Browse Source

Add 'infrastructure/'

Dashamir Hoxha 4 years ago
1 changed files with 77 additions and 0 deletions
  1. +77

+ 77
- 0
infrastructure/ View File

@@ -0,0 +1,77 @@
# Server Backup

There are many ways to make a server backup, but we will use `rsync` (remote sync), `bindfs`, and `rssh` (restricted shell).

## Create a backup user with restricted shell access

1. Install rssh:

apt list rssh
apt show rssh
apt install rssh

2. Create a user for backups that uses the restricted shell:

useradd apps_backup -m -s /usr/bin/rssh
ls -al /home/apps_backup/
grep apps_backup /etc/passwd

3. Edit `/etc/rssh.conf` to allow `rsync` and use a chroot jail for restricting access:

chrootpath = /home/apps_backup

4. Test that the shell of the user `apps_backup` is restricted:

su apps_backup

## Create a read-only view of the parts of the filesystem that need to be backed up

1. Install `bindfs`:

apt list bindfs
apt show bindfs
apt install bindfs

2. Create mount directories:

mkdir -p /home/apps_backup/opt-scripts
mkdir -p /home/apps_backup/var-ds

3. Add these lines to `/etc/fstab` for mounting directories read-only:

/opt/docker-scripts /home/apps_backup/opt-scripts fuse.bindfs perms=0000:u=rD,force-user=apps_backup,force-group=nogroup 0 0
/var/ds /home/apps_backup/var-ds fuse.bindfs perms=0000:u=rD,force-user=apps_backup,force-group=nogroup 0 0

4. Mount them:

mount -a
ls -al /home/apps_backup/opt-scripts
ls -al /home/apps_backup/var-ds

5. Test that they are read-only:

sudo -u apps_backup ls -al /home/apps_backup/var-ds
sudo -u apps_backup touch /home/apps_backup/var-ds/test1.txt

# References