data. No reason to use the uid, though.
uid = nobody
gid = www-data
max connections = 3
socket options = SO_KEEPALIVE
# www-data has read-only access anyway, but just to be sure.
read only = true
# Bind to our eth1 local ip
address = 192.168.0.1
# Only let our friend in.
hosts allow = 192.168.0.2
hosts deny = *
list = true
use chroot = true
ignore nonreadable = true
secrets file = /etc/rsyncd.secrets
dont compress = png jpg gif zip 7z rar
# Make sure you make an entry for this in rsyslog.conf
# The log file is the only way you'll find out what is really going wrong.
syslog facility = local4

[module1]
  path = /home/site1/docs
  auth users = user1
 
[module2]
  path = /home/site2/docs
  auth users = user2

Remote User

For each module/site, I make a user on the slave server to handle the backups.

/home/bluehome/sync.sh

#!/bin/sh
# The .rpass file contains user1's password as specified on the main server's
# rsync.secrets file, and nothing else.
/usr/bin/rsync -a --password-file=/home/user1/.rpass user1@192.168.0.1::module1 /home/user1/docs

crontab -e

rsync is really fast. Running it every hour is possibly a bit slow. 

14  *   *   *   *    /home/user1/sync.sh
17  7   *   *   *    /home/user1/backup.sh

backup.sh

#!/bin/sh
# If you need it. This ends up creating daily backups, rotating over the course of a week.
stamp="$(date +%a)"
file="/storage/bhomeback/docs.$stamp.tar.bz2"
if [ -e "$file" ]
then
  /bin/rm $file
fi
/bin/tar -cjf $file /home/bluehome/docs 2>&1 /dev/null
/bin/chmod 0640 $file


Debian Wheezy
Initial: Designing a Server - IPMI Installation

Core: Network - OpenSSH - Packages - sysctl.conf - Iptables - Security - User Management

Stack: Unbound - MySQL - Nginx - PHP (5.4)

Mail

Mail Setup - Mail Tables - OpenDKIM - Mail and DNS - Spamassassin - ClamAV - Postfix - Dovecot - Reputation Management

Logs and Security: Logging - Logcheck - Backups - AppArmor
Retrieved from "http://hexwiki.com/w/index.php?title=Backups_(Wheezy)&oldid=253"