User Tools

Site Tools


backingupaserver

When it comes to backing up data you should be very paranoid. Most people think about data loss as a spontaneous random event. I like to approach backups thinking about someone intentionally trying to destroy all data on a server. There are a number of solutions you can employ and online backup services from 15 cents to $3 per gigabyte of storage.

# Most people should be able to select "Use SSE2-optimized code"
portmaster --packages-build --delete-build-only --force-config sysutils/tarsnap

Now we need to generate a key. We'll set a passphrase, you don't have to but it adds some security in case the key file falls into the wrong hands.

tarsnap-keygen --keyfile /root/tarsnap.key --user me@example.com --machine mybox --passphrased

Now we want to create a restricted key file. This is the key file that will stay on the server and this key will only be allowed -r (list and extract archives) and -w (write archives). This ensures that if someone breaks into the server and gains root level access that they won't be able to delete your backups. We also won't passphrase this keyfile so that a backup script can be setup and daily scheduled backups can be run via cron.

tarsnap-keymgmt --outkeyfile tarsnap-readwrite.key -r -w /root/tarsnap.key

This is a modified script from http://www.bishnet.net/tim/tarsnap/run.sh by http://www.bishnet.net/tim/blog/2009/01/28/automating-tarsnap-backups/ . The original script would delete archives after a certain point. Although this is handy you do run the risk of someone deleting your backups if they gain access to your machine. Due to new backups not using much space I just manually go in and remove old archives every once in a while.

<box 100% round blue|tarsnap-backup.sh>

#!/bin/sh

# Tarsnap backup script
# Written by Tim Bishop, 2009.

# Name of server
SERVERNAME=EXAMPLE

# Directories to backup
DIRS="/home /etc /usr/local/etc"

# Which day to do weekly backups on
# 1-7, Monday = 1
WEEKLY_DAY=1

# Which day to do monthly backups on
# 01-31 (leading 0 is important)
MONTHLY_DAY=01

# Path to tarsnap
TARSNAP="/usr/local/bin/tarsnap"

# end of config

# day of week: 1-7, monday = 1
DOW=`date +%u`
# day of month: 01-31
DOM=`date +%d`
# month of year: 01-12
MOY=`date +%m`
# year
YEAR=`date +%Y`
# time
TIME=`date +%H%M%S`

# Backup name
if [ X"$DOM" = X"$MONTHLY_DAY" ]; then
	# monthly backup
	BACKUP="$YEAR$MOY$DOM-$TIME-monthly"
elif [ X"$DOW" = X"$WEEKLY_DAY" ]; then
	# weekly backup
	BACKUP="$YEAR$MOY$DOM-$TIME-weekly"
else
	# daily backup
	BACKUP="$YEAR$MOY$DOM-$TIME-daily"
fi

# Do backups
echo "==> create $BACKUP-$SERVERNAME"
$TARSNAP $EXTRA_FLAGS -c -f $BACKUP-$SERVERNAME $DIRS 

</box>

PATH=/usr/local/bin:/etc:/bin:/sbin:/usr/bin:/usr/sbin

# Tarsnap Daily Backup
30      2       *       *       *      /bin/sh /root/tarsnap-backup.sh

/usr/local/etc/tarsnap.conf

humanize-numbers
backingupaserver.txt · Last modified: 2014/10/02 14:19 by admin