BoxBackup installation and configuration on CentOS

2008-09-6 – 11:19 am

Boxbackup is a very interesting solution to automated backups.  For the most part it is all completely self contained relying only on OpenSSL.

Some things that set it apart:

  • Authentication via certificates
  • Userland RAID
  • Encrypted Data Store and Transfer
  • Automatic transfer
  • See here for more

There are quite a few steps to getting it set up, but nothing too complicated.

ON THE SERVER

Compile and install the program (You can try to find an rpm instead)

  1. wget http://boxbackup.org/svn/box/packages/boxbackup-0.11rc2.tgz
  2. tar xzvf boxbackup-0.11rc2.tgz
  3. cd boxbackup-0.11rc2
  4. ./configure –prefix=/usr
  5. make build-backup-server
  6. make install-backup-server
  7. cp contrib/redhat/bbstored /etc/rc.d/init.d/

Configuration (Replace /path/to/datastore and server.example.com with your own settings)

  1. useradd _bbstored -d /path/to/datastore -s /sbin/nologin
  2. mkdir /etc/box
  3. raidfile-config /etc/box 4096 /path/to/datastore
  4. bbstored-config /etc/box server.example.com _bbstored
  5. chown -R _bbstored /etc/box/bbstored
  6. chmod -R go-rwx /etc/box/bbstored

Generate and Sign Certificates (replace server.example.com)

  1. bbstored-certs /etc/box/certs init
  2. bbstored-certs /etc/box/certs sign-server /etc/box/bbstored/server.example.com

Create a user (I use the UID of the user for the boxbackup UID, in this case 501, but it can be an arbitrary number) (5G 6G is quota and max respectively)

  1. bbstoreaccounts create 501 0 5G 6G

Start service

  1. chkconfig –add bstored
  2. chkconfig bbstored on
  3. service bbstored restart

ON THE CLIENT

Installation is similar to above, all of my clients are Arch Linux though, so I’m not going to do a step by step for this.  However, I will show you the basics once it is installed, it’s really easy.  It will create a key (in my case 501-FileEncKeys.raw) it is important to backup this key.  Burn it to a CD, put it on Floppy (if you even have one), transfer it to another server, etc.  Just don’t put it on the boxbackup server or else if the box is comprimised you risk the chance of the attacker being able to decrypt your data store.

Configuration (replace 501 with the UID you used above)

  1. mkdir /etc/box
  2. bbackupd-config  /etc/box lazy 501 server.example.com /var/bbackupd /path/on/client/you/want/to/back/up
  3. scp /etc/box/bbackupd/501-csr.pem root@server.example.com:/etc/box/certs/clients/
    • This is copying the file to server.example.com, and may not work in your environment.  The key is to transfer /etc/box/bbackupd/501-csr.pem from the client to /etc/box/certs/clients/ on the server

BACK ON THE SERVER

Sign the client Certificate

  1. bbstored-certs /etc/box/certs sign /etc/box/certs/clients/501-csr.pem
  2. scp /etc/box/certs/clients/501-cert.pem root@client.example.com:/etc/box/bbackupd/
  3. scp /etc/box/certs/roots/serverCA.pem root@client.example.com:/etc/box/bbackupd/
    • as above the last two are copying the signed certs back to the client, use whatever transfer method works best for your environment

BACK ON THE CLIENT

Now you just need to start the bbclient service and your off and running.

That’s it!  Like I said really simple steps but quite a few of them.

Post a Comment

Tips For Tux is proudly powered by WordPress Entries (RSS) and Comments (RSS). Theme by Bob. Login