# How to do 100% system automated backups via cvsup



## inurneck (Jan 25, 2010)

Sigh. I wrote this when I first had my site it was around 1998 I just searched the net and found it, can't believe it, it's one of the few left. It saddened me a little. Thought i'd resurrect it. It's old, outdated but still does exactly what it says. A squatter is sitting on the domain still. They changed "experience information at it's best" To what you need when you need it and are using the hits the site still gets. Bastards.

How to do 100% system automated backups via cvsup 

Q: Before i get all fired up about this what do i need? 
A: You need two boxes using FreeBSD stable and cvsup installed. I use 4.6-STABLE But this is not needed.. For all i know you can backup to another variant of BSD that uses cvsup? Possible? email me. 

Before we get started you should learn what cvsup is: http://www.unixhideout.com/freebsd/doc/en_US.ISO8859-1/books/handbook/cvsup.html and how to use it.. You should also be VERY certain the daemon we execute on the box to be updated should NOT be accessible by the internet because i dont go into access or auth in this tutorial, I have a router, so people cannot hit the port that the daemon listens on. If you do not have a router, or some sort of firewall disallowing access to this port, you can let the entire internet access your backups! 

Another thing.. Even though i do this this way, i still zip and download the files and burn them onto a CDR at least once a month (most of the time more) so i never lose more then a months work. If by some sad reason You do get rooted, or let's say they find a vulnerable script and rm -rf www cvsup will run and backup exactly what it sees. NOTHING. You should feel very secure about your box before you do this and still put your important files on cdr or tape backup as often as possible. DO NOT RELY ON THIS METHOD EXCLUSIVELY. This happens. 

I remember when i first started with unix i ran redhat linux, and i was using a program called mirrordir that would "mirror" /var/www to /some/safe/dir every few hours. A script kiddie found a vulnerability in redhat, gained access to the webserver account and deleted my website. mirrordir ran and in moments i had nothing. I lost my entire site. At the time i could have cried like a schoolgirl, but im glad it happened. I learned not to run linux and looked into BSD.. Here i am today years later. Let me say it one more time. "CDR" as well as this method.. 

For those of you that have the new book "FreeBSD unleashed" please turn to the bottom of page 537 where it says "mirrors" and read it through page 540. If i didnt drop my scanner and smash it into fifty thousand pieces i would scan the pages but youll have to buy the book. It is an excellent book with around a thousand pages that any sysadmin in his right mind should own. Even though these are my own words, and hopefully, im making it a bit easier on you in my wording, i have to give the FreeBSD Unleashed book full credits as that is what taught me. I would also like to thank logic from http://www.logical-security.com who is one of my best friend's and bought me the book and donated it to unixhideout.com by mailing it to me free of charge. 

As with everything else i write, i proof read everything i write several times and go over it a lot. But if this messes up your box OOPS. I am not responsible. Of course however i am open to criticism. If you feel there is a better way to do something i mention or if its outright wrong, you are to email me right away so i dont harm peoples boxes, or simply provide the wrong information as that is not my goal. However anything i tell you to do not only have i DONE it on my own box with no problems, but if i lead you into anything risky i guide you in backing up the files first. So you're all set.. 

If i didnt scare the shit out of you yet, read on.. I am assuming you have two boxes running FreeBSD. FOr these examples i will backup the "labs" server to the "labs2" server. The first thing you should do is install cvsup on both servers. 


```
[labs] /etc# cd /usr/ports/net/cvsup 
[labs] /usr/ports/net/cvsup# make install
```

*please note that if you do not have X installed, there is a port for cvsup for users without a need for a GUI. Simply replace the above lines with 


```
[labs] ~# cd /usr/ports/net/cvsup-without-gui 
[labs] /usr/ports/net/cvsup-without-gui# make install
```

Do know that this could take quite some time depending on your net connection as well as your processor speed but i do not care if you are on 56k i recommend you get the latest packages off of the internet using /usr/ports. 

For this tutorial i am going to have you backup your /home directory. To add other directories, simply follow practically the same steps except replace the filenames. I already have cvsup installed and i have a cvsup file, due to me being a cvsup server, and i wasnt sure whether it would clash with my existing cvsup directory so i made a new one.. So let's begin with the box we want to BACKUP 
let the commands begin.. follow my lead. 


```
#cd /usr/local/etc/ 
#mkdir cvsup-backup 
#cd cvsup-backup 
#mkdir sup 
#cd sup 
#mkdir home 
#cd home
```
edit home.cvs and inside place this: 

```
upgrade home

rsymlink *
```

now close the file and of course save it.. 
edit releases and inside place this: 


```
home list=home.cvs prefix=/
```

close the file and save. Now we start the cvsupd daemon. 

You have something to think about here. How often are you going to backup? Are you going to make a cronjob to do this periodically? Are you going to add the command to /etc/daily.local or /etc/weekly.local? or will you run it manually as often as you make changes? 

I run it 24/7 and have the system run it in /etc/daily.local which is how i will set you up. But whatever you want to do here just make your changes.. Ok so obviously if you run cvsupd already like i do you can not use the default port as its already in use. I specified one via the command line, and made a script and dropped it in /usr/local/etc/rc.d/ with the name cvsupd.backup.sh *note be sure to chmod it executable by root like this.. 


```
#chown root cvsupd.backup.sh 
#chgrp wheel cvsupd.backup.sh 
#chmod 700 cvsupd.backup.sh 
#cd /usr/local/etc/rc.d/
```

edit 
	
	



```
cvsupd.backup.sh
```
 and inside place 


```
#!/bin/sh 

/usr/local/sbin/cvsupd -b /usr/local/etc/cvsup-backup -p port -C 1 -l /dev/stdout
```

change "port" to the port you want cvsupd to listen on for connections, and save the file and make it executable by root as shown above. Now remember the port you used because we are about to go to the server we will back up on now, and you will need to remember it.. Now log into the second server which is the server you want to backup into.. and cd to the /etc/ directory. 


```
[labs2] ~# cd /etc 
[labs2] /etc#
```
again i made a seperate directory for this cvsup process. 

```
#mkdir cvsup-backup 
#cd cvsup-backup
```

and inside i created a file called simply enough cvsup-backup inside i created this: 


```
*default host= 
*default delete use-rel-suffix 
*default compress 
*default preserve 

*default base=/usr/cvsup-backup 
*default release=home
```

save and exit the file. 
now.. default host= here you put the ip of the server that you are backing up. 

You have to make sure on "labs2" You are backing up to a partition in which you have enough space to backup onto. Look at the df output of "home" on the server to be backed up, and then go back to "labs2" and find a directory to backup into. For me this destination was /usr/cvsup-backup 


```
#cd /usr 
#mkdir cvsup-backup
```

Now if you want to run this command once a night, you can add this command to /etc/daily.local or /etc/weekly.local 

`/usr/local/bin/cvsup -p PORTYOUCHOSE -L 2 /etc/cvsup-backup/cvsup-backup`

Now before you go and try this and say its not working i will tell you why it will not work if you execute it now. "permissions" We made all these directories as root. On my servers, i like to create a shell script called security.sh and place it in my root directory. I am not sure about posting this here as it is huge as well as giving you a list of important users on my system so heres an old one with non existant users http://www.unixhideout.com/ro0t-tuts/security 

Obviously you will have to edit it tremendously but you should have a great idea of many things including how my website is writable by the user "webmaster" which is other remote webmasters, however it is read only to the webserver process, and of course you also see the permissions of cvsup which is why i posted it in the first place. 

Writing a security scripts is very good to lock down the box and fix erroneous permissions from you working, whenever i am not sure about permissions i simply cd to my root dir and as root i type `sh security.sh` although it is a bit of work its a very good thing. 

I hope this helped you, I have proof read this. There might be a typo or two, but if you perform this on your box nothing bad *should happen.

Submitted by BSDVault Member Ro0t
http://www.unixhideout.com/

I was a dork. Oh well whaddya gonna do. Maybe it's still useful.


----------



## dennylin93 (Jan 25, 2010)

A couple more enters would be nice .


----------



## DutchDaemon (Jan 25, 2010)

Took care of that as well.


----------



## tangram (Jan 25, 2010)

There's probably no need to install net/cvsup-without-gui and net/cvsup as [cmd=]csup[/cmd] is part of base.


----------



## inurneck (Jan 27, 2010)

I am sorry I just pasted it hella quick. I'll update it one of these days I returned to work today. I palletized, and filled two 18 wheelers full of computer scrap with a forklift and forkjack,

Then moved it from beverly massachusetts to pawtucket which is an hour and a half just to get there, then back again.  

Took me from 6am to just now did I sit down. 8pm and tommorow I get to inventory it! I work for a company that basically companies schools and "green people" who appreciate the earth give us their old computer equipment (old to them some companies just upgrade and give us great shit.) 

This company is how I got my macbookg4 , my poweredge fbsd is on my g5 and the monitor im writing this from.

And in return I erase the data professionally and securely and I also make computers they can sell out of the parts, basically mixing and matching. And they recycle the rest for metals. Gold aluminum copper etc. etc. Long story short. 

I may have lived on FreeBSD.forums.org for a few weeks but i'm back to reality now. I don't have time for what I call the fp disease online. forum perfection. You know the spelling police all that. I just made a quick post thought it might be useful and i'd update it later.

And if you seen my post last night I was up until 4am like a moron trying to fix freebsd and get basic DRM  to actually work which has proved fatal so far.

http://forums.freebsd.org/showthread.php?p=64247#post64247 The howto i wrote around _1998_ above was stumbled upon by me gave me a warm remembrance and pasted quickly before I went to bed thinking "maybe" it might still be useful. 

Csup and half the other tools you know didn't exist when I started on FreeBSD and I mentioned it was outdated but you probaby didn't read half of it because there wasnt enough "enters". I think you meant page breaks. Whatever. 

The csup project is now officially completed. This tool has proven to be a solid CVSup replacement for checkout-only functionality, and is now being shipped along with the FreeBSD operating system, since FreeBSD 6.2-RELEASE. 

my tut > *A: You need two boxes using FreeBSD stable and cvsup installed. I use 4.6-STABLE* 



DD, thanks a lot for cleaning up my post you did a good job and didnt have to as it was my intention for me to do. I do appreciate it, Because now instead of wasting time on that after the day I had I can rub one out and go to sleep to do it all over again.



On a side note, you guys take life online way to serious. It's scary. But in the future i'll try to 

respect.

your.

wishes.

I can take positive criticism but I don't need to eat it every day. I can link 72 posts of mine alone. Not to mention the other members who instead of an informative answer get somebody posting about a spelling error or lack of whitespace.

 It's just frustrating as a user of a forum waiting to see if anyone had an answer or help for you and instead getting garbage. I posted two threads and all I got was this above in 15 hours.



 Sigh. All I am saying is before I'd worry about spelling or page breaks i'd be more concerned with the contributive and informative to positive or negative criticism post ratio first. 

It's thirsty around here. Anyway, theres your positive criticism from me. Life is too short. Everybody wants to go to heaven but nobody wants to die. 

 Now if anyone has anything informative or useful. http://forums.freebsd.org/showthread.php?p=64247#post64247 this is kicking me in the toucas. If there isn't a way to say disable the onboard video from being probed using loader.conf or anything else, or to tell Freebsd to make card0 instead of card1, or to tell that terdmuffin Xorg to use card1 instead of card0 I think my only resolution is going to involve drinking, my firearms. Or both. It's ClownShoes.


----------



## ohauer (Jan 31, 2010)

tangram said:
			
		

> There's probably no need to install net/cvsup-without-gui and net/cvsup as [cmd=]csup[/cmd] is part of base.



True, but only for the client side. Can csup act as server like cvsupd?


> /usr/local/sbin/cvsupd -b /usr/local/etc/cvsup-backup -p port -C 1 -l /dev/stdout


It is OK at the client side in this case the backup server


----------

