Monday, 30 March 2020

BackupPC 4.3.2 for Linux and WIndows 10

Introduction

These instructions are provided for the installation and configuration of BackupPC 4.3.2 on a Linux server, and the configuration for remote backup of Windows clients.

Note that later version (4.3.2) configuration method is different to previous version 3

Installation

Create Some Storage Areas
mkdir /disk/backup/backuppc
mkdir /disk/media/www/cgi-bin
mkdir /disk/media/www/html
mkdir /disk/media/www/log
mkdir /disk/media/www/etc
Configure Apache2 to Support BackupPC

Install Apache2
Add a new virtual host .conf file in /etc/apache2/sites-enabled
<VirtualHost *:80>
DocumentRoot /disk/media/www/html
ErrorLog /disk/media/www/log/error.log
CustomLog /disk/media/www/log/access.log combined
ScriptAlias /cgi-bin/ /disk/media/www/cgi-bin/
<Directory "/disk/media/www/cgi-bin" >
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
<Location "/cgi-bin">
AuthType Basic
AuthName "Backup PC"
AuthUserFile /disk/media/www/etc/htpasswd
Require valid-user
</Location>
</VirtualHost>

Create User

Create a user and group called 'backuppc'
useradd backuppc
htpasswd -c /disk/media/www/etc/htpasswd backuppc
Installing and Configuring BackupPC on Server

Download latest backuppc from https://github.com/backuppc
Also, download and build rsync-bpc

Install BackupPC::XS libraries from github, or with cpan:
sudo cpan install BackupPC::XS
Unpack and install the backuppc application:
sudo ./configure.pl
Install Directory: /usr/local/BackupPC
Data Directory: /disk/backup/backuppc
CGI Directory: /disk/media/www/cgi-bin
Apache Image Directory: /disk/media/www/html/BackupPC

Windows 10 Backup Configuration

On a Windows Client

Note that you don't have to create any special backuppc user on the Windows machine

Install cygwin-rsyncd on Windows PC
Control Panel Firewall, and allow c:\rsyncd\bin\rsyncd.exe access
Set Username / Password and Share in c:\rsyncd\rsyncd.conf and rsyncd.secrets

rsyncd.conf

[UserName-Share]
  path = /cygdrive/c/Users/USERNAME
  auth users = USERNAME
  hosts allow = IP-ADDRESS-OF-BACKUP-SERVER
  read only = false

rsyncd.secrets

USERNAME:PASSWORD <carriage-return>

On Backup Server

Set client to have static IP

XferMethod = rsyncd
RsyncShareName = UserName-Share  <must match section in rsyncd.conf>
RsyncUserName = USERNAME
RsyncPasswd = PASSWORD

BackupFilesExclude =

/AppData

/Cookies

/NTUSER.*

/Temp 

Linux Backup Configuration

On a Remote Linux Machine

Configure ssh such that root logins are accepted from the backuppc user on the backup server
backuppc@backupserver$ sshkeygen -t rsa
backuppc@backupserver$ cat id_rsa.pub | ssh -l root client "cat >> ~/.ssh/authorized_keys"
root@client's password: ******
backuppc@backupserver$ ssh -l root client
root@client#

Configure server to use rsync
Specify location of client's rsync as /usr/bin/rsync
And the location of ther server's rsyng to /usr/local/bin/rsync_rpc
No username or password is required, because this is done over ssh
Add the name of the path to backup, e.g. /home
Add Excludes for /home, for example:
*.ts
*~
tmp/*

Common Errors

ssh: connect to host xxx port 22: Connection timed out (connecting to Linux PC)
Ensure that it is possible to remote log in to the remote host using ssh.
1. Log into the backup server as the 'backuppc' user.
2. Attempt to remote log in to the remote server as root with: 
ping remotepc
ssh -l root remotepc
If the ping fails, add the remotepc into the /etc/hosts file, or try using 'remotepc.local' instead.
If the remote login hangs, or reports that the server could not be accessed on port 22, ensure that the firewall for the remote server is allowing connections, by logging into the server and issuing the following command:
sudo ufw allow 22
If the remote login indicates that the remote PC identity has changed, follow the instructions to remove the record from the local known_hosts file.
If the remote login demands a password, enter it, and when logged in, copy the backup pc public key for the 'backuppc' user and append it to the end of the ~/.ssh/authorized_users file, ensuring that there are no line breaks in the file.
This can be achieved from the backup pc (logged in as 'backuppc') with the following command:
cat ~/.ssh/id_rsa.pub | ssh -l root remotepc "cat >> ~/.ssh/authorized_users"

AH01215: (13)Permission denied: exec of BackupPC_Admin failed

Ensure the file is in the same group as the www server
chgrp htdocs /disk/meida/www/cgi-bin/BackupPC_Admin

Empty Admin Web Page, or Error: Unable to read config.pl or language strings!!
If you've not been prompted for a username / password, check the AuthUserFile configuration.

Then, check the user and permissions of the files in /etc/BackupPC, and the permissions of the executable program in /disk/media/www/cgi-bin.

It is possible that your configuration is not allowing setuid on perl scripts. If so, re-name the BackupPC_Admin file to BackupPC_Admin.pl, and then build this program:
#include <unistd.h>#define REAL_PATH "/disk/media/www/cgi-bin/BackupPC_Admin.pl"int main(ac, av)char **av;{   execv(REAL_PATH, av);   return 0;}

Then set the programme's permissions:
chown backuppc:httpservergroup BackupPC_Adminchmod ug+s BackupPC_Admin


Unable to Add or Manage Hosts / Only Privileged Users ...


Edit /etc/BackupPC/config.pl, and set the users to include backuppc
$Conf{CgiAdminUserGroup} = 'httpservergroup';$Conf{CgiAdminUsers}     = 'backuppc';

xfer start failed: $Conf{RsyncBackupPCPath} is set to , which isn't a valid executable

Set global rsync application in Server/Edit Config to /usr/bin/rsync (or appropriate path)

ssh port 22 connection denied (windows PC)

Ensure rsyncd is selected as the protocol and not rsync

rsync_bpc: failed to connect to windows10machine (192.168.1.10): Connection timed out (110)
or 4 Bytes Copied

Check the service is running on the Windows machine, and check the firewall is not blocking it (look for port 873 being open).  

Task Manager Services should show RsyncServer running.

Port 873 should be open and listening.
netstat -aofn | findstr :873
  TCP    0.0.0.0:873            0.0.0.0:0              LISTENING       4200
  TCP    [::]:873               [::]:0                 LISTENING       4200

The firewall should not be blocking the port.

nmap 192.168.1.10
Starting Nmap 7.01 ( https://nmap.org ) at 2020-03-30 15:06 BST
Nmap scan report for zenbook-martine (192.168.1.10)
Host is up (0.0022s latency).
Not shown: 995 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
873/tcp open rsync
5357/tcp open wsdapi
MAC Address: AA:BB:CC:DD:EE:FF (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 23.31 seconds
If you don't see 873/tcp, you will need to make sure rsync is running, and also ensure the firewall port is open:

Windows Defender Firewall / Advanced / Inbound Rules / New Rule / Port 873/tcp, Open for Domain and Private Netoworks.

@ERROR: Unknown module 'xxxx'
Ensure that the share name in the rsyncd.conf matches the in the backup pc configuration, e.g. [cDrive] in rsyncd.conf should be configured in the RsyncShareName.

@ERROR: auth failed on module 'xxxx'
Ensure that the rsyncd.conf 'auth users' includes the user in the rsyncd.secrets file, and this user (and password) are correctly configured in the backuppc RsyncdUserName and RsyncdPassword.
Re-start the RsyncServer server on the Windows PC (Found in Task Manager, Services)

 

No comments:

Post a Comment