Backing up servers and clients is an essential task that should be carried out on a regular basis as it helps prevent the loss of data. The backup tasks can be performed in two different ways, using automated software or by running the software manually. It is essential, however, to make sure that the backups are working properly and running on a regular basis.
A Backup Server with FreeBSD for Mixed Networks in SOHO Environment
Backing up servers and clients is an essential task that should be carried out on a regular basis as it helps prevent the loss of data. The backup tasks can be performed in two different ways, using automated software or by running the software manually. It is essential, however, to make sure that the backups are working properly and running on a regular basis.
The server backups may include data from external users. For a company such as a web hosting service, it is essential to have a copy of the sites and databases of the customers as they are completely reliant on the web host to keep their sensitive information safe.Backups are fundamentally necessary for disaster recovery. In the case of a server failure, a backup makes it possible to retrieve data from the server offsite.
Having backups always available makes it easier to migrate data if you intend to move the data from an old server to a new one that is in the DMZ itself, or at another location. From the examples above, it is easy to understand how important it is to make backups of servers and clients. You could even say that this is a fundamental task for business (Figure 1). FreeBSD once again demonstrates its flexibility. As you will see later in the article, it will be possible to create a dedicated server that will allow you to create backups of Windows machines via the CIFS protocol, Unix machines via SSHFS, and either OS using an FTP server with curlftpfs. It is also possible to make backup copies of databases, using scripts integrated into the task (in particular, you will see an example using mysqldump). Everything will be handled in an automated manner using cron jobs managed by the software rsnapshot, the heart of the backup system.
To create a good backup strategy, one needs to do an analysis of the resources that store the data to be protected. In a SOHO network, this can be a LAN and a DMZ that exports outside services, such as a web server. Imagining that your clients will use Windows or Mac OSX as well as Linux and FreeBSD, CIFS is a good way to share data in a simple manner within the network itself. If you have servers located in the DMZ such as SSH, FTP and SQL, you can mount these resources as local folders within the backup server and then manage the backup pool with the appropriate cron job.
Backup Server Packages Installation
It was decided to use the 8.3 version of FreeBSD, due to some unresolved bugs on the port of curlftpfs. In addition, for easy restoration of the data, the daemon Vsftpd has to be activated on an ftp server. Of course, this is only one of the possible solutions. To manage the backup of a mixed network, one needs to install a set of packages on our server. In order to have the latest version of vsftpd, it needs to be installed via ports. Once you have installed all the packages, you’re going to do all the individual configurations. In particular, it will be necessary to set the rc.conf file as follows, in relation to the networks of Figure 1 and Listing 3. Once the server has restarted, you will see the new active modules in the kernel as shown in Figure 2. One of the active modules will be “fuse.ko”, which has a particular function in that it allows non-privileged users of a system to create their own file system without the need to write code in the kernel level. This is particularly useful for writing a virtual file system, which does not actually store the data on its own, but mediates between the user and the underlying real filesystem. FUSE is the module that allows you to use SSHFS filesystem with CIFS and curlftpfs (Figure 3).
SSH login without a password for SSHFS on FreeBSD
In order to create tasks for automatic backup via SSH, it is necessary to establish a certain level of trust between the computers. To do this, one can resort to the use of pairs of keys. First create a key pair on the local machine for user root. We call the machine LOCAL_MACHINE and your username will be root. Now you need to copy the public key on the remote machine (remote_machine) with ‘root’.
From now on, the user root@remote_machine will trust user root@LOCAL_MACHINE and it will allow access without asking for a password. If that fails, you will have to edit / etc/ssh/sshd_config on the remote machine, add the following lines, and restart ssh. We have already installed packages and enabled FUSE for system start up via rc.conf. After the reboot, if one can ssh to the remote_machine, one can at least mount their own home directory via SSH.
FreeBSD mounting remote CIFS resources
We have just loaded the fuse module and installed the smbclient package which provides the utility mount_smbfs that will mount a share from a remote server using SMB/ CIFS protocol. You can easily mount a NAS share using the following syntax Where: • NETBIOSNAME: connection to the FQDN or IP of the remote workstation or server • USERNAME: the login user name. • NETBIOSNAME – : NETBIOS Server Name. • /data – : CIFS share name.• /mnt/net/NETBIOSNAME – : local mount point directory.
In this way, however, it will be prompted for the password at each login. To avoid the password prompt, we need to create a ~/.nsmbrc file as follows: # emacs ~/.nsmbrc Enter the username and password as follows. Mount the remote CIFS folder as follows. With the -N option, one forces the system to read the ~/.nsmbrc file for additional configuration parameters and a password.
How to use FTP filesystem on FreeBSD with CurlFtpFS
It often happens that some web hosting companies do not offer shell access (SSH or Telnet) to your shared hosting account for security reasons. This makes it more difficult to do regular maintenance of the file system on your web server. Despite that the use of a normal ftp client is sufficient for the majority of cases, some people still prefer to manipulate files directly using standard Unix. This is possible thanks to curlftpfs which allows you to mount a remote FTP as a standard file system on the Unix operating system, and this allows one to do backup tasks. If curlftpfs is installed, you only need to do these steps to locally mount a remote folder. user:pass – is the username and password to log into the ftp account. After that, you can change your working directory to the mount-point and use the regular Unix utilities to work on the files that are normally accessible with the FTP protocol. To unmount it, one can use the command.
A FreeBSD local FTP Server to restore backup data
Two words on FTP: File Transfer Protocol (FTP) is a TCP protocol for exchanging files between computers. It does not use encryption for user credentials and, unless merged into an SSL connection, the data is transmitted in the clear and can be easily intercepted. FTP works on a client/server model and the server component is called an FTP daemon. It is always listening for FTP requests from remote clients. If you have a request, it handles the authentication, keeps the connection alive for the duration of the session, and executes the commands sent by the FTP client. Access to an FTP server can be managed either in an anonymous or an authenticated mode. In the Anonymous mode, remote clients can access the FTP server using the default user account called “anonymous” or “ftp” and by sending an e-mail address as the password. In the authenticated mode, a user must have an account and a password. User access to the FTP server directories and files depends on the permissions defined for the account used to login. As a general rule, the FTP daemon will hide the root directory of the FTP server and change the FTP home directory. This hides the rest of the file system from the remote sessions.
vsftpd – FTP Server Configuration
Setting up an FTP server is beyond the scope of this article;however you should choose to create a basic service that enables access protected by username and password in the local networks. So, as configured, vsftpd accepts connections from both the LAN and DMZ. It also allows access to users listed in the file vsftpd.user_list and access to data to those contained in the file vsftpd.chroot_list.
The file /usr/local/etc/vsftpd.ftpusers is empty by default. Access to the FTP server is read-only, because
it is not good to be able to accidentally erase our backup file!
Rsnapshot with FreeBSD to manage backup data pools
For anyone who has never heard of rsnapshot, it is a program that allows you to create “snapshots” of the filesystem. You can take incremental snapshots of local and remote file systems for any number of machines. Snapshots of local file systems are handled with rsync, a milestone in Unix backup tools. Secure remote connections are treated with rsync over ssh while anonymous rsync connections simply use an rsync server. Both remote and local transfers depend on rsync. Rsnapshot saves much more disk space than you might imagine. The amount of space required is about the size of a full backup, plus one copy of each additional file that is changed. Rsnapshot makes extensive use of hard links, so if the file does not change, the next snapshot is simply a hard link to the exact same file. The architecture of the server backup made allows you to “see” the remote folders as local, and for rsnapshot and rsync, it is easy to manage pool copies of this kind. Starting from a root directory, rsnapshot allows you to create a number of subfolders by date. Each of these sub-folders, organized by host, will contain the data for incremental backups, as shown in Figure 5. The configuration file presented performs one cron job daily and one monthly, so you have a valid backup set. It is crucial to remember that the configuration file only allows tabs as a separator character. Within the configuration, the time intervals for performing backups are set using the parameter “interval”. They do nothing but run the cron job like the one below. Within the configuration, you can run custom scripts. (An example would be to mount remote file systems, another would be to make backups of a MySQL server.) The important thing is, that these files are on the inside of the paths in the PATH variable of the system (eg. /usr/local/bin).
To verify that the setup is correct, you can run rsnapshot with the “configtest” options, and if all is well, it should say– Syntax OK.
With this configuration, you backup local folders:
/usr/home/ localhost/
/etc/ localhost/
/usr/local/etc/ localhost/
/mnt/net/XPSP2/ XPSP2/
/mnt/net/XPWebSERVER/ XPWebSERVER/
/mnt/net/ftp XPWebSERVER/ftp/
/mnt/net/fw/etc/ fw/etc/
/mnt/net/fw/home/ fw/home/
Seven times a week and once a month (Figure 7 and Figure 8).
To automate all, you can create a small script “mount_all” of which this is a simple example.
For completeness, here is a simple backup script to a MySQL server accessible from the LAN.
A little foresight
To simplify the work, it can be useful to map the names of the servers and clients in the hosts file of the backup server. This is so that in case of a malfunction of the DNS server, everything will still work.
How to restore backup data?
All that you need is an FTP client (FileZilla, FTP CLI, Explorer, Firefox, etc.)! As shown in Figure 10, simply connect to the local FTP server and check the date of the file or folder you want to restore.
A simple copy/paste et voila (Figure 11). 🙂 With this article, we wanted to create an efficient and robust backup server designed for SOHO. Enterprise solutions in need of more advanced features can use FreeNAS, which is also based on BSD.
About the Author:
Antonio Francesco Gentile lives in Italy, Calabria. He is a software and network engineer. He works with National Center of Research (ICAR) area networking in Cosenza as network manager, with the “Culture Lab” http://culture.deis.unical.it Department of Telematics at University of Calabria, and with the computer science associations “Hacklab Cosenza” http://hacklab.cosenzainrete.it/ and “Verde Binario” http://www.verdebinario.org/ and is a freelance columnist for Italian magazines “Linux&C” http://www.oltrelinux. com/ and “Linux Magazine” http://www.linux-magazine.it/.
This article was re-published with the permission of BSD Magazine. To Learn More about iXsystem’s commitment to open source check us out here: https://www.ixsystems.com/about-ix/
