[BackupPC-users] cygwin-rsyncd outdated No recent version ?
Thx for the update on souceforge Nice work +-- |This was sent by infosupport.radi...@orange.fr via Backup Central. |Forward SPAM to ab...@backupcentral.com. +-- -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] cygwin-rsyncd outdated No recent version ?
I wanted to report back to you. MANY, MANY thanks for the work you have done! I downloaded and tried it out. Works like a champ! The NSIS software threw me for a bit but finally figured it out. Thank you sir for your efforts. Richard / Now to upgrade to BackupPC 4.x --- Richard Zimmerman IT Manager River Bend Hose Specialty, Inc. S Main Street South Bend, IN 46601-3337 (574) 233-1133 (574) 280-7284 Fax From: Ray.Frush [mailto:ray.fr...@avagotech.com] Sent: Thursday, July 11, 2013 12:55 PM To: General list for user discussion, questions and support Subject: Re: [BackupPC-users] cygwin-rsyncd outdated No recent version ? As I mentioned earlier, use the Nullsoft Scriptable Install System to build a rsyncd install package for our PCs. Assumptions: We needed a simple rsyncd service that would install with MINIMAL user interaction. Our install does NOT use SSL keys, but instead relies on a simple rsyncd password (rsyncd.secret). Acknowledgements: The NSIS config file I used was leveraged heavily from ITeF!x Consulting from the cwRsyncd package they released. The following is based on v2.0.3 See http://www.itefix.no/ http://www.blat.net/?docs/license.txt for the original authors ongoing work. His current package, while excellent, doesn't lend itself to automated installs. Disclaimers: Use at your own risk. I had to hack this up to remove my company's specific information, and as delivered won't build a package that works for anyone without some modifications. You must read and understand all of the text files included, especially: backuppc_rsync-server.nsi : The NSIS script notify.bat : executed by install package to call 'blat' to send email to our call ticketing system. rsyncd.conf : leveraged ITeF!x version, with some changes we found to be good in our environment. rsyncd.secrets : will contain your rsyncd password used in $Conf{RsyncdPasswd} Requirements: To create your own package from scratch you'll need to download and install packages from these sites: NSIS: The install package builder: http://www.blat.net/?docs/license.txt (version 2.46 used) Cygwin: http://cygwin.com (file versions vary. My installation was from April-2012) BLAT: (for Notifications) http://www.blat.net/ I copied the key files from Cygwin and Blat packages into the build tree as follows: Directory of C:\rsyncd.backuppc backuppc_rsync-server.nsi [bin] blat.dll blat.exe blat.lib cygiconv-2.dll cygpopt-0.dllcygrunsrv.exe cygwin1.dll notify.bat rsync.exe [doc] rsync.html rsyncd.conf.html [etc] fstab license.txt rsyncd.conf rsyncd.secrets Files I wrote/modifed were: backuppc_rsync-server.nsi : The NSIS script notify.bat : executed by install package to call 'blat' to send email to our call ticketing system. rsyncd.conf : leveraged ITeF!x version, with some changes we found to be good in our environment. rsyncd.secrets : will contain your rsyncd password used in $Conf{RsyncdPasswd} -- Ray Frush Either you are part of the solution T:970.288.6223 or part of the precipitate. -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Avago Technologies, Inc. | Technical Computing | IT Engineer -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] security web server questions
The method I use is that I use rsync+ssh. I then create a regular backuppc user and limit sudo access to the tools needed to perform the backup, plus anything needed to be done as root in the pre/post backup scripts, such as my dbdump script. Here is my /etc/sudoers.d/backuppc: # This file is managed by puppet. Do not edit locally. Cmnd_AliasBACKUP=/bin/tar, /usr/bin/rsync, /usr/bin/mysqldump, /usr/local/sbin/dbdump backuppcALL=NOPASSWD:BACKUP This allows me access to all the files to be backed up/restored, and limits the backuppc user to the specific tools needed to perform the task. An attacker could get in and cause mischief, but that risk is far overshadowed by missing backups in a DR type scenario. What I ended up doing was pushing from each of the clients to the backup server via rsync --fake-super. You can lock down rsync access on the backup server to a particular directory via the authorized_keys file. Then the backup server runs rdiff-backup against the rsynced backups in order to maintain a versioned history. This way the backup server doesn't have any access to any of the clients and the clients only have access to their own backup folder on the server. If a client is infiltrated, the infiltrator can wipe out the client's backups on the server but the rdiff-backup repository is safe. - Grant Hi, I can understand the question. If BackupPC will use root permission, your BackupPC will become No. 1 target. Because when the attacker controls your BackupPC, she can access every box within your network as root. Nothing you really want. And in business, you will have multiple sys-admins.. but as the VPN/Firewall admin you want your servers to be backed up, but you shouldn't trust your colleague which is running the backup server too much. Because it is your ass which will get kicked when someone compromises the systems under your responsibility. Two ways we are using: 1) If you really know what folder you want to be backed up, create a user backup and add an ACL which allows the user backup to read these folders. 2) If you don't know what folders you want to be backed up or you want to backup everything, also create a user backup and lock it down. Now, create a copy of rsync. Make sure, only the user backup can execute this file. Set the CAP_DAC_READ_SEARCH capability for the private rsync copy. Now, the user backup can access all your data like root can, but if anybody will get access to that user on that box, he/she is very limited. -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/