Monday, 30 March 2020

BackupPC 4.3.2 for Linux and WIndows 10

Introduction

These instructions are provided for the installation and configuration of BackupPC 4.3.2 on a Linux server, and the configuration for remote backup of Windows clients.

Note that later version (4.3.2) configuration method is different to previous version 3

Installation

Create Some Storage Areas
mkdir /disk/backup/backuppc
mkdir /disk/media/www/cgi-bin
mkdir /disk/media/www/html
mkdir /disk/media/www/log
mkdir /disk/media/www/etc
Configure Apache2 to Support BackupPC

Install Apache2
Add a new virtual host .conf file in /etc/apache2/sites-enabled
<VirtualHost *:80>
DocumentRoot /disk/media/www/html
ErrorLog /disk/media/www/log/error.log
CustomLog /disk/media/www/log/access.log combined
ScriptAlias /cgi-bin/ /disk/media/www/cgi-bin/
<Directory "/disk/media/www/cgi-bin" >
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
<Location "/cgi-bin">
AuthType Basic
AuthName "Backup PC"
AuthUserFile /disk/media/www/etc/htpasswd
Require valid-user
</Location>
</VirtualHost>

Create User

Create a user and group called 'backuppc'
useradd backuppc
htpasswd -c /disk/media/www/etc/htpasswd backuppc
Installing and Configuring BackupPC on Server

Download latest backuppc from https://github.com/backuppc
Also, download and build rsync-bpc

Install BackupPC::XS libraries from github, or with cpan:
sudo cpan install BackupPC::XS
Unpack and install the backuppc application:
sudo ./configure.pl
Install Directory: /usr/local/BackupPC
Data Directory: /disk/backup/backuppc
CGI Directory: /disk/media/www/cgi-bin
Apache Image Directory: /disk/media/www/html/BackupPC

Windows 10 Backup Configuration

On a Windows Client

Note that you don't have to create any special backuppc user on the Windows machine

Install cygwin-rsyncd on Windows PC
Control Panel Firewall, and allow c:\rsyncd\bin\rsyncd.exe access
Set Username / Password and Share in c:\rsyncd\rsyncd.conf and rsyncd.secrets

On Backup Server

Set client to have static IP
Configure server to use rsyncd
Specify location of rsync client as /usr/local/bin/rsync_bpc
Add Username / Password details
Add Share Name as per Windows client (no leading slash, just the name)
Add same Username / Password as was set up on the Windows client

Add Excludes for Share Name, for example:
/AppData
/NTUSER.*
/MicrosoftEdgeBackups
/$RECYCLE.Bin
/OneDrive
/Temp
/Downloads

Linux Backup Configuration

On a Remote Linux Machine

Configure ssh such that root logins are accepted from the backuppc user on the backup server
backuppc@backupserver$ sshkeygen -t rsa
backuppc@backupserver$ cat id_rsa.pub | ssh -l root client "cat >> ~/.ssh/authorized_keys"
root@client's password: ******
backuppc@backupserver$ ssh -l root client
root@client#

Configure server to use rsync
Specify location of client's rsync as /usr/bin/rsync
And the location of ther server's rsyng to /usr/local/bin/rsync_rpc
No username or password is required, because this is done over ssh
Add the name of the path to backup, e.g. /home
Add Excludes for /home, for example:
*.ts
*~
tmp/*

Common Errors

AH01215: (13)Permission denied: exec of BackupPC_Admin failed

Ensure the file is in the same group as the www server
chgrp htdocs /disk/meida/www/cgi-bin/BackupPC_Admin

Empty Admin Web Page, or Error: Unable to read config.pl or language strings!!
If you've not been prompted for a username / password, check the AuthUserFile configuration.

Then, check the user and permissions of the files in /etc/BackupPC, and the permissions of the executable program in /disk/media/www/cgi-bin.

It is possible that your configuration is not allowing setuid on perl scripts. If so, re-name the BackupPC_Admin file to BackupPC_Admin.pl, and then build this program:
#include <unistd.h>#define REAL_PATH "/disk/media/www/cgi-bin/BackupPC_Admin.pl"int main(ac, av)char **av;{   execv(REAL_PATH, av);   return 0;}


Then set the programme's permissions:

chown backuppc:httpservergroup BackupPC_Adminchmod ug+s BackupPC_Admin


Unable to Add or Manage Hosts / Only Privileged Users ...


Edit /etc/BackupPC/config.pl, and set the users to include backuppc
$Conf{CgiAdminUserGroup} = 'httpservergroup';$Conf{CgiAdminUsers}     = 'backuppc';

xfer start failed: $Conf{RsyncBackupPCPath} is set to , which isn't a valid executable

Set global rsync application in Server/Edit Config to /usr/bin/rsync (or appropriate path)

rsync_bpc: failed to connect to windows10machine (192.168.1.10): Connection timed out (110)
or 4 Bytes Copied

Check the service is running on the Windows machine, and check the firewall is not blocking it (look for port 873 being open)
nmap 192.168.1.10
Starting Nmap 7.01 ( https://nmap.org ) at 2020-03-30 15:06 BST
Nmap scan report for zenbook-martine (192.168.1.10)
Host is up (0.0022s latency).
Not shown: 995 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
873/tcp open rsync
5357/tcp open wsdapi
MAC Address: AA:BB:CC:DD:EE:FF (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 23.31 seconds
If you don't see 873/tcp, you will need to make sure rsync is running, and also ensure the firewall port is open:
Windows Defender Firewall / Advanced / Inbound Rules / New Rule / Port 873/tcp, Open for Domain and Private Netoworks.

No comments:

Post a Comment