+ Post New Thread
Results 1 to 14 of 14
*nix Thread, Linux Back up and security procedures in Technical; So i been landed a job interview as a junior IT assistant, Part of the interview they want to ask ...
  1. #1

    Join Date
    Dec 2011
    Location
    Manchester
    Posts
    20
    Thank Post
    8
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Linux Back up and security procedures

    So i been landed a job interview as a junior IT assistant,

    Part of the interview they want to ask me about linux lamp server back up routine and security procedures, I've been googling about and research on this and also got Ubuntu server installed on VMware, i just wanted to know what you guys think

    Thanks

  2. #2

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,800
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    Personally I just have a cron job which tar's the /var/www folder to /backup/www which contains all our web files. I also tar all of the /etc directory to /backup/etc/ and then I use backupPC to swoop past to collect those files. I also Dump all the mysql db's to /backup/mysql

    With linux as its all run by configs I just back these up rather then a full host backup.

  3. Thanks to glennda from:

    satz (12th December 2011)

  4. #3


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,630
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    rdiff-backup, with automysqlbackup calling the sql backup just before the full backup.

    security? only install what you need, use something like ossec for log,file and directory watching (and tune it so you pay attention), keep the thing patched and don't assume the default configs for daemons are sensible for production. Use puppet or something similar for config management, so it's not all over the place, set ssh to require keys + password for access and have firewall rules for who can access management ports.
    Last edited by pete; 12th December 2011 at 10:59 AM.

  5. Thanks to pete from:

    satz (12th December 2011)

  6. #4


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by glennda View Post
    Personally I just have a cron job which tar's the /var/www folder to /backup/www which contains all our web files. I also tar all of the /etc directory to /backup/etc/ and then I use backupPC to swoop past to collect those files. I also Dump all the mysql db's to /backup/mysql

    With linux as its all run by configs I just back these up rather then a full host backup.

    As above. I use rsync to backup to /backup/www - this can be an iscsi or NAS.
    Also backup /etc and /usr/local as these have configs and locally installed apps.
    there are a few mysqlbackup scripts lurking on the internet,

  7. Thanks to CyberNerd from:

    satz (12th December 2011)

  8. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by pete View Post
    security? only install what you need, use something like ossec for log,file and directory watching (and tune it so you pay attention), keep the thing patched and don't assume the default configs for daemons are sensible for production.
    Also keep SELinux on.

  9. Thanks to CyberNerd from:

    satz (12th December 2011)

  10. #6

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,622
    Thank Post
    1,240
    Thanked 777 Times in 674 Posts
    Rep Power
    235
    Quote Originally Posted by satz View Post
    Part of the interview they want to ask me about linux lamp server back up routine and security procedures, I've been googling about and research on this and also got Ubuntu server installed on VMware
    Hopefully, any production server these days will be running as a virtual machine (and if it isn't, you should maybe point out in the interview that it should be), so you can use your virtualisation system's snapshot procedure to take a backup of the virtual machine image in question. Failing that, I've never had a problem moving Debian installs from machine to machine by simply tar-ing up the original file system and then untar-ing it again on the target.

    For user files, a script on the backup server that first duplicates the previous day's backup folder by replicating the folder structure and filling it with hard links to files followed by running rsync should give you a back of the live file system with un-changed files simply being hard links, saving a wodge of disk space - don't forget to have something periodically delete old backup folders.

  11. Thanks to dhicks from:

    satz (12th December 2011)

  12. #7

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    if it is a internet facing server, perhaps something like moving SSH etc to an arbitary port if there is a need to have it open, and using something like fail2ban also?

  13. Thanks to RabbieBurns from:

    satz (12th December 2011)

  14. #8

    Join Date
    Dec 2011
    Location
    Manchester
    Posts
    20
    Thank Post
    8
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Wow thanks for you feed back guys, i got a fair bit to think about and proccess , also @dhicks thats a good point ill make a note of that.

  15. #9
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,421
    Thank Post
    508
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    if it's Linux security your after learning, look at the NSA guide to locking down Red Hat servers - works for any Red Hat based system (Fedora, CentOS), learn it form back to front and you'll have an absolutely secure Linux system that's really hard to break into, it's based on a server that is internet facing.

    We HAVE to use the NSA setup guide to adhere to certain regulations.

    Here's the link

    http://www.nsa.gov/ia/_files/os/redh...guide-i731.pdf

    As for backing up, we have 2 CentOS servers! The main web server gets backed up every night at midnight, and the other one has just a Samba share sitting on it which we backup the entire Web Server to using a script on the Samba Share Server - the script uses RSync to pull everything off of the web server and put everything it pulls into it's Samba Share - we use the Samba Primarily because it's easily accessible to Windows and this is also where our Exchange and DC's backup to but not using RSync.

  16. Thanks to cpjitservices from:

    satz (12th December 2011)

  17. #10

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    I pick and choose from simple snapshots, backintime (I maintain the package of it), duplicity and bacula - in increasing order of complexity. Backintime automates dhicks' hard links trick.
    Last edited by powdarrmonkey; 13th December 2011 at 08:50 AM.

  18. #11

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,403
    Thank Post
    637
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319
    I use a similar method myself.

    The script uses Rsync to copy changed web files only + some config files, and mysqldump to backup the MySQL databases. All copied over the network using Samba to a NAS box which is part of a D2D2T system running BackupExec.

  19. #12


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Should also mention that LVM snapshots are a powerful way of instantly snapshotting a volume to be backed up.

  20. #13
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,421
    Thank Post
    508
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    snapshots are handy until your server or VM Host goes down, using Rsync to back everything and I do mean everything up you can't go wrong especially if you are backing up to a completely different system. With Rsync also you can view/edit/restore individual files and it's not uncommon for people to restore and "old" or "outdated" snapshot.

  21. #14

    Join Date
    Jan 2009
    Location
    upstate New York
    Posts
    23
    Thank Post
    0
    Thanked 12 Times in 7 Posts
    Rep Power
    14
    Backup:
    Hmm, depends on standards and the pocket depth. My day job has corporate standards, so NOT using Symantec NetBackup will get people in trouble. So the first question for the interviewer is "Do you have any standard for backup software ? Legato ? TSM ? NetBackup ?"

    In my pro bono work -- smalll non-profits, etc, for linux installations with more than 1 server, I recommend AMANDA overall. It takes some setup -- but that's why there are administrators. And iits flexible, resilient, and it just works. You can set it up to use common tape devices, including hand-me-downs. Or your can use SATA docks and dump to disks. Combine with LUKS volumes, and you have encrypted backups as well.

    As for MySQL -- one way is to read-lock the database for consistency and LVM snapshot the volume that the data files reside on. Release the read lock and the database can go back to happily accepting transactions while AMANDA backs up the snapshot volume. In earlier versions of MySQL (5.0 and earlier) this was the only way to get an "almost online" backups in a 24x7 environment.


    Security procedures ? That can fill a book by itself. And does. The major point about security is this: If it's highly convenient, it's probably insecure.

    Lock out root ssh logins ? But it's way more convenient to log in as root directly -- why do I have to use sudo ?
    The DBA team needs root access. And then know what they're doing. I'll just give them the password to save time.
    Enforcing password changes every 90 days ? What a pain.
    If I put in password complexity requirements, everyone will be so annoyed at me.\
    Creating a cron.allow ? Are you kidding ? Then every time someone wants to run a cron job, I have to add them to the file.

    Understanding and reluctantly embracing the security mindset is much more important than memorizing every rule. If you embrace security, you can google to build an effective security baselin, and you may even enforce it.

    Good luck.

SHARE:
+ Post New Thread

Similar Threads

  1. [SIMS] How long do you keep Sims back up and how do you do it?
    By anne1 in forum MIS Systems
    Replies: 17
    Last Post: 28th January 2011, 10:18 AM
  2. Replies: 1
    Last Post: 11th July 2008, 07:19 AM
  3. back up and restore mysql data (joomla-ravenswood)
    By Uraken in forum Web Development
    Replies: 4
    Last Post: 28th November 2007, 10:35 PM
  4. Replies: 11
    Last Post: 26th May 2006, 10:01 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •