[BackupPC-users] [OT] SELinux, firewalls and such ...
Hi, Les Mikesell wrote on 2009-06-26 13:05:51 -0500 [Re: [BackupPC-users] Having Several Issues]: > Admiral Beotch wrote: > > [...] SELinux is an awesome security framework and should never be > > disabled. It's like a firewall for processes. One wouldn't disable a > > firewall because it kept an required application from working, you'd > > figure out how to unblock the traffic. yes, but do you have a firewall enabled on all hosts in your intranet, or rather only where it makes sense (like on hosts facing the internet)? I like your analogy, because it points out the complexity as well as the advantages. You don't put a firewall where it's not needed, though you *could* work out how to run NFS through a local firewall on a workstation, for example. Furthermore, a firewall on a non-routing machine is just an additional layer of protection against misconfiguration. A host running no services (read: no open ports) gains nothing from blocking incoming traffic. You can block outgoing traffic only as far as it is distinguishable from something you legitimately need (meaning you probably wouldn't block HTTP, so malicious programs would have that loophole, too). You can extend this notion to a complete intranet: if every machine is set up in a secure way, the firewall offers no additional protection. Since that is very hard or impossible to guarantee, you put a firewall between your intranet and the internet. *But:* you should never forget that a firewall is not magic. If you allow access to a vulnerable application through a firewall, the application will be no less vulnerable. If you forget that, the firewall is actually *doing harm* by giving you a false sense of security. > > The same should go for SELinux. Thank you for supplying me with this quote :-). > > If a service or account > > gets compromised or abused, SELinux will keep it sandboxed so it can't > > affect other parts of the system. > > And my stance is the opposite. The standard unix security model wasn't > broken to begin with. This I agree with. > SELinux adds another layer that is only necessary > if you got something wrong in the first place. I'm not sure I fully agree with that. I'm not very familiar with SELinux, but I have put quite some work into setting up Grsecurity on some hosts (quite a while back, but I'll need to revisit that soon). I believe SELinux may in fact give you some possibilities the standard UNIX security model doesn't, so it may be possible to narrow down permissions further than you otherwise could. And this may be necessary due to processes behaving in a different manner than they were supposed to - due to bugs or design flaws. It's not a bad idea to protect against any arbitrary bug by giving your process the least priviledge it needs (if it *never* needs to read /etc/passwd, it might as well not be allowed to, though /etc/passwd needs to be world readable). It's just quite some work and rather inflexible. > Now, if you can't get > the simple, easy to understand thing right, what are the odds that > you'll do better with one that is so complicated that even the > distribution developers have spent years on and still haven't perfected? This, on the other hand, is an important point. Like the firewall, if it only gives you a false sense of security, it is doing harm rather than good. If your distribution gives you a secure SELinux configuration for free, then fine. If you need to tweak things, and you end up doing something you don't fully understand, just to get things working, then you are better off not relying on this "additional protection" in any way - you may have messed up the whole system. So why maintain it? > If you have time to learn and tune both models perfectly, then they > shouldn't hurt anything, but so far I've always had something better to > do and considered it more productive to focus on the simple model. Though I find SELinux very interesting, I have so far also had more urgent (I'm not sure about important ...) things to do. Regards, Holger -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
Admiral Beotch wrote at about 10:41:07 -0700 on Friday, June 26, 2009: > Once I get it all figured out, I'll definitely send the information off to > the packager. Again, excellent catch on mounting the disk to the default > TOPDIR before installing the rpm. I cant wait to try that in a couple days. > > I dont want to fork this thread, but I have a strong stance on this issue > and I see it getting ignored a lot on many forums... SELinux is an awesome > security framework and should never be disabled. It's like a firewall for > processes. One wouldn't disable a firewall because it kept an required > application from working, you'd figure out how to unblock the traffic. The > same should go for SELinux. If a service or account gets compromised or > abused, SELinux will keep it sandboxed so it can't affect other parts of the > system. No one is arguing that SELinux isn't better security -- the question is whether it is worth it and what are the risk/benefits. Many people I know get frustrated with SELinux and end up turning it off. That makes sense if SELinux is costing them time and frustration and other simpler measures meet their security needs. Personally, I have played a lot with SELinux but also find that unless you have a "stock" distro install, that SELinux causes endless issues every time you add a new piece of software that has not been accounted for by the distro maintainers. Again, if you need that level of security, then feel free to use SELinux - no one is stopping you. But on the other hand, don't expect everybody else to be as interested in it or to spend time making sure their applications are compliant. > > > On Fri, Jun 26, 2009 at 10:07, Les Mikesell wrote: > > > > > If it doesn't, you should report it to the packager. RPMs are supposed > > to set that stuff up so it works. I normally disable SELinux to avoid > > surprises anyway though, but most of my boxes are pretty well firewalled. > > > > > > -- > -- > > -- > ___ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List:https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki:http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Kernel Panic, BackupPC + ext3
Nate wrote: At 04:26 PM 3/4/2009, Nate wrote: We seem to be routinely having this issue where the server backuppc is running on throws a kernel panic and thus hard locks the machine. It's completely random, sometimes happens daily, sometimes we can have a lucky 2-3 weeks without a lockup. I've taken a screenshot and posted it here: http://locu.net/misc/kernelp_backuppc.jpg This hardware has been in use for years without as much as a burp before using backuppc, so I'm suspecting this could be an ext3 issue with the multitudes of files and ext3's inability to handle them? Prior to using backup pc, we backed up the same data just in flat .tgz files. System info: kernel: 2.6.18-92.1.22.el5 #1 SMP Tue Dec 16 11:57:43 EST 2008 x86_64 x86_64 x86_64 GNU/Linux distro: centos 5.2 hw: athlon 64 3200+, 4GB ram Any thoughts? Thanks, Nathan FYI, I thought I'd update the list. We tried about everything, including new hardware. The problem went away completely when we switched off LVM and just started using RAID. We're left with less flexibility in adding new drives, but at least the system doesn't crash. LVM + ext3 + BackupPC = *boom* I run LVM + ext3 + BackupPC with Centos 5.2 and 5.3 and the systems are rock-solid. You might want to consider the thread in http://bugs.centos.org/view.php?id=2321 before declaring you know for sure what the problem is. Peter -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Kernel Panic, BackupPC + ext3
At 04:26 PM 3/4/2009, Nate wrote: >We seem to be routinely having this issue where the server backuppc >is running on throws a kernel panic and thus hard locks the >machine. It's completely random, sometimes happens daily, sometimes >we can have a lucky 2-3 weeks without a lockup. I've taken a >screenshot and posted it here: > >http://locu.net/misc/kernelp_backuppc.jpg > >This hardware has been in use for years without as much as a burp >before using backuppc, so I'm suspecting this could be an ext3 issue >with the multitudes of files and ext3's inability to handle >them? Prior to using backup pc, we backed up the same data just in >flat .tgz files. > >System info: >kernel: 2.6.18-92.1.22.el5 #1 SMP Tue Dec 16 11:57:43 EST 2008 x86_64 >x86_64 x86_64 GNU/Linux >distro: centos 5.2 >hw: athlon 64 3200+, 4GB ram > >Any thoughts? > >Thanks, >Nathan FYI, I thought I'd update the list. We tried about everything, including new hardware. The problem went away completely when we switched off LVM and just started using RAID. We're left with less flexibility in adding new drives, but at least the system doesn't crash. LVM + ext3 + BackupPC = *boom* -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
Thanks Filipe and everyone else who gave me some input. I believe this will solve all my current issues. I'm really excited to have found this package and a great backup solution. Thanks again for everyone's help! On Fri, Jun 26, 2009 at 10:22, Filipe Brandenburger wrote: > > I thought I would give some feedback here... > > I am running BackupPC 3.1.0-5 built from Fedora SRPMs (should be the > same as EPEL) in a CentOS 5.3 machine, with SELinux enabled, in > "enforced" mode, with "targeted" policy. > > I have the BackupPC volume mounted in /var/lib/BackupPC (default > path), I mounted it *before* installing the RPM. > > I have had *no* issues with SELinux so far, and I'm running it for a > couple of weeks now. > > The RPM includes a file named > /usr/share/selinux/packages/BackupPC/BackupPC.pp, which I believe will > implement the SELinux policies need for BackupPC operation. I believe > it will do so considering the labels that are applied by default in > /var/lib/BackupPC, and if you decide to mount your repository > elsewhere (like /BackupData) it will only give you trouble... > > Especially if using SELinux, I would advise you to try to keep your > backups under /var/lib/BackupPC, and also to mount the backup drive at > that path before installing the RPM. > > HTH, > Filipe > > -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
Hi,
Admiral Beotch wrote on 2009-06-26 09:41:51 -0700 [Re: [BackupPC-users] Having
Several Issues]:
> On Fri, Jun 26, 2009 at 09:09, Les Mikesell wrote:
> [...]
> > ...so I'm surprised you didn't follow the directions for a mount or soft
> > link at /var/lib/backuppc that should be somewhere on the wiki.
>
> You're suprised I didnt follow directions? Well, that makes one of us. 8D
you're entitled to not being surprised by not having followed directions, but
you're not exempted from the consequences.
Changing TopDir like you did does not work for versions prior to 3.2.0beta0,
unless the package contains an appropriate patch. I don't know if your package
does, but if it doesn't, pooling will not work, and you'll have large amounts
of errors "BackupPC_link got error XXX when calling MakeFileLink..." in your
log files. As I read the code, BackupPC does not in fact prevent this at
startup, where it checks whether $Topdir/pc and $Topdir/cpool are on the same
file system. BackupPC_link uses CPoolDir. This is supposed to be the same, but
prior to 3.2.0beta0, CPoolDir will incorrectly be set to the value
"$Topdir/cpool" had *before* $Conf{TopDir} was changed in the config file.
So, keep TopDir where the package puts it, as you've already decided to do for
SELinux reasons anyway.
Regards,
Holger
--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
Admiral Beotch wrote: > Once I get it all figured out, I'll definitely send the information off > to the packager. Again, excellent catch on mounting the disk to the > default TOPDIR before installing the rpm. I cant wait to try that in a > couple days. > > I dont want to fork this thread, but I have a strong stance on this > issue and I see it getting ignored a lot on many forums... SELinux is an > awesome security framework and should never be disabled. It's like a > firewall for processes. One wouldn't disable a firewall because it kept > an required application from working, you'd figure out how to unblock > the traffic. The same should go for SELinux. If a service or account > gets compromised or abused, SELinux will keep it sandboxed so it can't > affect other parts of the system. And my stance is the opposite. The standard unix security model wasn't broken to begin with. SELinux adds another layer that is only necessary if you got something wrong in the first place. Now, if you can't get the simple, easy to understand thing right, what are the odds that you'll do better with one that is so complicated that even the distribution developers have spent years on and still haven't perfected? If you have time to learn and tune both models perfectly, then they shouldn't hurt anything, but so far I've always had something better to do and considered it more productive to focus on the simple model. -- Les Mikesell lesmikes...@gmail.com -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Exclude from backup
Thank you guys for your feedback. FYI the "XferMethod" I am using is rsync and
the suggested config listed bellow is working. Apparently, one have to
specify a share(s) in "RsyncShareName" and use it in "BackupFilesExclude" to
specify what exactly to be excluded under that share.
$Conf{BackupFilesExclude} = {
'*' => [
'/proc',
'/sys'
]
};
Best regrads
Vlad
On Friday 26 June 2009 11:00:08 Vladislav Tchernev wrote:
> Hi All,
> I am new to backuppc and was trying to figure out how to exclude dir/files
> from a backup. I have played around with the GUI, setting
> Xfer->BackupFilesExclude and Xfer->RsyncArgs (--exclude="..."), as well
> as directly editing the conf files (the global and the host specific ones)
> but without success. What I have tried to do is to exclude /proc but it
> seems I can't manage to get rid of it since the error log keeps complining
> about it. Bellow are some settings (I ended setting thouse directly in the
> config.pl) I have tried.
>
> FYI: Am using backuppc-3.1.0-3 on Ubuntu 8.10
>
> Thanks for your helps!
> Vlad
>
> #1
> $Conf{RsyncArgs} = [
> '--numeric-ids',
> '--perms',
> '--owner',
> '--group',
> '-D',
> '--links',
> '--hard-links',
> '--times',
> '--block-size=2048',
> '--recursive',
> '--exclude="/proc"'
>
> #2
> $Conf{RsyncArgs} = [
> '--numeric-ids',
> '--perms',
> '--owner',
> '--group',
> '-D',
> '--links',
> '--hard-links',
> '--times',
> '--block-size=2048',
> '--recursive',
> '--exclude', '/proc'
>
> #3
> $Conf{BackupFilesExclude} = {
> '/proc' => ['/*']
> };
>
> #3
> $Conf{BackupFilesExclude} = {
> '/proc' => ['./*']
> }
>
> #4
> $Conf{BackupFilesExclude} = {
> '/proc/' => ['*']
> };
>
> #4
> $Conf{BackupFilesExclude} = {
> '/proc/' => ['']
> };
>
> Thanks!
> Vlad
>
> ---
>--- ___
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki:http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
--
Vladislav Tchernev
Senior System Administrator
Broadsign International
Phone: (514)399-1184
Fax: (514)399-1187
--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
Once I get it all figured out, I'll definitely send the information off to the packager. Again, excellent catch on mounting the disk to the default TOPDIR before installing the rpm. I cant wait to try that in a couple days. I dont want to fork this thread, but I have a strong stance on this issue and I see it getting ignored a lot on many forums... SELinux is an awesome security framework and should never be disabled. It's like a firewall for processes. One wouldn't disable a firewall because it kept an required application from working, you'd figure out how to unblock the traffic. The same should go for SELinux. If a service or account gets compromised or abused, SELinux will keep it sandboxed so it can't affect other parts of the system. On Fri, Jun 26, 2009 at 10:07, Les Mikesell wrote: > > If it doesn't, you should report it to the packager. RPMs are supposed > to set that stuff up so it works. I normally disable SELinux to avoid > surprises anyway though, but most of my boxes are pretty well firewalled. > > -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Exclude from backup
Adam Goryachev wrote:
>
>> Hi All,
>> I am new to backuppc and was trying to figure out how to exclude dir/files
>> from a backup. I have played around with the GUI, setting
>> Xfer->BackupFilesExclude and Xfer->RsyncArgs (--exclude="..."), as
> well as
>> directly editing the conf files (the global and the host specific ones)
> but
>> without success. What I have tried to do is to exclude /proc but it
> seems I
>> can't manage to get rid of it since the error log keeps complining
> about it.
>> Bellow are some settings (I ended setting thouse directly in the
> config.pl) I
>> have tried.
>>
>> FYI: Am using backuppc-3.1.0-3 on Ubuntu 8.10
>>
>> Thanks for your helps!
>> Vlad
>>
>> #1
>> $Conf{RsyncArgs} = [
>> '--numeric-ids',
>> '--perms',
>> '--owner',
>> '--group',
>> '-D',
>> '--links',
>> '--hard-links',
>> '--times',
>> '--block-size=2048',
>> '--recursive',
>> '--exclude="/proc"'
> Check the man page, but I use the flag like --one-file-system so that
> it won't backup any mounted dir...
>> #3
>> $Conf{BackupFilesExclude} = {
>> '/proc' => ['/*']
>> };
> Try:
>
> $Conf{BackupFilesExclude} = {
> '*' => ['/proc']
> };
>
> The syntax says where I put the * you should specify the sharename, or
> * to match all.
> Where I put /proc is a list of path names to exclude.
>
Or for a more drastic approach, add --one-file-system to the RsyncArgs
list, which will exclude all mount points. I do that because I
frequently have DVDs or NFS mounts in random places that I don't want to
have backed up. But, then you must be very careful to add share
entries for all of the mounted file systems that you do want, and
remember that if you add more later.
--
Les Mikesell
lesmikes...@gmail.com
--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
Hi, On Fri, Jun 26, 2009 at 13:07, Les Mikesell wrote: > Admiral Beotch wrote: >> What I'm wondering is, if you had mounted your drive on >> /var/lib/backuppc before the yum install (or had set it up during the >> Centos install) would any of the other steps have been necessary? >> >> I'm going to guess that the chcon would still have been necessary >> because the default SELinux policy probably does not expect httpd_t to >> have so much access to a file system. But we'll give it a shot. > > If it doesn't, you should report it to the packager. RPMs are supposed > to set that stuff up so it works. I normally disable SELinux to avoid > surprises anyway though, but most of my boxes are pretty well firewalled. I thought I would give some feedback here... I am running BackupPC 3.1.0-5 built from Fedora SRPMs (should be the same as EPEL) in a CentOS 5.3 machine, with SELinux enabled, in "enforced" mode, with "targeted" policy. I have the BackupPC volume mounted in /var/lib/BackupPC (default path), I mounted it *before* installing the RPM. I have had *no* issues with SELinux so far, and I'm running it for a couple of weeks now. The RPM includes a file named /usr/share/selinux/packages/BackupPC/BackupPC.pp, which I believe will implement the SELinux policies need for BackupPC operation. I believe it will do so considering the labels that are applied by default in /var/lib/BackupPC, and if you decide to mount your repository elsewhere (like /BackupData) it will only give you trouble... Especially if using SELinux, I would advise you to try to keep your backups under /var/lib/BackupPC, and also to mount the backup drive at that path before installing the RPM. HTH, Filipe -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
Admiral Beotch wrote: > > What I'm wondering is, if you had mounted your drive on > /var/lib/backuppc before the yum install (or had set it up during the > Centos install) would any of the other steps have been necessary? > > > Good point. I will test this when my new hardware gets here... > > I'm going to guess that the chcon would still have been necessary > because the default SELinux policy probably does not expect httpd_t to > have so much access to a file system. But we'll give it a shot. If it doesn't, you should report it to the packager. RPMs are supposed to set that stuff up so it works. I normally disable SELinux to avoid surprises anyway though, but most of my boxes are pretty well firewalled. -- Les Mikesell lesmikes...@gmail.com -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
On Fri, Jun 26, 2009 at 09:09, Les Mikesell wrote: > > What I'm wondering is, if you had mounted your drive on > /var/lib/backuppc before the yum install (or had set it up during the > Centos install) would any of the other steps have been necessary? > Good point. I will test this when my new hardware gets here... I'm going to guess that the chcon would still have been necessary because the default SELinux policy probably does not expect httpd_t to have so much access to a file system. But we'll give it a shot. > ...so I'm surprised you didn't follow the directions for a mount or soft > link at /var/lib/backuppc that should be somewhere on the wiki. > You're suprised I didnt follow directions? Well, that makes one of us. 8D -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
Admiral Beotch wrote:
> Les,
>
> Here's my hasty notes from my install using CentOS 5.3, epel's current
> backuppc. Excuse the mess.. I just ordered a new dedicated backup server
> and will be re-installing again from scratch to validate and clean up my
> procedure. I'll repost in a nicer format when it's all done.
>
> Admrial Beotch
>
> =
> Assumes core install with all updates...
> Assumes large drive mounted to file system at /BackupData
>
> yum install backuppc httpd
> edit /etc/BackupPC/config.pl
>
> change $Conf{CgiAdminUsers} to 'admin'
> change $Conf{TopDir} to '/BackupData/'
>
> #allows httpd process to r/w data partition
> chcon -R -t httpd_sys_script_rw_t /BackupData
>
>
> edit /etc/httpd/conf/httpd.conf
> change httpd User from apache to backuppc
>
> #Move rpm installed TOPDIR directories to data mount
> cd /var/lib/BackupData/
> mv cpool/ pc/ pool/ trash/ /BackupData
>
> htpasswd -c /etc/BackupPC/apache.users admin
> edit /etc/BackupPC/hosts and add host names
>
> edit /etc/httpd/conf.d/BackupPC.conf
> change 'allow' to management host ip
>
> chkconfig --levels 345 backuppc on
> chkconfig --levels 345 httpd on
>
> #login as backuppc and generate passwordless ssh keys
> su - -s /bin/bash backuppc
> ssh-keygen
>
> copy public key to all computers being backed up (to root account).
> contents of id_rsa.pub goes into /root/.ssh/authorized_keys on each host
> to be backed up.
What I'm wondering is, if you had mounted your drive on
/var/lib/backuppc before the yum install (or had set it up during the
Centos install) would any of the other steps have been necessary?
Also, only the latest version of backuppc allows $Conf{TopDir} to be
changed after the initial configuration (done before the RPM was built),
so I'm surprised you didn't follow the directions for a mount or soft
link at /var/lib/backuppc that should be somewhere on the wiki.
--
Les Mikesell
lesmikes...@gmail.com
--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
Les,
Here's my hasty notes from my install using CentOS 5.3, epel's current
backuppc. Excuse the mess.. I just ordered a new dedicated backup server and
will be re-installing again from scratch to validate and clean up my
procedure. I'll repost in a nicer format when it's all done.
Admrial Beotch
=
Assumes core install with all updates...
Assumes large drive mounted to file system at /BackupData
yum install backuppc httpd
edit /etc/BackupPC/config.pl
change $Conf{CgiAdminUsers} to 'admin'
change $Conf{TopDir} to '/BackupData/'
#allows httpd process to r/w data partition
chcon -R -t httpd_sys_script_rw_t /BackupData
edit /etc/httpd/conf/httpd.conf
change httpd User from apache to backuppc
#Move rpm installed TOPDIR directories to data mount
cd /var/lib/BackupData/
mv cpool/ pc/ pool/ trash/ /BackupData
htpasswd -c /etc/BackupPC/apache.users admin
edit /etc/BackupPC/hosts and add host names
edit /etc/httpd/conf.d/BackupPC.conf
change 'allow' to management host ip
chkconfig --levels 345 backuppc on
chkconfig --levels 345 httpd on
#login as backuppc and generate passwordless ssh keys
su - -s /bin/bash backuppc
ssh-keygen
copy public key to all computers being backed up (to root account).
contents of id_rsa.pub goes into /root/.ssh/authorized_keys on each host to
be backed up.
--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[BackupPC-users] Amazon S3 and/or EC2 or other off-site storage ideas
I am looking for inexpensive off-site storage that is compatible with backuppc. Is anyone using backuppc to backup files to Amazon S3? I have googled for some articles on this topic, and all I have found are old ones. It seems 1. S3 does not "allow" hard links and use of rsync. There is a s3sync option, but I haven't looked a it. 2. Using an EC2 front end running backuppc might work, and then storing to s3. Haven't found any backuppc articles about this. Any other suggestions for inexpensive off-site storage using backuppc? Thanks! Mark -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Exclude from backup
Hi,
Vladislav Tchernev wrote on 2009-06-26 11:00:08 -0400 [[BackupPC-users] Exclude
from backup]:
> [...] What I have tried to do is to exclude /proc but it seems I
> can't manage to get rid of it since the error log keeps complining about it.
> Bellow are some settings (I ended setting thouse directly in the config.pl) I
> have tried.
>
> [...]
> #1
> $Conf{RsyncArgs} = [
> '--numeric-ids',
> '--perms',
> '--owner',
> '--group',
> '-D',
> '--links',
> '--hard-links',
> '--times',
> '--block-size=2048',
> '--recursive',
> '--exclude="/proc"'
>
> #2
> $Conf{RsyncArgs} = [
> '--numeric-ids',
> '--perms',
> '--owner',
> '--group',
> '-D',
> '--links',
> '--hard-links',
> '--times',
> '--block-size=2048',
> '--recursive',
> '--exclude', '/proc'
I'm not sure why those shouldn't work (presuming you are using XferMethod
rsync or rsyncd, that is!), but it's not the intended way.
> #3
> $Conf{BackupFilesExclude} = {
> '/proc' => ['/*']
> };
Try
$Conf {BackupFilesExclude} = {
'/' => [ '/proc' ],
};
(presuming your ShareName really is '/', which is probably the case but may
not be if you are using rsyncd or are trying to exclude a proc filesystem
mounted in a chroot environment, for example). If you need more detailed
information, please tell us which XferMethod and which ShareName(s) you are
using. Have you perhaps got proc mounted more than once?
Regards,
Holger
--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Exclude from backup
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vladislav Tchernev wrote:
> Hi All,
> I am new to backuppc and was trying to figure out how to exclude dir/files
> from a backup. I have played around with the GUI, setting
> Xfer->BackupFilesExclude and Xfer->RsyncArgs (--exclude="..."), as
well as
> directly editing the conf files (the global and the host specific ones)
but
> without success. What I have tried to do is to exclude /proc but it
seems I
> can't manage to get rid of it since the error log keeps complining
about it.
> Bellow are some settings (I ended setting thouse directly in the
config.pl) I
> have tried.
>
> FYI: Am using backuppc-3.1.0-3 on Ubuntu 8.10
>
> Thanks for your helps!
> Vlad
>
> #1
> $Conf{RsyncArgs} = [
> '--numeric-ids',
> '--perms',
> '--owner',
> '--group',
> '-D',
> '--links',
> '--hard-links',
> '--times',
> '--block-size=2048',
> '--recursive',
> '--exclude="/proc"'
Check the man page, but I use the flag like --one-file-system so that
it won't backup any mounted dir...
>
> #3
> $Conf{BackupFilesExclude} = {
> '/proc' => ['/*']
> };
Try:
$Conf{BackupFilesExclude} = {
'*' => ['/proc']
};
The syntax says where I put the * you should specify the sharename, or
* to match all.
Where I put /proc is a list of path names to exclude.
Hope that helps...
Regards,
Adam
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpE6kEACgkQGyoxogrTyiUozQCfUb1/VtXx0BEY2Gf6+s9zOG5L
QwMAoMFSIHiZzqhmmCqhf2WzEG1lCvEt
=2hds
-END PGP SIGNATURE-
--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Exclude from backup
hi,
Should look more like this:
$Conf{BackupFilesExclude} = {
'*' => [
'/tmp',
'/proc'
]
};
Vladislav Tchernev wrote:
> Hi All,
> I am new to backuppc and was trying to figure out how to exclude dir/files
> from a backup. I have played around with the GUI, setting
> Xfer->BackupFilesExclude and Xfer->RsyncArgs (--exclude="..."), as well as
> directly editing the conf files (the global and the host specific ones) but
> without success. What I have tried to do is to exclude /proc but it seems I
> can't manage to get rid of it since the error log keeps complining about it.
> Bellow are some settings (I ended setting thouse directly in the config.pl) I
> have tried.
>
> FYI: Am using backuppc-3.1.0-3 on Ubuntu 8.10
>
> Thanks for your helps!
> Vlad
>
> #1
> $Conf{RsyncArgs} = [
> '--numeric-ids',
> '--perms',
> '--owner',
> '--group',
> '-D',
> '--links',
> '--hard-links',
> '--times',
> '--block-size=2048',
> '--recursive',
> '--exclude="/proc"'
>
> #2
> $Conf{RsyncArgs} = [
> '--numeric-ids',
> '--perms',
> '--owner',
> '--group',
> '-D',
> '--links',
> '--hard-links',
> '--times',
> '--block-size=2048',
> '--recursive',
> '--exclude', '/proc'
>
> #3
> $Conf{BackupFilesExclude} = {
> '/proc' => ['/*']
> };
>
> #3
> $Conf{BackupFilesExclude} = {
> '/proc' => ['./*']
> }
>
> #4
> $Conf{BackupFilesExclude} = {
> '/proc/' => ['*']
> };
>
> #4
> $Conf{BackupFilesExclude} = {
> '/proc/' => ['']
> };
>
> Thanks!
> Vlad
>
> --
> ___
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki:http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
--
Mark Maciolek
Network Administrator
Morse Hall 339
862-3050
m...@sr.unh.edu
https://www.sr.unh.edu
--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
On Friday 26 June 2009 13:28:56 Les Mikesell wrote: > Tony Molloy wrote: > > On Friday 26 June 2009 01:04:50 Admiral Beotch wrote: > >> I haven't finished reading the selinux/apache document, but while > >> testing out the restore process with my previous chcon statement, I > >> realized backuppc was unable to write some restore files to the TOPDIR > >> filesystem so I changed the context again to: > >> > >> chcon -R -t httpd_sys_script_rw_t /BackupData > >> > >> and it can now prefectly restore files as expected. I love this > >> software! > >> > >> I'll post an update later after I've had a chance to fully dig into the > >> selinux/apache document. > >> > >> Just a thought going through my head... Since httpd is running as > >> backuppc and this is a dedicated backup server, I think I'm gonna be ok > >> with this r/w context on this mounted file system... > > > > Previously I've installed BackupPC from source and sorted out the SELinux > > problems by hand. Now I'm about to install an backup BackupPC server and > > want to use the EPEL rpm if possible on Centos-5.3. > > > > It would be really helpful if you could summarise the SELinux changes you > > made to get it working. > > Also, did you have the mounted drive in place when the RPM was installed? > If not, the RPM might have configured things by itself. No, it doesn't. I did a test install of the rpm a few days ago and got a lot of SELinux problems. Tony -- Dept. of Comp. Sci. University of Limerick. -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
[BackupPC-users] Exclude from backup
Hi All,
I am new to backuppc and was trying to figure out how to exclude dir/files
from a backup. I have played around with the GUI, setting
Xfer->BackupFilesExclude and Xfer->RsyncArgs (--exclude="..."), as well as
directly editing the conf files (the global and the host specific ones) but
without success. What I have tried to do is to exclude /proc but it seems I
can't manage to get rid of it since the error log keeps complining about it.
Bellow are some settings (I ended setting thouse directly in the config.pl) I
have tried.
FYI: Am using backuppc-3.1.0-3 on Ubuntu 8.10
Thanks for your helps!
Vlad
#1
$Conf{RsyncArgs} = [
'--numeric-ids',
'--perms',
'--owner',
'--group',
'-D',
'--links',
'--hard-links',
'--times',
'--block-size=2048',
'--recursive',
'--exclude="/proc"'
#2
$Conf{RsyncArgs} = [
'--numeric-ids',
'--perms',
'--owner',
'--group',
'-D',
'--links',
'--hard-links',
'--times',
'--block-size=2048',
'--recursive',
'--exclude', '/proc'
#3
$Conf{BackupFilesExclude} = {
'/proc' => ['/*']
};
#3
$Conf{BackupFilesExclude} = {
'/proc' => ['./*']
}
#4
$Conf{BackupFilesExclude} = {
'/proc/' => ['*']
};
#4
$Conf{BackupFilesExclude} = {
'/proc/' => ['']
};
Thanks!
Vlad
--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
Tony Molloy wrote: > On Friday 26 June 2009 01:04:50 Admiral Beotch wrote: >> I haven't finished reading the selinux/apache document, but while testing >> out the restore process with my previous chcon statement, I realized >> backuppc was unable to write some restore files to the TOPDIR filesystem so >> I changed the context again to: >> >> chcon -R -t httpd_sys_script_rw_t /BackupData >> >> and it can now prefectly restore files as expected. I love this software! >> >> I'll post an update later after I've had a chance to fully dig into the >> selinux/apache document. >> >> Just a thought going through my head... Since httpd is running as backuppc >> and this is a dedicated backup server, I think I'm gonna be ok with this >> r/w context on this mounted file system... > > Previously I've installed BackupPC from source and sorted out the SELinux > problems by hand. Now I'm about to install an backup BackupPC server and want > to use the EPEL rpm if possible on Centos-5.3. > > It would be really helpful if you could summarise the SELinux changes you > made > to get it working. Also, did you have the mounted drive in place when the RPM was installed? If not, the RPM might have configured things by itself. -- Les Mikesell lesmikes...@gmail.com -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] email report after backup
This information you can find in __TOPDIR__/pc/$host/backups. The DumpPostUserCmd is the right way. There are several variables you can take as parameter to your script. The one you need is $xferOK br Matthias thanks a lot ! this is exactly what i wanted :) i just have to find what column is what and that will do it most are easy to guess anyway. -- Cordialement, Ghislain smime.p7s Description: S/MIME Cryptographic Signature -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Having Several Issues
On Friday 26 June 2009 01:04:50 Admiral Beotch wrote: > I haven't finished reading the selinux/apache document, but while testing > out the restore process with my previous chcon statement, I realized > backuppc was unable to write some restore files to the TOPDIR filesystem so > I changed the context again to: > > chcon -R -t httpd_sys_script_rw_t /BackupData > > and it can now prefectly restore files as expected. I love this software! > > I'll post an update later after I've had a chance to fully dig into the > selinux/apache document. > > Just a thought going through my head... Since httpd is running as backuppc > and this is a dedicated backup server, I think I'm gonna be ok with this > r/w context on this mounted file system... Previously I've installed BackupPC from source and sorted out the SELinux problems by hand. Now I'm about to install an backup BackupPC server and want to use the EPEL rpm if possible on Centos-5.3. It would be really helpful if you could summarise the SELinux changes you made to get it working. Tony -- Dept. of Comp. Sci. University of Limerick. -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
