557 lines
11 KiB
HTML
557 lines
11 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Backing up and restoring over the network</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
|
|
REL="HOME"
|
|
TITLE="Securing and Optimizing Linux"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Why's and When's of Backup and Restore"
|
|
HREF="whywhen.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Restoring files with dump"
|
|
HREF="chap29sec310.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Appendixes"
|
|
HREF="Appendix.html"></HEAD
|
|
><BODY
|
|
CLASS="section"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Securing and Optimizing Linux: RedHat Edition -A Hands on Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="chap29sec310.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 33. Why's and When's of Backup and Restore</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="Appendix.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="AEN24060"
|
|
>33.8. Backing up and restoring over the network</A
|
|
></H1
|
|
><P
|
|
> Backups allow you to restore the availability and integrity of information resources following security breaches and accidents. Without a backup, you may be unable to restore a computer's data after system failures and security
|
|
breaches. It is important to develop a plan that is broad enough to cover all the servers you plan to deploy. We must determine what categories of files will be backed up. For example, you may choose to back up only user data
|
|
files <SPAN
|
|
CLASS="abbrev"
|
|
>i.e.</SPAN
|
|
> <TT
|
|
CLASS="filename"
|
|
>/home</TT
|
|
> because damaged system files should be reloaded from the original distribution media.
|
|
</P
|
|
><P
|
|
> There are common technological approaches to file backups. For network servers, an authoritative version of the informational content of the server is created and maintained on a secure machine that is backed up. If the server
|
|
is compromised and its content damaged, it can be reloaded from the secure system maintaining the authoritative version. This approach is typically used for public servers, such as Web servers, because the content changes at
|
|
more predictable intervals.
|
|
</P
|
|
><P
|
|
> It is important to ensure that backups are performed in a secure manner and that the contents of the backups remain secure. We recommend that the plan specify that:
|
|
<P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
> The source data is encrypted before being transmitted to the storage medium.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> The data remains encrypted on the backup storage media.
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> The storage media are kept in a physically secure facility that is protected from man-made and natural disasters.
|
|
</P
|
|
></LI
|
|
></UL
|
|
>
|
|
</P
|
|
><P
|
|
> You should make sure that transfer of your backup happens in a secure manner over the network. In the previous sections, we have shown you how to make a backup onto both a tape and files from the same system where you execute
|
|
the backup procedure, with utilities like <B
|
|
CLASS="command"
|
|
>tar</B
|
|
> and <B
|
|
CLASS="command"
|
|
>dump</B
|
|
>. These programs <B
|
|
CLASS="command"
|
|
>tar</B
|
|
> and <B
|
|
CLASS="command"
|
|
>dump</B
|
|
> are capable of making backups over the network as well. To be able
|
|
to backup over the network you must ensure that the packages named rmt and rsh are installed on your system. The rmt utility provides remote access to tape devices for programs like <B
|
|
CLASS="command"
|
|
>dump</B
|
|
>, and <B
|
|
CLASS="command"
|
|
>tar</B
|
|
>.
|
|
To complement this, the rsh package contains a set of programs which allow users to run commands on remote machines, login to other machines and copy files between machines, <EM
|
|
>rsh, rlogin and rcp are this set of programs</EM
|
|
>.
|
|
</P
|
|
><P
|
|
> Since rsh can be easily hacked, and rmt depends on rsh to be able to work, we have chosen to not install them in our setup installation, see <A
|
|
HREF="installlin.html"
|
|
>Installation of your Linux Server</A
|
|
> for more information, due to security reasons.
|
|
Therefore, we must find another way to make backups over the network in a secure manner. SSH technology is the solution for our problem <A
|
|
HREF="soft-netsecured.html"
|
|
>Software -Securities</A
|
|
>, because it also has the ability to copy data across
|
|
the network with its <B
|
|
CLASS="command"
|
|
>scp</B
|
|
> command, through encryption. The following is a method that permits us to use the potential of SSH software to transfer our backups made with <B
|
|
CLASS="command"
|
|
>tar</B
|
|
> or dump in a secure manner via the
|
|
<B
|
|
CLASS="command"
|
|
>scp</B
|
|
> SSH utility.
|
|
</P
|
|
><DIV
|
|
CLASS="section"
|
|
><H2
|
|
CLASS="section"
|
|
><A
|
|
NAME="AEN24088"
|
|
>33.8.1. Using the scp SSH command</A
|
|
></H2
|
|
><P
|
|
> The <B
|
|
CLASS="command"
|
|
>scp</B
|
|
> command copies files between hosts on a network. It uses SSH for data transfer, and uses the same authentication, and provides the same security, as SSH. Unlike the rcp utility that comes with the package rsh, scp will ask
|
|
for passwords or passphrases. In our example below, we transfer a backup file made with the <B
|
|
CLASS="command"
|
|
>tar</B
|
|
> archive program. The procedure to transfer a backup file or tape made with dump program is the same.
|
|
|
|
To use scp to copy a backup tape or file to a remote secure system, use the command:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="screen"
|
|
> [admin@deep /]# scp <localdir/to/filelocation> <user@host:/dir/for/file>
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
|
|
Where <localdir/to/filelocation> is the directory where your backup file resides on your local server,
|
|
and <user@host:/dir/for/file> represents, in this order:
|
|
<P
|
|
></P
|
|
><OL
|
|
TYPE="I"
|
|
><LI
|
|
><P
|
|
> The username, <TT
|
|
CLASS="literal"
|
|
>user</TT
|
|
> of the person on the remote site that will hold the backup file,
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> The hostname, <TT
|
|
CLASS="literal"
|
|
>host</TT
|
|
> of the remote host where you want to send the backup file,
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> The remote directory of this host where you want to place the transferred backup file.
|
|
</P
|
|
></LI
|
|
></OL
|
|
>
|
|
</P
|
|
><DIV
|
|
CLASS="example"
|
|
><A
|
|
NAME="AEN24103"
|
|
></A
|
|
><P
|
|
><B
|
|
>Example 33-2. scp SSH command</B
|
|
></P
|
|
><P
|
|
> A real example will look like this:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="screen"
|
|
> [admin@deep /]# <B
|
|
CLASS="command"
|
|
>scp</B
|
|
> -Cp /backups/deep-01Feb.<B
|
|
CLASS="command"
|
|
>tar</B
|
|
> admin@backupserver:/archive/deep/deep-01Feb.<B
|
|
CLASS="command"
|
|
>tar</B
|
|
>
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="literallayout"
|
|
><TT
|
|
CLASS="computeroutput"
|
|
> admin@backupserver's password:
|
|
deep-01Feb.tgz | 10479 KB | 154.1 kB/s | ETA: 00:00:00 | 100%
|
|
</TT
|
|
></PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="important"
|
|
><BLOCKQUOTE
|
|
CLASS="important"
|
|
><P
|
|
><B
|
|
><SPAN
|
|
CLASS="inlinemediaobject"
|
|
><IMG
|
|
SRC="./images/Important.gif"
|
|
ALT="Important"
|
|
></IMG
|
|
></SPAN
|
|
>: </B
|
|
>
|
|
The <TT
|
|
CLASS="literal"
|
|
>C</TT
|
|
> option enables compression for fast data transfer over the encrypted session, the <TT
|
|
CLASS="literal"
|
|
>p</TT
|
|
> option indicates that the modification and access
|
|
times as well as modes of the source file should be preserved on the copy. This is usually desirable. It is important to note that the <TT
|
|
CLASS="filename"
|
|
>dir/for/file</TT
|
|
> directory
|
|
on the remote host, <TT
|
|
CLASS="filename"
|
|
>/archive/deep</TT
|
|
> in our example, must be owned by the <TT
|
|
CLASS="literal"
|
|
>username</TT
|
|
> you specify in your scp command <TT
|
|
CLASS="literal"
|
|
>admin</TT
|
|
> is
|
|
this username in our example, or you may receive error message like: <TT
|
|
CLASS="computeroutput"
|
|
>scp: /archive/deep/deep-01Feb.<B
|
|
CLASS="command"
|
|
>tar</B
|
|
>: Permission denied.</TT
|
|
>
|
|
</P
|
|
></BLOCKQUOTE
|
|
></DIV
|
|
><P
|
|
> To use scp to copy a remote tape or file to the local system, use the command:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="screen"
|
|
> [admin@deep /]# scp <user@host:/dir/for/file> <localdir/to/filelocation>
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
|
|
Where <user@host:/dir/for/file> represents, in this order;
|
|
<P
|
|
></P
|
|
><OL
|
|
TYPE="I"
|
|
><LI
|
|
><P
|
|
> The username <TT
|
|
CLASS="literal"
|
|
>user</TT
|
|
> of the person on the remote site that holds the backup file,
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> The hostname <TT
|
|
CLASS="literal"
|
|
>host</TT
|
|
> of the remote host where you want to get the backup file,
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> The remote directory of this host where the backup file is kept,
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> <localdir/to/filelocation> is the local directory on your system where your want to place the backup file that you get from the remote host.
|
|
</P
|
|
></LI
|
|
></OL
|
|
>
|
|
</P
|
|
><DIV
|
|
CLASS="example"
|
|
><A
|
|
NAME="AEN24141"
|
|
></A
|
|
><P
|
|
><B
|
|
>Example 33-3. scp SSH command</B
|
|
></P
|
|
><P
|
|
> A real example would look like this:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="screen"
|
|
> [admin@deep /]# <B
|
|
CLASS="command"
|
|
>scp</B
|
|
> -Cp admin@backupserver:/archive/deep/deep-01Feb.tar /backups
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="literallayout"
|
|
><TT
|
|
CLASS="computeroutput"
|
|
> admin@backupserver's password:
|
|
deep-01Feb.tgz | 10479 KB | 154.1 kB/s | ETA: 00:00:00 | 100%
|
|
</TT
|
|
></PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="important"
|
|
><BLOCKQUOTE
|
|
CLASS="important"
|
|
><P
|
|
><B
|
|
><SPAN
|
|
CLASS="inlinemediaobject"
|
|
><IMG
|
|
SRC="./images/Important.gif"
|
|
ALT="Important"
|
|
></IMG
|
|
></SPAN
|
|
>: </B
|
|
>
|
|
It is important to note that the <TT
|
|
CLASS="filename"
|
|
>localdir/to/filelocation</TT
|
|
> directory on the local host, <TT
|
|
CLASS="filename"
|
|
>/backups</TT
|
|
> in our example, must be owned
|
|
by the <TT
|
|
CLASS="literal"
|
|
>username</TT
|
|
> you specify in your scp command, <TT
|
|
CLASS="literal"
|
|
>admin</TT
|
|
> is this username in our example or you may receive an error message like: <TT
|
|
CLASS="computeroutput"
|
|
>/backups/deep-01Feb.tar: Permission denied.</TT
|
|
>
|
|
</P
|
|
></BLOCKQUOTE
|
|
></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H3
|
|
CLASS="section"
|
|
><A
|
|
NAME="prt7chscatd"
|
|
>33.8.1.1. Alternatives to <B
|
|
CLASS="command"
|
|
>tar</B
|
|
> and dump backups</A
|
|
></H3
|
|
><P
|
|
></P
|
|
><TABLE
|
|
BORDER="0"
|
|
><TBODY
|
|
><TR
|
|
><TD
|
|
> AMANDA Homepage: <A
|
|
HREF="appendixa.html#prtinxfp26"
|
|
>http://www.cs.umd.edu/projects/amanda/</A
|
|
>
|
|
</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
> BRU Homepage: <A
|
|
HREF="appendixa.html#prtinxfp26"
|
|
>http://www.bru.com/</A
|
|
>
|
|
</TD
|
|
></TR
|
|
></TBODY
|
|
></TABLE
|
|
><P
|
|
></P
|
|
></DIV
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="chap29sec310.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="Appendix.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Restoring files with dump</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="whywhen.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Appendixes</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |