Turritopsis Dohrnii Teo En Ming
2021-Aug-18 14:05 UTC
Teo En Ming's Guide to Configuring rsnapshot Backup for Linux Servers
Subject: Teo En Ming's Guide to Configuring rsnapshot Backup for Linux
Servers
rsnapshot backup for Linux servers is based on rsync.
Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)
Country: Singapore
Date: 18 August 2021 Wednesday Singapore Time
Type of Publication: Plain Text
Document version: 20210818.01
DETAILED INSTRUCTIONS
====================
Login to Synology NAS at 192.168.1.5
====================================
Click Control Panel > User > Create
===================================
Name: linuxbackup
Password: password
Click Next
Select Users group.
Click Next
For Secret-Backup shared folder, choose Read/Write.
For Secret-UAT-Backup shared folder, choose Read/Write.
Click Next
Under User quota setting, click Next again.
Under Assign application permissions, click Next again.
Under User Speed Limit Setting, click Next again.
Click Apply.
Click Control Panel > File Services
===================================
Check Enable SMB service
Workgroup: WORKGROUP
Uncheck Disallow access to Previous Versions
Check Enable Transfer Log
Click Advanced Settings.
WINS server: empty
Maximum SMB protocol: SMB3
Minimum SMB protocol: SMB2
Transport encryption mode: Auto
Uncheck all the following items.
Click Control Panel > Security
=============================
Firewall tab: Uncheck Enable firewall
Protection tab: Uncheck Enable DoS protection
Account tab: Uncheck Enable auto block
Things to do on the CentOS 7.9 Linux server
===========================================
# mkdir /mnt/backup
# chmod 777 /mnt/backup
# mount -t cifs -o username=linuxbackup,password=password
//192.168.1.5/Secret-Backup /mnt/backup
mount: mount //192.168.1.5/Secret-Backup on /mnt/backup failed:
Connection refused
# yum install samba-client
# smbclient //192.168.1.5/Secret-Backup --user=linuxbackup
do_connect: Connection to 192.168.1.5 failed (Error
NT_STATUS_CONNECTION_REFUSED)
# smbclient -L 192.168.1.5
do_connect: Connection to 192.168.1.5 failed (Error
NT_STATUS_CONNECTION_REFUSED)
# smbclient \\\\192.168.1.5\\Secret-Backup
do_connect: Connection to 192.168.1.5 failed (Error
NT_STATUS_CONNECTION_REFUSED)
Trying to connect to SMB Server ports on the Synology NAS.
# telnet 192.168.1.5 139
Trying 192.168.1.5...
telnet: connect to address 192.168.1.5: Connection refused
# telnet 192.168.1.5 445
Trying 192.168.1.5...
telnet: connect to address 192.168.1.5: Connection refused
Trying to connect to *another* Synology NAS.
# telnet 192.168.1.4 139
Trying 192.168.1.4...
Connected to 192.168.1.4.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
# telnet 192.168.1.4 445
Trying 192.168.1.4...
Connected to 192.168.1.4.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
Found iptables firewall rules blocking outgoing connection to SMB
Server on the Synology NAS from the Linux server.
# iptables -S
-A LOGDROPIN -p tcp -m tcp --dport 135:139 -j DROP
-A LOGDROPIN -p udp -m udp --dport 135:139 -j DROP
-A LOGDROPIN -p tcp -m tcp --dport 445 -j DROP
-A LOGDROPIN -p udp -m udp --dport 445 -j DROP
# iptables -S | grep 445
-A LOGDROPIN -p tcp -m tcp --dport 445 -j DROP
-A LOGDROPIN -p udp -m udp --dport 445 -j DROP
# iptables -S | grep 139
-A LOGDROPIN -p tcp -m tcp --dport 135:139 -j DROP
-A LOGDROPIN -p udp -m udp --dport 135:139 -j DROP
Add the following lines to /etc/sysconfig/iptables to allow outgoing
connection to SMB Server on the Synology NAS.
# nano /etc/sysconfig/iptables
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p tcp -m tcp --dport 135:139 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p udp -m udp --dport 135:139 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p tcp -m tcp --sport 135:139 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p udp -m udp --sport 135:139 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p tcp -m tcp --dport 445 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p udp -m udp --dport 445 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p tcp -m tcp --sport 445 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p udp -m udp --sport 445 -j ACCEPT
Edit /etc/fstab to allow persistent mounts across reboots.
# nano /etc/fstab
//192.168.1.5:/Secret-Backup /mnt/backup cifs
username=linuxbackup,password=password 0 0
Installing EPEL repository on a CentOS Linux and RHEL 7.x (Mandatory)
====================================================================
# yum -y install epel-release
# yum repolist
Installing rsnapshot
===================
# yum install rsnapshot
# cd /etc
# cp rsnapshot.conf rsnapshot.conf.original
Configuring rsnapshot
=====================
# nano /etc/rsnapshot.conf
#################################################
# rsnapshot.conf - rsnapshot configuration file #
#################################################
# #
# PLEASE BE AWARE OF THE FOLLOWING RULE: #
# #
# This file requires tabs between elements #
# #
#################################################
# Configured by Turritopsis Dohrnii Teo En Ming on 18 Aug 2021
#######################
# CONFIG FILE VERSION #
#######################
config_version 1.2
###########################
# SNAPSHOT ROOT DIRECTORY #
###########################
# All snapshots will be stored under this root directory.
#
snapshot_root /mnt/backup
# If no_create_root is enabled, rsnapshot will not automatically create the
# snapshot_root directory. This is particularly useful if you are backing
# up to removable media, such as a FireWire or USB drive.
#
#no_create_root 1
#################################
# EXTERNAL PROGRAM DEPENDENCIES #
#################################
# LINUX USERS: Be sure to uncomment "cmd_cp". This gives you extra
features.
# EVERYONE ELSE: Leave "cmd_cp" commented out for compatibility.
#
# See the README file or the man page for more details.
#
cmd_cp /usr/bin/cp
# uncomment this to use the rm program instead of the built-in perl routine.
#
cmd_rm /usr/bin/rm
# rsync must be enabled for anything to work. This is the only command that
# must be enabled.
#
cmd_rsync /usr/bin/rsync
# Uncomment this to enable remote ssh backups over rsync.
#
#cmd_ssh /usr/bin/ssh
# Comment this out to disable syslog support.
#
cmd_logger /usr/bin/logger
# Uncomment this to specify the path to "du" for disk usage checks.
# If you have an older version of "du", you may also want to check the
# "du_args" parameter below.
#
cmd_du /usr/bin/du
# Uncomment this to specify the path to rsnapshot-diff.
#
#cmd_rsnapshot_diff /usr/local/bin/rsnapshot-diff
# Specify the path to a script (and any optional arguments) to run right
# before rsnapshot syncs files
#
#cmd_preexec /path/to/preexec/script
# Specify the path to a script (and any optional arguments) to run right
# after rsnapshot syncs files
#
#cmd_postexec /path/to/postexec/script
# Paths to lvcreate, lvremove, mount and umount commands, for use with
# Linux LVMs.
#
#linux_lvm_cmd_lvcreate /usr/sbin/lvcreate
#linux_lvm_cmd_lvremove /usr/sbin/lvremove
#linux_lvm_cmd_mount /usr/bin/mount
#linux_lvm_cmd_umount /usr/bin/umount
#########################################
# BACKUP LEVELS / INTERVALS #
# Must be unique and in ascending order #
# e.g. alpha, beta, gamma, etc. #
#########################################
# hourly backups
#retain alpha 6
# daily backups
retain beta 7
# weekly backups
#retain gamma 4
# monthly backups
#retain delta 3
############################################
# GLOBAL OPTIONS #
# All are optional, with sensible defaults #
############################################
# Verbose level, 1 through 5.
# 1 Quiet Print fatal errors only
# 2 Default Print errors and warnings only
# 3 Verbose Show equivalent shell commands being executed
# 4 Extra Verbose Show extra verbose information
# 5 Debug mode Everything
#
verbose 5
# Same as "verbose" above, but controls the amount of data sent to the
# logfile, if one is being used. The default is 3.
#
loglevel 5
# If you enable this, data will be written to the file you specify. The
# amount of data written is controlled by the "loglevel" parameter.
#
logfile /var/log/rsnapshot
# If enabled, rsnapshot will write a lockfile to prevent two instances
# from running simultaneously (and messing up the snapshot_root).
# If you enable this, make sure the lockfile directory is not world
# writable. Otherwise anyone can prevent the program from running.
#
lockfile /var/run/rsnapshot.pid
# By default, rsnapshot check lockfile, check if PID is running
# and if not, consider lockfile as stale, then start
# Enabling this stop rsnapshot if PID in lockfile is not running
#
#stop_on_stale_lockfile 0
# Default rsync args. All rsync commands have at least these options set.
#
#rsync_short_args -a
rsync_long_args --stats --delete --numeric-ids --relative --delete-excluded
# ssh has no args passed by default, but you can specify some here.
#
#ssh_args -p 22
# Default arguments for the "du" program (for disk space reporting).
# The GNU version of "du" is preferred. See the man page for more
details.
# If your version of "du" doesn't support the -h flag, try -k flag
instead.
#
#du_args -csh
# If this is enabled, rsync won't span filesystem partitions within a
# backup point. This essentially passes the -x option to rsync.
# The default is 0 (off).
#
#one_fs 0
# The include and exclude parameters, if enabled, simply get passed directly
# to rsync. If you have multiple include/exclude patterns, put each one on a
# separate line. Please look up the --include and --exclude options in the
# rsync man page for more details on how to specify file name patterns.
#
#include ???
#include ???
#exclude ???
#exclude ???
# The include_file and exclude_file parameters, if enabled, simply get
# passed directly to rsync. Please look up the --include-from and
# --exclude-from options in the rsync man page for more details.
#
#include_file /path/to/include/file
#exclude_file /path/to/exclude/file
# If your version of rsync supports --link-dest, consider enabling this.
# This is the best way to support special files (FIFOs, etc) cross-platform.
# The default is 0 (off).
#
#link_dest 0
# When sync_first is enabled, it changes the default behaviour of rsnapshot.
# Normally, when rsnapshot is called with its lowest interval
# (i.e.: "rsnapshot alpha"), it will sync files AND rotate the lowest
# intervals. With sync_first enabled, "rsnapshot sync" handles the
file sync,
# and all interval calls simply rotate files. See the man page for more
# details. The default is 0 (off).
#
#sync_first 0
# If enabled, rsnapshot will move the oldest directory for each interval
# to [interval_name].delete, then it will remove the lockfile and delete
# that directory just before it exits. The default is 0 (off).
#
#use_lazy_deletes 0
# Number of rsync re-tries. If you experience any network problems or
# network card issues that tend to cause ssh to fail with errors like
# "Corrupted MAC on input", for example, set this to a non-zero value
# to have the rsync operation re-tried.
#
#rsync_numtries 0
# LVM parameters. Used to backup with creating lvm snapshot before backup
# and removing it after. This should ensure consistency of data in some special
# cases
#
# LVM snapshot(s) size (lvcreate --size option).
#
#linux_lvm_snapshotsize 100M
# Name to be used when creating the LVM logical volume snapshot(s).
#
#linux_lvm_snapshotname rsnapshot
# Path to the LVM Volume Groups.
#
#linux_lvm_vgpath /dev
# Mount point to use to temporarily mount the snapshot(s).
#
#linux_lvm_mountpath /path/to/mount/lvm/snapshot/during/backup
###############################
### BACKUP POINTS / SCRIPTS ###
###############################
# LOCALHOST
backup /backup/ secret.teo-en-ming-corp.com/
backup /bin/ secret.teo-en-ming-corp.com/
backup /boot/ secret.teo-en-ming-corp.com/
backup /data/ secret.teo-en-ming-corp.com/
backup /etc/ secret.teo-en-ming-corp.com/
backup /home/ secret.teo-en-ming-corp.com/
backup /lib/ secret.teo-en-ming-corp.com/
backup /lib64/ secret.teo-en-ming-corp.com/
backup /media/ secret.teo-en-ming-corp.com/
backup /opt/ secret.teo-en-ming-corp.com/
backup /root/ secret.teo-en-ming-corp.com/
backup /sbin/ secret.teo-en-ming-corp.com/
backup /scripts/ secret.teo-en-ming-corp.com/
backup /srv/ secret.teo-en-ming-corp.com/
backup /usr/ secret.teo-en-ming-corp.com/
backup /var/ secret.teo-en-ming-corp.com/
#backup /home/ localhost/
#backup /etc/ localhost/
#backup /usr/local/ localhost/
#backup /var/log/rsnapshot localhost/
#backup /etc/passwd localhost/
#backup /home/foo/My Documents/ localhost/
#backup /foo/bar/ localhost/ one_fs=1,rsync_short_args=-urltvpog
#backup_script /usr/local/bin/backup_pgsql.sh localhost/postgres/
# You must set linux_lvm_* parameters below before using lvm snapshots
#backup lvm://vg0/xen-home/ lvm-vg0/xen-home/
# EXAMPLE.COM
#backup_exec /bin/date "+ backup of example.com started at %c"
#backup root at example.com:/home/ example.com/
+rsync_long_args=--bwlimit=16,exclude=core
#backup root at example.com:/etc/ example.com/ exclude=mtab,exclude=core
#backup_exec ssh root at example.com "mysqldump -A >
/var/db/dump/mysql.sql"
#backup root at example.com:/var/db/dump/ example.com/
#backup_exec /bin/date "+ backup of example.com ended at %c"
# CVS.SOURCEFORGE.NET
#backup_script /usr/local/bin/backup_rsnapshot_cvsroot.sh
rsnapshot.cvs.sourceforge.net/
# RSYNC.SAMBA.ORG
#backup rsync://rsync.samba.org/rsyncftp/ rsync.samba.org/rsyncftp/
Running rsnapshot
================
Below command is equivalent to rsnapshot daily.
# rsnapshot beta
/var/www/
/var/www/cgi-bin/
/var/www/html/
/var/www/html/400.shtml
/var/www/html/401.shtml
/var/www/html/403.shtml
/var/www/html/404.shtml
/var/www/html/413.shtml
/var/www/html/500.shtml
/var/www/html/cp_errordocument.shtml
/var/www/html/index.html
/var/www/html/.well-known/
/var/www/html/.well-known/pki-validation/
/var/www/html/.well-known/pki-validation/test.txt
/var/yp/
sent 2,315,708,777 bytes received 702,694 bytes 6,608,877.24 bytes/sec
total size is 2,312,450,042 speedup is 1.00
rsync error: some files/attrs were not transferred (see previous
errors) (code 23) at main.c(1179) [sender=3.1.2]
WARNING: Some files and/or directories in /var/ only transferred
partially during rsync operation
/usr/bin/logger -p user.err -t rsnapshot[25575] WARNING: Some files and/or \
directories in /var/ only transferred partially during rsync operation
touch /mnt/backup/beta.0/
rm -f /var/run/rsnapshot.pid
/usr/bin/logger -p user.err -t rsnapshot[25575] WARNING: /usr/bin/rsnapshot \
beta: completed, but with some warnings
Sending email notification after backup job has completed
=========================================================
Linux command:
mail -s "Daily Backup for Teo En Ming Corporation Secret Linux Server
Completed. Please check for any backup errors." -r
ceo at teo-en-ming-corp.com ceo at teo-en-ming-corp.com
Installing rsnapreport.pl
==========================
# find / -name rsnapreport.pl
/usr/share/doc/rsnapshot-1.4.3/utils/rsnapreport.pl
# cp /usr/share/doc/rsnapshot-1.4.3/utils/rsnapreport.pl /usr/local/bin/
# chmod +x /usr/local/bin/rsnapreport.pl
# which rsnapreport.pl
/usr/local/bin/rsnapreport.pl
# cat /usr/local/bin/rsnapreport.pl
#!/usr/bin/env perl
# this script prints a pretty report from rsnapshot output
# in the rsnapshot.conf you must set
# verbose >= 4
# and add --stats to rsync_long_args
# then setup crontab 'rsnapshot daily 2>&1 | rsnapreport.pl | mail
-s"SUBJECT" backupadm at adm.com
# don't forget the 2>&1 or your errors will be lost to stderr
Installing crontab (aka scheduled task)
======================================
Runs at 9 PM every night.
# crontab -e
0 21 * * * /usr/bin/rsnapshot beta 2>&1 |
/usr/local/bin/rsnapreport.pl | mail -s "Daily Backup for Teo En Ming
Corporation Secret Linux Server Completed. Please check for any backup
errors." -r ceo at teo-en-ming-corp.com ceo at teo-en-ming-corp.com
# crontab -l
Checking the progress of rsnapshot backup
=========================================
# tail -f /var/log/rsnapshot
Configuring iptables firewall on ANOTHER UAT/Testing Linux Server
================================================================
# iptables-save > /etc/sysconfig/iptables
Add the following lines to /etc/sysconfig/iptables.
# nano /etc/sysconfig/iptables
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p tcp -m tcp --dport 135:139 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p udp -m udp --dport 135:139 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p tcp -m tcp --sport 135:139 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p udp -m udp --sport 135:139 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p tcp -m tcp --dport 445 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p udp -m udp --dport 445 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p tcp -m tcp --sport 445 -j ACCEPT
-A OUTPUT -d 192.168.1.5/32 ! -o lo -p udp -m udp --sport 445 -j ACCEPT
# iptables-restore < /etc/sysconfig/iptables
# yum install iptables-services
# systemctl start iptables
# systemctl enable iptables
# service iptables save
Above command will save iptables firewall rules into /etc/sysconfig/iptables.
Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 18 August
2021, is a TARGETED INDIVIDUAL living in Singapore. He is an IT
Consultant with a
System Integrator (SI)/computer firm in Singapore. He is an IT
enthusiast.
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's
Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts
at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan
(5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----