FeGM IT Wiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen:
snippets:rpi:start

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen der Seite angezeigt.

Link zu der Vergleichsansicht

Nächste Überarbeitung		Vorherige Überarbeitung
snippets:rpi:start [2014/03/08 19:03] – angelegt benhsnippets:rpi:start [2014/06/12 13:46] (aktuell) benh
Zeile 13: Zeile 13:
   - mount with fstab <code bash>$IPofNAS:/mnt/HD/HD_a2/Test          /backup-nas     nfs     rw,hard,intr,nolock,noatime,noexec,rsize=8192,wsize=8192,timeo=14             0</code>   - mount with fstab <code bash>$IPofNAS:/mnt/HD/HD_a2/Test          /backup-nas     nfs     rw,hard,intr,nolock,noatime,noexec,rsize=8192,wsize=8192,timeo=14             0</code>
  
 +===== Rsnapshot Backup =====
 +  - add backup user <code bash>useradd backupuser -c "limited backup user" -m</code>
 +  - edit sudo config <code bash>visudo</code>
 +    - add the following lines to the file <code>#backup script
 +backupuser ALL=NOPASSWD: /usr/bin/rsync</code>
 +  - edit sshd config <code bash>vim /etc/ssh/sshd_config</code>
 +    - allow the backupuser access through ssh <code>AllowUsers myuser backupuser</code>
 +  - change permissions of sshrc.tmp file <code bash>chmod a+w /tmp/sshrc.tmp</code>
 +  - change user-environment to backupuser <code bash>su - backupuser</code>
 +  - create ssh directory <code bash>mkdir .ssh</code>
 +  - change permissions of ssh directory <code bash>chmod go-rwx .ssh</code>
 +  - authorize ssh-key of backupuser <code bash>vim .ssh/authorized_keys</code>
 +    - add the following line to the file <code>
 +command="/home/backupuser/bin/validate-backup-cmd.sh",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa [my ssh public key] [description]
 +</code>
 +  - create directory for scripts <code bash>mkdir bin</code>
 +  - add rsync-wrapper script <code bash>vim bin/rsync-wrapper.sh</code>
 +    - add the following code to the scriptfile <code>
 +#!/bin/sh
  
 +date >> /home/backupuser/backuplog
 +echo $@ >> /home/backupuser/backuplog
 +/usr/bin/sudo /usr/bin/rsync "$@";
 +</code>
 +  - create script to validate ssh command <code bash>vim bin/validate-backup-cmd.sh</code>
 +    - add the following code to the scriptfile <code>
 +#! /bin/bash
 +
 +#$SSH_ORIGINAL_COMMAND
 +
 +case "$SSH_ORIGINAL_COMMAND" in
 +   *\&*|*\|*|*\;*|*\>*|*\<*|*\!*)
 +      echo "`/bin/date`: REJECTED - $SSH_ORIGINAL_COMMAND" >> $HOME/ssh-command-log
 +      echo "You've tried to execute an unauthorized command!"
 +      exit 1
 +      ;;
 +   /home/backupuser/bin/rsync-wrapper.sh*)
 +   #/usr/bin/rsync\ --server\ --sender*)
 +      echo "`/bin/date`: $SSH_ORIGINAL_COMMAND" >> $HOME/ssh-command-log
 +      $SSH_ORIGINAL_COMMAND
 +      ;;
 +   *)
 +      echo "`/bin/date`: REJECTED - $SSH_ORIGINAL_COMMAND" >> $HOME/ssh-command-log
 +      echo "You've tried to execute an unauthorized command!"
 +      exit 1
 +      ;;
 +esac
 +</code>
 +  - give user permission to execute the script <code bash>chmod u+x bin/*.sh</code>
snippets/rpi/start.1394301825.txt.gz · Zuletzt geändert: von benh