1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
|
Installation of AF's backup system
==================================
Super easy installation for nervous people
------------------------------------------
Run my very cool interactive installation script "Install"
and answer the questions properly. This tool has sufficient
configuration capabilities for the vast majority of all
installation attempts.
Afterwards you may run the following programs to
configure the backup system ($BASEDIR is the
installation directory):
$BASEDIR/server/bin/serverconfig to configure the server side
$BASEDIR/client/bin/clientconfig to configure the client side
If you are running X, you can use instead:
$BASEDIR/server/bin/xserverconfig to configure the server side
$BASEDIR/client/bin/xclientconfig to configure the client side
(For the latter two Tcl/Tk must be installed and some sort of
the "wish" program must be in the command search path)
Detailed installation procedure
-------------------------------
There are three types of hosts that can be configured.
A host may be of only one type or of all three types.
I will call them as follows:
backup server a host with a streamer device connected,
that all backup data is written to
backup client a host that desires to backup it's data
to a server
remote start client a host that can start a backup on another
host issuing a request to that other host,
who in turn is basically a backup client.
This can simplify the administration by
starting the backups on several clients
from one central point.
What you have to do depends on the type of host that you actually
want to configure. For a backup server, install and configure
the server side (see below). For a client, install and configure
the client side (see below). For a remote start client, install
the client side (see below). Special configuration is not required.
For a backup client that offers the possibility to be triggered
remotely (by a remote start client), also the server side and the
remote start server side (see below) must be installed. Further
configuration is not necessary. A host like that technically
requires an installation of all the three basic functionalities
described above.
Client Side
-----------
1) If you want DES encryption (128 Bit key) for authenticating
the client to the server, get Eric Young's DES-library. It
can be obtained from a lot of ftp-sites. If you can't find it,
ask your archie server for libdes. The current version by the
time of this writing is 3.23. Eric Young's email address is
(eay@mincom.oz.au). He holds the copyright on this library,
while it can be used quite freely (see the copyright file of
the distribution).
Default setting is, that this library is expected to be in
a directory named libdes under the same directory, where you
unpacked afbackup. An ls should show at least the two subdirs
afbackup-X.Y and libdes. The DES-library can be compiled quite
easily, a simple make in the directory, where it is unpacked
should suffice in the most cases.
2) Build the distribution, enter (on HP-UX preceded with ksh ):
./configure [ -prefix=/my/desired/install/path ]
As usual, stuff typed in square brackets is optional.
Default installation path is /usr/local. To this path
/backup is always appended and then /client for the client
side. For the pre-2.11.5-defaults type /usr as install
path. For Debian the default changed to /usr/local, but in
these cases, where /usr/local is NOT local and used by several
machines via NFS, i'd recommend to use the old default /usr or
/opt or whatever may be found appropriate and *really* local.
If DES-encryption should be performed, use the following
options as needed:
--with-des [ --with-des-header=<des-header-file> ]
[ --with-des-include=<path-to-des-header> ]
[ --with-des-libdir=<path-to-des-lib> ]
[ --with-des-ldflag=<des-lib-specifier> ]
Defaults:
<des-header-file> des.h
<path-to-des-header> ../libdes
<path-to-des-lib> <path-to-des-header>
<des-lib-specifier> -ldes
Then type:
make client
Warnings can usually be ignored.
You will be asked to enter a key for authentication. This
key is needed, so that no one else can connect to the service
but a real backup client. This is to prevent other people or
programs getting access to the backup media. Note that
the stuff you enter is somewhat converted and used for
processing some bytes sent from the server to the client.
Both sides do some calculation, then the client sends
back the result and the server decides whether the client
may take control. After the successful installation you
should do a "make distclean", so the file with the key is
removed and cannot be used by hackers to rebuild the stuff.
You might have the idea that it's even more secure to
have the sources and programs read protected during
installation so nobody can steal them.
3) Install the files and programs
Just enter:
make install.client
4) Configure the client side
To do this run the program
$BASEDIR/client/bin/clientconfig
where BASEDIR is the install directory chosen with configure.
Everything should be self-explaining (help-command available)
I suggest to backup as first file one containing the name of
the client machine. On Linux the file /etc/HOSTNAME could be
used for this purpose with the most distributions.
5) If you want the logfiles to reside in the /var-directory,
move the $BASEDIR/client/var diretory to a subdiretory of
/var with a name of your choice. I'd suggest
/var/logs/backup/client .
Then generate a symbolic link in $BASEDIR/client with the
name var, that points to the newly created diretory under
/var. E.g. enter:
rmdir $BASEDIR/client/var
mkdir -p /var/logs/backup/client
ln -s $BASEDIR/client/var /var/logs/backup/client
6) If ordinary users should be able to restore files without
administrator help the restore-utility must be installed
executable for all users and setuid root. This can be achieved
entering:
rm -f $BASEDIR/client/bin/restore $BASEDIR/client/bin/backout
cp $BASEDIR/client/bin/full_backup $BASEDIR/client/bin/restore
ln $BASEDIR/client/bin/restore $BASEDIR/client/bin/backout
chmod 4755 $BASEDIR/client/bin/restore
Server Side
-----------
1) To build the distribution enter (on HP-UX preceded with ksh ):
./configure [ -prefix=/my/desired/install/path ]
make server
And see: Client Side (especially, if you want to use DES
encryption for authentication, the same steps must be
performed like explained above). Default installation path
is /usr/local, /backup/server will be appended to the
path. For the pre-2.11.5-defaults type /usr as install path.
For Debian the default changed to /usr/local, but in these
cases, where /usr/local is NOT local and used by several
machines via NFS, i'd recommend to use the old default
/usr or /opt or whatever may be found appropriate and
*really* local.
2) Install the files and programs
Just enter:
make install.server
3) Add a service entry to the system
This entry must be present in /etc/services. You have to
select a port number (i suggest 2988, what is hexadecimal
0xbac (like backup ;-) ). The name of the service could be
simply "afbackup". So you have to add the following line to
/etc/services:
afbackup 2988/tcp
You might first want to check whether there is already an
entry with port number 2988 for the TCP-protocol, but
usually it is not.
4) Add a user to the system, under whose ID the service will run
(this makes sense for a server-only system. In all other
cases this user should be root)
This is usually done adding a line to /etc/passwd (before
the line starting with a +, if present):
backup:x:2988:14:Backup Server:$BASEDIR/bu/server:
In this entry the user's ID is 2988. Make sure that this ID
does not already exist. If it does choose an unused one.
5) Tell the inetd about the new service
The inetd-Superdaemon reads the file /etc/inetd.conf, so
you have to add a line to this file. Assuming the service-
name "afbackup" (made known in the file /etc/services) this
line should be like this:
afbackup stream tcp nowait <username> $BASEDIR/server/bin/server server $BASEDIR/server/lib/backup.conf
<username> is either the user you added to the system in
case of a server-only host, otherwise root (see above).
6) Activate the service
This is done by sending a HANGUP-signal to the inetd.
Find out the process-ID of inetd
(ps -ef | grep inetd | grep -v grep
on many systems,
ps -uxa | grep inetd | grep -v grep
on the others).
Something like this will be output:
root 431 1 0.0 Sep 27 ?? 0:00.35 /usr/sbin/inetd
The second number in the line with inetd at it's end
(and no grep) is the process ID. Then enter:
kill -HUP <process-id>
In the example case:
kill -HUP 431
7) Test the availability of the service
Enter:
telnet localhost afbackup
If you see a greeting message like:
AF's backup server ready.
everything is fine.
If you get an error message like: afbackup: bad port number
something is wrong with the entry in /etc/services.
If you get an error like: ... connection refused
the inetd did not start the service. Then you can have a
look at the syslog file to find out what went wrong. There
are usually error messages from inetd that can be found.
8) Configure the server side
To do this, run the program
$BASEDIR/server/bin/serverconfig
where BASEDIR is the install directory chosen with configure.
Everything should be self-explaining (help-command available)
9) Give the afbackup service exclusive access to your tape
This is simply done with
chown <username> /dev/whatever
chmod 600 /dev/whatever
10) If you want the logfiles to reside in the /var-directory,
move the $BASEDIR/server/var diretory to a subdiretory of
/var with a name of your choice. I'd suggest
/var/logs/backup/server .
Then generate a symbolic link in $BASEDIR/server with the
name var, that points to the newly created diretory under
/var. E.g. enter:
rmdir $BASEDIR/server/var
mkdir -p /var/logs/backup/server
ln -s $BASEDIR/server/var /var/logs/backup/server
Remote Start Server Side
------------------------
1) To build the distribution enter (on HP-UX preceded with ksh ):
./configure [ -prefix /my/desired/install/path ]
make
And see: Client Side. Default installation path is
/usr/local, /backup/server will be appended to the path.
For the pre-2.11.5-defaults type /usr as install path.
For Debian the default changed to /usr/local, but in these
cases, where /usr/local is NOT local and used by several
machines via NFS, i'd recommend to use the old default
/usr or /opt or whatever may be found appropriate and
*really* local.
2) Install the files and programs
Just enter:
make install.rclient install.server
3) Edit the file $BASEDIR/server/lib/backup.conf
Change the entry in the line starting with
"Program-directory", so it reflects your installation
directory. This editing can be done using the program
$BASEDIR/server/bin/serverconfig
|
