FeGM IT Wiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen: bash rpi
snippets:rpi:start

Inhaltsverzeichnis

Raspberry Pi

  1. NAS → Management → Application Management → NFS Service → Enable…
  2. NAS → Management → Account Management → Network Shares → New…
    1. All Accounts
    2. Read / Write
    3. Map Archive
    4. NFS
    5. IP of Client / Write
  3. check NFS from Client 
    rpcinfo -p $IP | grep nfs
    1. If this command doesn't show any output than toggle the option from step 1 a few times…
  4. request NFS shares 
    showmount -e $IP
  5. mount with fstab 
    $IPofNAS:/mnt/HD/HD_a2/Test          /backup-nas     nfs     rw,hard,intr,nolock,noatime,noexec,rsize=8192,wsize=8192,timeo=14       0       0

Rsnapshot Backup

  1. add backup user 
    useradd backupuser -c "limited backup user" -m
  2. edit sudo config 
    visudo
    1. add the following lines to the file 
      #backup script
backupuser ALL=NOPASSWD: /usr/bin/rsync
  3. edit sshd config 
    vim /etc/ssh/sshd_config
    1. allow the backupuser access through ssh 
      AllowUsers myuser backupuser
  4. change permissions of sshrc.tmp file 
    chmod a+w /tmp/sshrc.tmp
  5. change user-environment to backupuser 
    su - backupuser
  6. create ssh directory 
    mkdir .ssh
  7. change permissions of ssh directory 
    chmod go-rwx .ssh
  8. authorize ssh-key of backupuser 
    vim .ssh/authorized_keys
    1. add the following line to the file 
      command="/home/backupuser/bin/validate-backup-cmd.sh",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa [my ssh public key] [description]
  9. create directory for scripts 
    mkdir bin
  10. add rsync-wrapper script 
    vim bin/rsync-wrapper.sh
    1. add the following code to the scriptfile 
      #!/bin/sh

date >> /home/backupuser/backuplog
echo $@ >> /home/backupuser/backuplog
/usr/bin/sudo /usr/bin/rsync "$@";
  11. create script to validate ssh command 
    vim bin/validate-backup-cmd.sh
    1. add the following code to the scriptfile 
      #! /bin/bash

#$SSH_ORIGINAL_COMMAND

case "$SSH_ORIGINAL_COMMAND" in
   *\&*|*\|*|*\;*|*\>*|*\<*|*\!*)
      echo "`/bin/date`: REJECTED - $SSH_ORIGINAL_COMMAND" >> $HOME/ssh-command-log
      echo "You've tried to execute an unauthorized command!"
      exit 1
      ;;
   /home/backupuser/bin/rsync-wrapper.sh*)
   #/usr/bin/rsync\ --server\ --sender*)
      echo "`/bin/date`: $SSH_ORIGINAL_COMMAND" >> $HOME/ssh-command-log
      $SSH_ORIGINAL_COMMAND
      ;;
   *)
      echo "`/bin/date`: REJECTED - $SSH_ORIGINAL_COMMAND" >> $HOME/ssh-command-log
      echo "You've tried to execute an unauthorized command!"
      exit 1
      ;;
esac
  12. give user permission to execute the script 
    chmod u+x bin/*.sh
snippets/rpi/start.txt · Zuletzt geändert: von benh