BackupPC is a free and open source program that I personally think is at the top of the list in great back up tools. I am not a huge fan of GUI programs and dreaded web interfaces, but BackupPC's interface is fast, straight forward, not bloated, and directly linked to great documentation. BackupPC can also back up nearly any operating system, Windows or *nix, by using a variety of popular, free, tools (rsync, rsyncd, samba, tar).

Installing BackupPC Server on Debian

For Linux, I think Debian (Lenny) is a great operating system that can usually get the job done in a secure and stable manner. You can build your own BackupPC from source on another Linux distro, but sometimes it need a bit of nudging to get going!

Also, note that you will need to use the backports collection of debian packages if you run a Debian distro previous to Lenny (sid, etch) to use the latest and greatest 3.x BackupPC version.

Setting up Backports on Debian Etch

Again, this is only if you are running a version of Debian previous to Lenny.

We just need to add a single line in apt-get's sources.list file to be able to use .deb packages from the backports tree. At the end, we will throw in the backport's key file so apt-get won't complain.

1. # su root
2. # vi /etc/apt/sources.list
3. deb http://www.backports.org/debian etch-backports main contrib non-free
4. deb http://ftp.us.devian.org/debian/ etch main
5. deb-src http://ftp.us.debian.org/debian/ etch main
   
6. deb http://secuity.debian.org/ etch/updates main contrib
7. deb-src http://security.debian.org/ etch/updates main contrib
8. # wget -O - http://backports.org/debian/archive.key | apt-key add -

Installing the BackupPC Server

Use your package manger of choice, but since this is Debian, I will be using apt-get. Omit the apache2 part if you already have apache installed.

1. # apt-get -t etch-backports install
2. apache2 backuppc rsync libfile-rsync-perl libfile-rsyncp-perl par2 bzip2

A menu will pop up offering different Apache versions. If you do not have a previous version of Apache installed, choose apache2. To find out if you have apache installed:

1. # dpkg -l | grep apache

Ignore the next popup and change the htaccess password file that protects the BackupPC Admin interface.

Make sure you use the user "backuppc". My Debian box did not like it if I changed the name!

1. # htpasswd -c /etc/backuppc/htpasswd backuppc
2. New password: {$some_pass}
3. Re-type new password: {$some_pass}
4. Adding password for user backuppc

Go to your browser and go to http://localhost/backuppc and a password dialog should come up. Type in the auth information that you just set up and a BackupPC Server splash screen will come up.

Configuring the BackupPC Server

Email

Debian comes with the Exim MTA, which locks down Exim's email capabilities to the public internet by default. We have to edit one line to fix this:

1. # vi /etc/exim4/update-exim4.conf.conf
2. ......SNIP......
3. dc_eximconfig_configtype='internet'
4. dc_other_hostnames='debian.lylescott.ws'
5. ......SNIP......
6. # /usr/sbin/update-exim4.conf

Backing up a *nix Host Using rsync

Trusted SSH Tunnel Between Client & Host

This will be a back and forth sort of thing, so bare with me. Just double check that you are doing the right set of commands to the right box. Read the sub-headings.

A little heads up on the method I like to use. By default, BackupPC uses a SSH session with root as the login. Since the only thing that client requires escalated privileges for is rsync, we will give the backuppc user escalated rights (root privileges) to rsync.

This slight hack is not required, but if you ever backup files not in ~backuppc, there will be tons of annoying permission denied errors and those directories and files will not get backed up. These are the directories and files that the user backuppc does not have read privileges to.

Server

1. # su backuppc
2. $ ssh-keygen -t dsa
3. $ cd /var/lib/backuppc/.ssh
4. $ cp id_dsa.pub BackupPC_id_dsa.pub
5. $ chmod -R go-rwx ~/.ssh

Client

1. # apt-get install sudo
2. # adduser backuppc
3. # su backuppc
4. $ ssh-keygen -t dsa
5. $ cp id_dsa.pub {$someid}_id_dsa.pub
6. $ scp {$someid}_id_dsa.pub
7. backuppc@{$backuppc_server_ip}:/var/lib/backuppc/.ssh

Server

1. # cd /var/lib/backuppc/.ssh
2. # scp BackupPC_id_rsa.pub backuppc@{$client_ip}:/home/backuppc/.ssh

Client

1. # su backuppc
2. $ cd ~/.ssh
3. $ cat BackupPC_id_rsa.pub >> authorized_keys2
4. $ exit
5. # visudo
6. backuppc ALL=NOPASSWD: /usr/bin/rsync

Test the Tunnel (from the server)

On the server, switch to the backuppc user and you should be able to run commands via ssh on the client as another backuppc user.

1. # su backuppc
2. $ ssh {$client_ip} -l backuppc whoami
3. backuppc

If this method did not work, try deleting ~backuppc/.ssh on server or client and try the respective steps again.

BackupPC Server Config for Host

The worst part is over! We just have to tweak BackupPC's default arguments for using rsync over ssh to login as backuppc instead of root on our clients.

I use this setup on ALL my rsync clients, so I am actually going to change the default arguments in the main config, not the single host config.

You can do this via 2 methods: web GUI or edit the server config file directly:

Web GUI

1. Edit Config
2. Xfer
3. XferMethod: rsync
4. RsyncClientCmd: $sshPath -q -x -l backuppc $host sudo $rsyncPath argList+
5. RsyncClientRestoreCmd: $sshPath -q -x -l backuppc $host sudo $rsyncPath argList+
6. SAVE

BackupPC Server Config File

The following is from a Debian Etch box. Your mileage may vary.

1. # vi /etc/backuppc/config.pl
2. ... snip ... snip ... snip ...
3. $Conf{RsyncClientCmd} = '$sshPath -q -x -l backuppc $host sudo $rsyncPath $argList+';
4. $Conf{RsyncClientRestoreCmd} = '$sshPath -q -x -l backuppc $host sudo $rsyncPath $argList+';
5. ... snip ... snip ... snip ...

Creating the Host Config File on the BackupPC Server

Web GUI

1. Edit Hosts
2. Add
3. host: hostname or IP of client
4. user: backuppc
5. SAVE
6. go to another page.. ex: Status
7. Select host from "Select a host..." drop down box
8. Edit Config
9. Xfer
10. XferMethod: rsync
11. BackupFilesOnly
12. ����¯�¿�½������ ����¯�¿�½������ ����¯�¿�½������  New Key: docs ADD
13. ����¯�¿�½������ ����¯�¿�½������  /etc ADD
14. ����¯�¿�½������ ����¯�¿�½������  /var/log ADD

BackupPC Server Config File

1. # vi /etc/backuppc/hosts
2. client_hostname_or_ip 0 backuppc

If you need to make special config changes to a specific host, follow below. Each client config overrides the default arguments in config.pl.

1. # vi /etc/backuppc/client_hostname_or_ip.pl
2. $Conf{BackupFilesOnly} = [ '/etc', '/var/log' ];
3. $Conf{BackupFilesExclude} = [ '/home/lyle/pr0n' ];

Backing up a Windows Client Using Cygwin rsyncd

Although Samba is a great option for Windows backups, Samba fails to recognize some specific attribute infomation that is valueably when looking for file changes.

Cygwin is an awesome Unix emulator for the Windows operating system. Look here for more information and to download the whole package of Cygwin and all of it's ported applications. For this setup, a bare Cygwin program file is used.

I have put together a batch script along with the Cygwin Rsyncd 2.6.8_0 program files to do all the heavy lifting. Click here to get the zip file of everything!

Extract the previous zip file, go to where the files were extracted, and run install.bat

rsyncd.zip

install.bat

1. copies all rsyncd program files to c:rsyncd
2. install rsyncd as a Windows Service
3. start the rsyncd Windows Service
4. edit rsyncd.secrets
5. set permissions of rsyncd.secrets to read-only
6. edit rsyncd.conf

Feel free to take a peak a the install.bat file to get a feel for what it did. Also, notice the rsyncd.conf file is pretty verbose with its description.

Make sure that you allow PORT 873 if you have a firewall so that the server can connect to the Windows client.

rsyncd.secrets

You will use this user:password combination for clients to authenticate to the rsyncd service. Any user:password combo will do.

When you are done with this file, make sure it is READ-ONLY!

rsyncd.conf

This file allows you to specify your share name, what files are in your shares, and some security features to lock down the rsyncd service. The rsyncd service does not have to be restarted for changes to take place.

Creating the Host Config File on the BackupPC Server

Web GUI

1. Edit Hosts
2. Add
3. host: hostname or IP of client
4. user: backuppc
5. SAVE
6. go to another page.. ex: Status
7. Select host from "Select a host..." drop down box
8. Edit Config
9. Xfer
10. XferMethod: rsyncd
11. RsyncShareName: test_share ADD
12. RsyncdUserName: backuppc
13. RsyncdPasswd: somepass

BackupPC Server Config File

1. # vi /etc/backuppc/hosts
2. ... snip ... snip ... snip ...
3. client_hostname_or_ip 0 backuppc

Doing a Test Full Backup

To test the backup settings, try doing a Full Backup that you can increment off of from now on:

1. Select host from "Select a host..." combo box if are not in a host config
2. Start Full Backup
3. Start Full Backup
4. click the link
5. wait about 5-10 seconds
6. click on the client's Home link and the 2nd bullet should read of success.
   Other wise, to the "LOG files" link to check for an error message