Backup – Technomage09

I hate the default firewall in CentOS. 😀

Its so unneeded complicated that a simple Access-Rule seems to be as hard as climbing up the mount everest.

So, my problem was i wanted to configure a CentOS-Server for our backup system. Backup client was installed but the CentOS-Firwall was blocking the traffic.

Our backup-system needs several ports (in range) and communication comes from multiple servers.

But i didnt wanted to allow a port range because of security. So open up traffic for our backup-subnet was the way to go.

Here is the command:

firewall-cmd --permanent --zone=public --direct --add-rule ipv4 filter IN_public_allow 0 -s xx.x.xx.x/xx -j ACCEPT

firewall-cmd --reload

Have fun 😀

Lege auf dem Server, auf dem du die Backups des entsprechenden Servers ablegegen willst, den User “backupid” an.
der User muss per public/private Key Authentifizierung auf die zu backupende Server kommen.
unter dem home-Verzeichnis von backupid einen ordner für die script anlegen, zb bin.

eine Datei mit dem Namen backup-dirs.sh erstellen und folgenden Inhalt einfügen:

#!/bin/bash HOSTNAME=$1 CONFIGDIR=`echo $(dirname $0)` BACKUPDIR_LOCAL=/home/backupid/backupdir DATE=`date +%d-%m-%Y`
if [ "$HOSTNAME" == "" ] then echo error: please enter a hostname exit 1 else echo hostname ok > /dev/null fi
PORTACCESSIBLE=`nmap -p 22 $HOSTNAME | grep "22/tcp open ssh" | wc -l`
if [ "$PORTACCESSIBLE" -eq 0 ] then echo "error: ssh port not accessible on $HOSTNAME" exit 1 else echo "ssh port is reachable on $HOSTNAME" > /dev/null fi
if [ -e "$CONFIGDIR"/"$HOSTNAME".cfg ] then echo "config file for $HOSTNAME found" > /dev/null else echo "error: no config file for $HOSTNAME found" exit 1 fi
CONFIGLINES=`cat "$CONFIGDIR"/"$HOSTNAME".cfg | wc -l`
if [ "$CONFIGLINES" -eq 0 ] then echo "error: config file is empty for $HOSTNAME" exit 1 else echo "config file is ok for $HOSTNAME" >/dev/null fi
mkdir -p "$BACKUPDIR_LOCAL"/$HOSTNAME
rm -rf /tmp/"$HOSTNAME"-ssh-script.sh 1>/dev/null 2>&1 rm -rf /tmp/"$HOSTNAME"-filelist 1>/dev/null 2>&1 echo "#!/bin/bash" > /tmp/"$HOSTNAME"-ssh-script.sh touch /tmp/"$HOSTNAME"-filelist
if [ -e /tmp/"$HOSTNAME"-ssh-script.sh ] then echo "temporary ssh backup script for $HOSTNAME successfully created" > /dev/null else echo "error: creation of temporary ssh backup script for $HOSTNAME failed" exit 1 fi
while read line do LINE2=`echo $line | sed 's/\//-/g'` echo "ssh root@"$HOSTNAME" "tar -cz \"$line\"" | dd of="$BACKUPDIR_LOCAL"/"$HOSTNAME"/"$HOSTNAME"-"$DATE""$LINE2".tar.gz" >> /tmp/"$HOSTNAME"-ssh-script.sh echo "$BACKUPDIR_LOCAL"/"$HOSTNAME"/"$HOSTNAME"-"$DATE""$LINE2".tar.gz >> /tmp/"$HOSTNAME"-filelist done < "$CONFIGDIR"/"$HOSTNAME".cfg chmod 750 /tmp/"$HOSTNAME"-ssh-script.sh /tmp/"$HOSTNAME"-ssh-script.sh 1>/dev/null 2>/dev/null
while read line do TARLINECOUNT=0 TARLINECOUNT=`tar -tf $line | wc -l`
if [ "$TARLINECOUNT" -eq 0 ] then echo "error: $line seems to be empty" else echo "$line is ok" > /dev/null LINE_TO_DEL=`echo $line | sed 's/..-..-....-/*/' | sed 's/backupdir/backupdir.backupsrv/'` rm $LINE_TO_DEL cp $line /home/backupid/backupdir.backupsrv/$HOSTNAME fi
done < /tmp/"$HOSTNAME"-filelist
exit 0

danach legt man im gleichen Ordner eine Config Datei an, welche entweder der Hostname oder die Ip-Addresse des zu backupenden Hosts als Namen besitzt.

z.b 192.168.1.10.cfg

dort schreibt man die zu sichernden Verzeichnisse hinein.

zb.
/home /etc /var /root

wenn man das Script automatisch einmal pro Tag ausführen will ruft man es unter dem User backupid folgendermaßen auf:

crontab -e
0 5 * * * /home/backupid/bin/backup-dirs.sh

Technomage09

Technology and Geek

Tag: Backup

CentOS 7 – Firewalld allow all traffic from a Server

Remote Backup eines Linux-Servers mit SSH