Difference between revisions of "BackupPC"
(→Files) |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 12: | Line 12: | ||
Those files are backed up nightly to /storage/big5 on alcor.umassmed.edu | Those files are backed up nightly to /storage/big5 on alcor.umassmed.edu | ||
+ | |||
+ | sudo dnf install postfix | ||
+ | sudo systemctl enable postfix.service | ||
+ | sudo systemctl start postfix.service | ||
+ | |||
+ | If using selinux: | ||
+ | restorecon -pr /var/lib/BackupPC | ||
=== Excluded Files === | === Excluded Files === | ||
Line 51: | Line 58: | ||
− | edit /root/.ssh/authorized_keys2 and add before ssh-rsa... | + | edit /root/.ssh/authorized_keys2 and add before ssh-rsa...use ip, rather hostname. Is from= broken? seems so. Don't use. |
− | from=" | + | from="146.189.76.92" |
rm /root/.ssh/BackupPC_id_rsa.pub | rm /root/.ssh/BackupPC_id_rsa.pub |
Latest revision as of 13:53, 4 April 2019
Location
http://m13.umassmed.edu/BackupPC
Server
Files
Configuration and keys are stored in /var/lib/BackupPC and in /etc/BackupPC on m13.umassmed.edu
All backup files are stored in /storage/big0/BackupPC on m13.umassmed.edu
Those files are backed up nightly to /storage/big5 on alcor.umassmed.edu
sudo dnf install postfix sudo systemctl enable postfix.service sudo systemctl start postfix.service
If using selinux:
restorecon -pr /var/lib/BackupPC
Excluded Files
The files are excluded because they are either temporary or backed up independently
$Conf{BackupFilesExclude} = { '*' => [ '/tmp', '/proc', '/dev', '/sys', '/lost+found', '/media', '/var/spool', '/var/tmp', '/storage', # linked to home, which is backed up, and where it is a separate drive, it is backed up by a different mechanism '/mnt', '/*/.mozilla/*/*/Cache' ] };
SSH Keys
Client SSHD
sudo vi /etc/ssh/sshd_config
Change PermitRootLogin yes
sudo service sshd restart
Server public key on Client machine
Server
copy m13.umassmed.edu BackupPC key to client located at /var/lib/BackupPC/.ssh/id_rsa.pub, as backuppc
su -s /bin/bash backuppc scp ~/.ssh/BackupPC_id_rsa.pub root@<host>:/root/.ssh/
Client
Append the key, as root to authorized_keys (authorized_keys2 is deprecated, Fedora >= 17)
cat /root/.ssh/BackupPC_id_rsa.pub >> /root/.ssh/authorized_keys
edit /root/.ssh/authorized_keys2 and add before ssh-rsa...use ip, rather hostname. Is from= broken? seems so. Don't use.
from="146.189.76.92"
rm /root/.ssh/BackupPC_id_rsa.pub chmod -R go-rwx ~/.ssh
Client public key on Server machine
Client
Done as root if backing up entire system
Generate a key
ssh-keygen -t rsa
copy the key from the client to the server, as root
scp /root/.ssh/id_rsa.pub root@m13.umassmed.edu:/var/lib/BackupPC/.ssh/client_id_rsa.pub
Server
Append the key, as user backuppc on m13.umassmed.edu
cat ~/.ssh/client_id_rsa.pub >> ~/.ssh/known_hosts exit
as root
chmod -R go-rwx /var/lib/BackupPC/.ssh rm /var/lib/BackupPC/.ssh/client_id_rsa.pub
Client SSHD
sudo vi /etc/ssh/sshd_config
change PermitRootLogin without-password
sudo service sshd restart
Also consider restrict AllowUsers
Test
On m13.umassmed.edu as backuppc
ssh -l root <client Machine> whoami
Use just hostname, without domainname (i.e. big, and not big.umassmed.edu) Should return as "root" without prompting for a password
Users and Machines
Administrator creates a user account in /etc/BackupPC/apache.users :
htpasswd /etc/BackupPC/apache.users username
username must also have a normal linux account
If they are an admin, then they must be added to
vi /etc/BackupPC/config.pl
Add their client's machine and username to
vi /etc/BackupPC/hosts
Linux machines should install nmbd, part of the samba suite. Edit /etc/samba/smb.conf and put in an appropriate "netbios name =" entry and then confirm you can either find the machine with:
nmblookup <name>
or
nmblookup -A <ip>
If it is the latter, then the DHCP IP range must be put in the configuration file