Secure online backup and restore with Tarsnap
Data has become a critical part of any environment. In order to be able to restore data in the event of loss or changes, system administrators need to backup data.
When choosing a backup and restore method, it is a good idea to think of reasons and requirements for restores. Typical reasons for restores are written changes to files, accidental deletion of files, failed (crashed) harddisks (storage media), damaged hardware (servers, computers, workstations, laptops), theft of hardware and impound of hardware during search and seizures by authorities (police, tax, court, judge).
Tarsnap is a secure online backup service for BSD, Linux, OS X, Solaris, Cygwin, and can probably be compiled on many other UNIX-like operating systems. The Tarsnap client code provides a flexible and powerful command-line interface which can be used directly or via shell scripts.
Tarsnap was written by Dr. Colin Percival. In January 2004, Colin became a FreeBSD committer and a member of the FreeBSD Security Team; he became the Security Officer for FreeBSD in August 2005, a position which he has held since. Aside from his work as FreeBSD Security Officer, he is probably best known in the FreeBSD community for his work on FreeBSD Update and Portsnap.
This example will install Tarsnap on a FreeBSD operating system.
Log in as root on the server in question and perform the following commands, that will install the Tarsnap client.
cd /usr/ports/sysutils/tarsnap && make install clean
Visit the website, create an account and add funds to your account. Perform the following command, that will generate a cryptographic key for encryption of your data.
tarsnap-keygen --keyfile ~/tarsnap.key --user foobar@foobar.com --machine starnix
Store a copy of the key in a safe place. Perform the following commands, that will configure Tarsnap.
cd /usr/local/etc
cp tarsnap.conf.sample tarsnap.conf
nano -w tarsnap.conf
That’s it. Tarsnap is now installed and ready to be tested.
The following commands will test the Tarsnap client and service, create remote archives, list archives on the remote site, restore from an archive on the remote site and delete an archive on the remote site.
tarsnap -c -f 2010-03-08 /usr/home/ann /usr/home/bob
tarsnap -c -f 2010-03-09 /usr/home/ann /usr/home/bob /usr/home/charles
tarsnap --list-archives
tarsnap -x -f 2010-03-08 usr/home/bob
tarsnap -x -f 2010-03-09 usr/home/bob
tarsnap -d -f 2010-03-08
The first archive 2010-03-08 is created and the homes of Ann and Bob is uploaded in compressed and encrypted blocks. The next archive 2010-03-09 is created and only the changes in the homes of Ann and Bob since last archive and the home of Charles is uploaded in compressed encrypted blocks. The list of archives will show the two archives 2010-03-08 and 2010-03-09. The restore of the home of Bob from the first archive 2010-03-08 will restore the home of Bob as it was at that time. The following restore from the archive 2010-03-09 of the home of Bob will restore the home as it was at that time. The restored directory structure is written to the current directory.
The Tarsnap client only upload the absolutely necessary blocks, that is not present on the remote site. The remote site only stores the absolutely necessary blocks, that is needed to restore the archives. No block is stored twice on the remote site even though archives appear to contain the same (doublettes) files.
Perform the following commands and configuration, that will configure FreeBSD for automatic regular backup.
nano -w /etc/crontab
37 22 * * * root /usr/local/bin/tarsnap -c -f `date +\%Y\%m\%d`
killall -HUP cron
FreeBSD will make sure, that the Tarsnap client will be executed every day at 22:37 and create a new archive, that is named after the server and current date.
Open Source Days
Graphical website visitor statistics (usage reports) is created on the basis of website log file analysis.