This will show you how to do incremental backups using rsync. This was done on Ubuntu 11.10 Oneiric Server Edition. Each time a backup is run the oldest backup is removed and all the unchanged files from the newest backup will be hard linked into the next backup. Hard links allow the data of a file to exists in multiple locations on the file system. A hard link is only an additional name for data that already exists on a partition, the operating system makes no distinction between the original file and the hard link created from the file. If the original file is deleted as long as there is at least one hard link the data will remain on the partition.

The script below will create 7 backups, each time a backup is run the oldest backup will be deleted.

The first line will delete the oldest backup. The next 7 lines will increment each backup number so that “backup.6″ will become “backup.7″. Options “–archive –hard-links –acls –xattrs” preserve file permissions, modification times, file links and some other things. If you don’t want to backup file permissions or don’t use acls you can remove some of these settings. Options “–progress –super” shows a progress bar when coping files and tells rsync to run as root which is needed to preserve file owners. Option “–delete” deletes extraneous files from the backup, by default if a file is deleted from the source location rsync will keep the file in the backup including this option will remove any files from the backup that no longer exists on the source location. This option will not delete any files from previous backups.

Option “–link-dest=/backups/backup.1″ is the folder that rsync will use for hard links. Any files found in this folder that have not changed will be hard linked into the next backup then any changed or new files will be copied. Option “/source” is the directory that rsync will backup. Option “/backups/backup.0″ is the directory to place the newest backup any changes to this location will need to be reflected in the previous 8 lines.

To run the backup every day create a file in “/etc/cron.daily”.

After adding the lines above to the file and saving give the file executable permissions.

This will show you how to install a iSCSI target and initiator on Ubuntu 10.04 Lucid Server Edition.

First install the iSCSI target on the server that will be sharing the disk.

Edit “/etc/default/iscsitarget” and change the line below to enable the iSCSI target.

If you want to create a disk image file instead of sharing an entire disk partition use fallocate to create the image file. Change 1024m to the size in MiB you want the disk image to allocate.

Edit the iSCSI target configuration file “/etc/ietd.conf”. Newer version of Ubuntu will use “/etc/iet/ietd.conf”. Change the target name, IncomingUser username/password and the lun path and alias. The OutgoingUser can also have a username/password if you want the extra security.

Edit the iSCSI target permissions file “/etc/initiators.allow”. Newer version of Ubuntu will use “/etc/iet/initiators.allow”. Comment out “ALL ALL” and add the Target name used above and the IP address of the initiator.

Start the iSCSI target.

On the iSCSI initiator install open-iscsi.

Edit the iSCSI initiator configuration file “/etc/iscsi/iscsid.conf”. Comment out “node.startup = manual” and uncomment ‘node.startup = automatic”. This will automaticaly connect the iSCSI disk on startup.

Restart the iSCSI initiator. Then do a sendtargets discovery on the target a list of available iSCSI disk should be shown. Change the IP address to your iSCSI target.

Set the authorization method, username and password using the commands below. Change the IP address to your iSCSI target and username/password.

Login the the iSCSI target using the command below. Change the IP address to your iSCSI target.

Use lshw to find the iSCSI disk.

This will show you how to setup backups to Amazon S3 (other storage services can be used instead) with Duplicity on Ubuntu 10.04 Lucid Server Edition. Trickle will be used to throttle the speed of the backups.

First install “python-software-properties” which is needed for “apt-add-repository”. Desktop edition will already have the “apt-add-repository” installed. Then add the Duplicity repository, the Ubuntu repository has an old version. Then update apt and install duplicity and trickle. Package “python-boto” is needed for duplicity to connect to an Amazon S3 storage if your using a different storage service you shouldn’t need the package. Package “trickle” is used to throttle the speed of the backup and isn’t needed if you don’t want to throttle the backup.

Create a script in the home directory that will be used to run the backup. The first two lines are your Amazon access credentials which can be found in you account info. The first part of the next line “trickle -s -u 500 -d 1000″ is used for throttle the speed of the backup. Option “-s” uses trickle in standalone mode by default it looks for trickled which can be used to control multiple trickle processes. Option “-u 500 -d 1000″ sets the upload speed to 500 kbytes/s and download to 1000 kbytes/s duplicity will only need to download the signatures file if the local copy was deleted from “~/.cache” when running backups. Leave the first part out if you don’t want to throttle the speed. Option “–verbosity 5″ outputs status messages as the backup copy’s files by default no output is displayed until the backup completes. Option “–s3-unencrypted-connection” uses a plain text http connection which will be faster to the Amazon storage server the backup data will already be encrypted before it is sent to the server. The Amazon access credentials will be sent in plain text so if your on an insecure network don’t use this option. Option “–gpg-options “–s2k-cipher-algo=AES256″” uses AES-256 for the encryption by default CAST5 is used which has a smaller key size. Option “–exclude “/media/storage/temp/”" is used to exclude directory’s from the backup. The next option is the source directory “/media/storage/”. The last part “s3+http://BUCKET_NAME/PREFIX” is the location of your Amazon S3 bucket, if your buckets name is “backupdata” the url will be “s3+http://backupdata/backup01″ the program will add Amazons S3 domain. The prefix is optional and is the folder the backups will be saved in. Other backup locations can be used which are listed in the manual just run “man duplicity”. The first backup will be a full backup all backups after that are incremental backups adding “full” after “duplicity” will specify to run a new full backup.

To run the backup just run “sudo sh .backup” and it will ask you to enter an encryption password. The encryption password will need to be entered every time the backup is run and will be needed to restore the data.

If you want to close the ssh session while running the backup you can use screen to run it in the background. Run “screen” to start a new screen then start the backup and press Ctrl+A then press D. To restore the screen type “screen -r ” then press Tab and it should auto-complete if not run “screen -ls” to get a list of sreens.

To check the encryption to ensure AES-256 is used do a test run with duplicity to local storage. Then run the second command below (any of gpg backup files can be used) which should return “cipher 9″, “s2k 3″ and “hash 2″. Cipher is set with “–s2k-cipher-algo=AES256″, s2k is set with “–s2k-mode=3″ which should be the default and hash is set with “–s2k-digest-algo=SHA1″ which should also be the defualt. The numbers for the settings come from “gpg -v –version”.

This will show you how to install Cacti on Ubuntu 10.04 Lucid Server Edition. Apache and MySQL are needed for Cacti.

Install Cacti and snmpd. If your not going to monitor the server Cacti is on snmpd isn’t needed. It will ask what kind of webserver to use select “Apache2″. There may be a warning about libphp-adodb include path.

Edit snmpd.conf and find/edit the lines below. Change “secret” to your community name which is very weak password for the snmp server. Change “10.0.0.0/24″ to your subnet, 24 represents a 255.255.255.0 subnet mask. Then restart snmpd. For instructions on setting up snmpd on other machines read the bottom of the post. If your installing smnpd Ubuntu 10.10 or newer read bottom of post for setting up snmp v3.

Go to http://server/cacti select “New Install” click next and all the paths should be found like it appears below.

Login with default username:admin password:admin. Click “Devices” on right and select “localhost” and set “Choose an action” to “Delete” and click “go”. Select “Delete all associated graphs and data sources.” and click “yes”. The default isn’t configured for snmp so it won’t be needed.

On the “devices” page click “Add” at top right. Enter a description for device, set the hostname to “127.0.0.1″, set “Host Templete” to “ucd/net SNMP Host” and set SNMP Version to “Version 1″. Then set “SNMP Community” to the community name you used in the snmpd.conf.

Click “create” the page will reload and you should see the SNMP information at the top like it is below if it says “SNMP ERROR” there was an error connecting to the server.

Click “New Graphs” at the top right there should be network interfaces listed if not click “run this data query in debug mode” which will refresh the list and they should show up. Select the graphs you want created and click “create”.

Click “Graph Trees” on the right and click “Default Tree”. Click “Add” on the right. Set “Tree Item Type” to “Host” and set “Host” to “(127.0.0.1)” then click “create”. Set the name of the tree and click “save”.

Click “graphs” at the top and the graphs should be listed for the device. It takes 5 minutes for the graphs to appear after they were created.

To configure another computer running Ubuntu 10.04 with SNMP V1 install snmpd. Open the snmpd.conf file and find/edit the lines below. Change “secret” to your community name which is very weak password for the snmp server. Change “10.0.0.0/24″ to your subnet, 24 represents a 255.255.255.0 subnet mask. Then restart snmpd. Use the steps above to add the computer just change the hostname to the correct IP address.

To configure a computer running Ubuntu 10.10 with SNMP V3 install snmpd. Open the snmpd.conf file and find/edit the line below. Then run the next command to create a readonly snmp user. Then restart snmpd.

To add a SNMP V3 computer add a device and select “Version 3″ enter the password used above in all three of the password forms.

This will show you how to install an SVN server on Ubuntu 10.04 Lucid Server Edition using Subversion with SVN protocol and user authentication.

Install subversion.

Create a root directory for the repository’s.

Edit the rc.local file and add the line below so that the SVN server will start on boot. The line must be placed before “exit 0″. This will share all the repository in the directory.

To create a repository make a new directory and run the svnadmin command to create a repository inside the directory. This will create the necessary config files and sub-directories.

Edit the repository config file. If you want the repository to require authentication to have read access uncomment and change the first line below. If you want to use the repository’s passwd file for authentication uncomment the second line below.

Edit the repository’s passwd file and add users.

If you didn’t restart after editing the rc.local file start the SVN server.

Test the repository using the command below.

This will show you how to install NILFS on Ubuntu 10.10 Maverick. NILFS is a log-structured file system, it is similar to Microsoft’s Shadow Copy. As files are changed, deleted and created NILFS creates checkpoints. Each checkpoint is the state of the partition at that point in time, the checkpoints can be mounted allowing any file to be restored to the way it was at the time of the checkpoint. Checkpoints are only stored for about one or two days depending on disk space and usage (The newer version of NILFS in Ubuntu 11.04 will not remove checkpoints until disk space usage is 80%-90%). To prevent a checkpoint from being removed they can be changed into snapshots or new snapshots can be created. The snapshots will not be removed until they are changed back to checkpoints. There is no limit on the number of snapshots until the volume gets full.

Install the nilfs2-tools

Using the command below to determine which hard drive will be used for NILFS.

Formate the hard drive using the command below replace “/dev/sd$” with the “logical name” of the hard drive you want formatted from the lshw output. This will delete all partitions and all data on the hard drive.

Create a directory to mount the volume. Run the last command to mount the NILFS volume.

At the time this was written NILFS will cause the boot process to hang when attempting to mount the volume with an fstab entry if this happens press “s” to skip the mount. To fix this add the line below to the rc.local file which is run during boot. Replace “/dev/sd$” with the logical name of the NILFS hard drive.

To list available checkpoints and snapshots run the command below. Its best to filter the output to a specific date as there will often be 100+ available checkpoints if the volume is used frequently.

Checkpoints will be automatically removed to make room for new ones to prevent a checkpoint from being removed change the checkpoint to a snapshot using the command below. Replace “6″ with a ID from the lscp output which are in the first column. The snapshot will not be removed until it is turned back into a checkpoint using the next command.

New snapshots can also be created using the command below. The created snapshot will also not be removed until it is changed back to a checkpoint.

To mount a checkpoint or snapshot first create a directory to mount the volume using the first command. Checkpoints will need to be changed to a snapshot before mounting using the second command. Mount the snapshot using the third command replace 7 with the snapshot ID and change the directories to reflect your system configuration. Restore any files from the volume than unmount the volume using the forth command. If the snapshot will no longer be needed change it to a checkpoint so that it will be automatically removed using the fifth command.

This will show you how to install vsftpd FTP server on Ubuntu 10.04 Lucid Server Edition.

Install vsftpd using the command below.

Open the vsftpd config file uncomment the first two lines listed then add the other two to the end of the file. The first line allows FTP clients to write files to the server, the second line chroots the FTP clients to their home directory’s preventing them from browsing other files on the system. The last two lines tell the FTP server to only allow the users listed in the user list file which will be created later. SSL won’t be enabled so connections should only be made within the FTP servers LAN.

Create the user list file and add the usernames you want to allow access to the FTP server.

By default the FTP server will only allow users who have shell access meaning they are able to log into the server. For this server we will be creating users who only have access to FTP they will not have shell access so in order for them to access the FTP server the vsftpd pam service must be configured to allow any user to access the FTP server who is listed in the user list file. Edit the config file and comment the line shown below.

Create the home directory’s for the FTP users. Then add the FTP user and chown the home directory’s for each of the users. Setting the shell to /bin/false prevents the user from  logging into the server they will only have FTP access. If your using a login for the FTP server that you also use to login to the server do not change your shell to /bin/false.

Edit the fstab and add mounts for the folders you want the FTP users to have access to. All of the directory’s you mount must have the needed file permissions for the FTP clients to access the files. If you backup your server you will need to exclude the mounted directory’s as most backup programs assume its a new directory and you will end up with duplicates of all the files you mounted. If your directory path contains a space replace it with “\040″.

Create the directory’s that you used as mount points in the fstab file and chown them to the FTP user. Then mount the directory’s using the last command.

Restart vsftpd and you should be able to log into the FTP server.

This will show you how to install mod_evasive and mod_security for Apache on Ubuntu 10.04 Lucid Server Edition. The module mod_evasive helps protect the server from DDOS attacks and mod_security helps protect the server from attacks.

Install the two modules and postfix which will be needed if you want mod_evasive to email you when a DDOS attack occurs. Postfix will need to be configured select “Internet site” and enter “localhost” as system mail name when asked.

Make a directory for mod_evasive to store the log files and chown it to www-data. Open the mod_evasive config file add the lines below and enter your email address.

Create a folder for mod_security rules. Go to ModSecurity.org and get the link for the latest mod_security and use it below. Then extract the files and move the rules to the folder that was created chown the files to root. Then remove the unneeded files.

Open the mod_security config file and add the lines below.

Make sure the modules are enabled and restart apache.

Test mod_evasive with the perl script below change domain to your web server. Create a file name test.pl on desktop and run “perl test.pl” in terminal. A new file with your IP address should appear in “/var/log/mod_security”

This will show you how install a LAMP (Linux, Apache, MySQL, PHP) on Ubuntu 10.04 Lucid Server Edition.

Install Apache, PHP, MySQL and phpmyadmin using the command below. The next command installs some usefull php modules. The third command will enable the rewrite module.

If you want to be able to send mail using php install postfix using the commands below. Postfix will need to be configured select “Internet site” and enter “localhost” as system mail name when asked.

If your concerned about security edit the apache conf and change the timeout use Ctrl+W to search the file. Add the other two lines to the bottom of the config file. The timeout setting will help with DDOS attacks and the other two hide the Apache version number information.

Edit the php config file and set the correct time zone. Use Ctrl+W to find “date.timezone”. Make sure the leading ; is removed from the line. List of available time zones here List of Supported Timezones

Restart apache then create a php test page using the command below. The test page should display the php information for the server.

Use one of the Apache VirtualHost configurations below.

One IP address and one domain name.

One IP address and two domains.

Two IP address and two domains. Replace 255.255.255.255 with the IP address you want to use for that domain. Then run the commands at the end to disable the default site and enable the two new sites.

If you want to protect the server from DDOS attacks read Ubuntu 10.10 Maverick – Apache mod_evasive & mod_security

This will show you how to setup a SSH file server on Ubuntu 10.04 Lucid Server Edition. It will use RSSH so the user connecting will only be able to use SFTP when connecting.

Install RSSH which is a restricted SSH this will restrict the user to running commands associated with file transfers. The user will not be able to login to the server with SSH.

Edit the rssh config file and uncomment the lines below to enable restricted access.

Create the directory where for the file share users to have access to with file permissions for full access. The Files folder is created inside the sshfs because the sshfs folder will be used for the home directory and will contain files such as .bash_history so the Files folder will be used as the root directory when connecting.

Add a usergroup for the file share users.

Create a user for the file share. Setting the home directory /sshfs and using restricted SSH as the shell. Change client to the user name you want.

Now on client computer install sshfs enless you prefer a different application to access to file share and make the directory where the file share will be mounted.

Test the file share using the command below. Replace USERNAME and SERVER with your user name and server. If the username for the client is the same as the server the “USERNAME@” is not needed. Then if the file share works run the next command to unmount the file share.

The best way to login to the file share is using a SSH Key. Using a SSH Key will allow you to mount the file share without entering a password and is much safer then entering the password. If you don’t want to use a SSH Key you can skip the stuff below. For this to work the username for your client must be the same as the one used to access the server.Open “System -> Preferences -> Passwords and Encryption Keys” open the “My Personal Keys” tab and then click “File -> New…” select “Secure Shell Key” and click “Continue”.

Then enter a password to encrypt the key. This password should be at least 12 characters.

If the “Set Up Computer for SSH Connection” comes up click “Cancel” the RSSH and different home folder prevent this from working.

After the key is created right click the key and select “Export…”

Save the file to the Desktop with “authorized_keys” as the name

Connect to the file share using the same command from early and place the authorized_keys file in the root of the file share.

On the server move the authorized_keys file to /etc and apply the permissions shown below.

Edit the sshd_config and add the line shown below to the end of the config file. This needs to be changed because the home folder is different then the default. Then restart the SSH server.

Disconnect from the file share and attempt to connect to it again it should ask you to decrpyt the ssh key and then it should connect to the file share without asking for a password. If it works disconnect from the file share.

To get the file share to mount when the computer starts edit the fstab file and add the line shown below to the end of the file. Replace USERNAME and SERVER with the username and server IP address. Then enter the last command to mount the file share it should mount without asking for a password if you setup the ssh key.