====== Raspberry Pi ====== ===== NFS (Dlink DNS-320) ===== - NAS -> Management -> Application Management -> NFS Service -> Enable... - NAS -> Management -> Account Management -> Network Shares -> New... - All Accounts - Read / Write - Map Archive - NFS - IP of Client / Write - check NFS from Client rpcinfo -p $IP | grep nfs - If this command doesn't show any output than toggle the option from step 1 a few times... - request NFS shares showmount -e $IP - mount with fstab

$IPofNAS:/mnt/HD/HD_a2/Test          /backup-nas     nfs     rw,hard,intr,nolock,noatime,noexec,rsize=8192,wsize=8192,timeo=14       0       0

===== Rsnapshot Backup ===== - add backup user useradd backupuser -c "limited backup user" -m - edit sudo config visudo - add the following lines to the file

#backup script
backupuser ALL=NOPASSWD: /usr/bin/rsync

- edit sshd config vim /etc/ssh/sshd_config - allow the backupuser access through ssh AllowUsers myuser backupuser - change permissions of sshrc.tmp file chmod a+w /tmp/sshrc.tmp - change user-environment to backupuser su - backupuser - create ssh directory mkdir .ssh - change permissions of ssh directory chmod go-rwx .ssh - authorize ssh-key of backupuser vim .ssh/authorized_keys - add the following line to the file


command="/home/backupuser/bin/validate-backup-cmd.sh",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa [my ssh public key] [description]

- create directory for scripts mkdir bin - add rsync-wrapper script vim bin/rsync-wrapper.sh - add the following code to the scriptfile


#!/bin/sh

date >> /home/backupuser/backuplog
echo $@ >> /home/backupuser/backuplog
/usr/bin/sudo /usr/bin/rsync "$@";

- create script to validate ssh command vim bin/validate-backup-cmd.sh - add the following code to the scriptfile


#! /bin/bash

#$SSH_ORIGINAL_COMMAND

case "$SSH_ORIGINAL_COMMAND" in
   *\&*|*\|*|*\;*|*\>*|*\<*|*\!*)
      echo "`/bin/date`: REJECTED - $SSH_ORIGINAL_COMMAND" >> $HOME/ssh-command-log
      echo "You've tried to execute an unauthorized command!"
      exit 1
      ;;
   /home/backupuser/bin/rsync-wrapper.sh*)
   #/usr/bin/rsync\ --server\ --sender*)
      echo "`/bin/date`: $SSH_ORIGINAL_COMMAND" >> $HOME/ssh-command-log
      $SSH_ORIGINAL_COMMAND
      ;;
   *)
      echo "`/bin/date`: REJECTED - $SSH_ORIGINAL_COMMAND" >> $HOME/ssh-command-log
      echo "You've tried to execute an unauthorized command!"
      exit 1
      ;;
esac

- give user permission to execute the script chmod u+x bin/*.sh