Thông tin tài liệu
1
Unix and Linux Backups – SANS GIAC LevelOne
© 2000, 2001
1
Unix and Linux Backups
for System Administrators
By Robert Blader
Hello, my name is Robert Blader. I’m here to present a tutorial on how to make use of the backup utilities that
UNIX provides and apply them to the development of a backup plan. For the past 10 years, I have worked as
a system administrator at the Naval Surface Warfare Center in Dahlgren, Virginia. The mission of the site I
managed was to develop fire-control software for deployment on board submarines. As such, data
availability, security, and configuration management were of paramount importance.
Before I start, I’d like to tell a story. Perhaps some of you can identify with it. You’re tasked with managing
a system. If it’s new, start with hardware - connect cables, attach peripherals, etc. Next, you install and
configure the operating system, the latest security patches, and security software (Tripwire, TCP Wrappers,
COPS, etc). Next, you create user accounts, groups, and directories. Finally, you add your applications,
compilers, tools, etc. You’re running along fine for six months until one morning users notice they cannot
access files.
The day in question, there is some deadline that must be met and that data is essential. You confirm what you
are being told - you cannot access directories that should be there, and attempts to mount the filesytem are
futile. Your choices are (A) panic; (B) panic while trying to locate a backup that you fear is old and was not
done with a timely recovery in mind; or (C) break out your contingency plan that has your backup/recovery
plan documented step by step. If this is your first crisis, then you probably will handle it using some
combination of A and B. Hopefully, after going through this tutorial, choice C will be a viable option.
2
Unix and Linux Backups – SANS GIAC LevelOne
© 2000, 2001
2
Course Objectives
• Use three Unix/Linux backup
commands: tar, dump, and dd (or
cpio)
• Operate the tape device via the mt
command
• Develop a backup strategy that meets
your needs as well as your users’
At the completion of this tutorial, the student will know how to (1) use tar, dump, and dd to
archive data; (2) know how to use the mt command to control the tape media and the tape device;
and (3) know how to apply the UNIX archiving tool set to formulate a backup plan. (Editor’s note:
information on the UNIX command cpio is also included as an appendix to this course. – JEK)
No one can argue against the value of a backup in a time of crisis. Whether the crisis is the result of
a hardware failure such as a disk crash, a security breach, or a user accidentally deleting files, the
ability to recover from the event in a timely manner is what will separate an excellent system
administrator from a mediocre one. Obtaining funding – and the respect and confidence of users – is
a lot easier when you can provide them with restored data rather than with excuses. However,
devising a backup scheme that achieves this in a UNIX environment may seem a daunting task.
However, it does not need to be. This tutorial will explain the concepts you need to be able to meet
this challenge and succeed.
A list of the requirements that a backup plan should meet will be discussed. A little bit of time spent
creating a backup plan now will make dealing with lost data much less stressful later.
3
Unix and Linux Backups – SANS GIAC LevelOne
© 2000, 2001
3
Tutorial Outline
• Unix/Linux Backup Commands
• Tape operation
• Backup strategies
•Conclusion
We will start by presenting the three backup utilities that UNIX provides us.
They are tar, dump, and dd. Each command will be presented with usage, examples, and a
description of the situation that each is best suited for. We will also touch on some personal "war
stories" and useful examples. This way, we will see how the utilities come together to form a
comprehensive backup scheme.
Since magnetic tape is by and far the most common media, we will show how the mt command
comes into play to manage the tape device and manipulate the tape. Next, we will present some
considerations to take into account when creating a backup plan, and wrap up with some closing
notes.
4
Unix and Linux Backups – SANS GIAC LevelOne
© 2000, 2001
4
Unix/Linux Backup Commands
•tar
•dump
•dd
•cpio (in Appendix)
The archival commands we will discuss here are tar, dump, and dd.
As we will see, each is suited for different types of backups. Combined, they form a versatile toolkit
for performing backups.
Some information on syntax - the dash proceeding option flags for tar and dump are optional.
Dashes however, are not used with dd.
5
Unix and Linux Backups – SANS GIAC LevelOne
© 2000, 2001
5
tar Usage
• Create tar file
tar cvf <archive> <file>
• Extract tar file
tar xvf <archive> <file>
• List contents of tar archive
tar tvf <archive> <file>
• Copy current directory to another
tar cpf - . | ( cd newdir; tar xvpf - )
–Where
• <Archive> is a file or tape device
• <File> is the file or directory to archive
The three primary functions of tar are (1) to create an archive; (2) to extract files from the archive;
and (3) to generate a table of contents for a tar file.
It is simple to use, ideal for backing up only a particular directory tree or a list of files.
Note how in the fourth bullet, we use a dash instead of specifying an “archive”. A dash can be used
in lieu of a device or file name to a indicate that the data will either be read from standard input or
written to standard output depending on which side of the pipe it is used.
6
Unix and Linux Backups – SANS GIAC LevelOne
© 2000, 2001
6
tar -the <File> Parameter
• Warning: -p to get all ACL and
permission information
• Absolute vs. Relative path
–Affects whether files will be placed in
current working directory or in
absolute path when restoring
• If restoring file from tar created using absolute
pathname, could wind up overwriting a file if
one exists by that name
tar, when used with the -p flag, will preserve access information. If you administer a heterogeneous
environment, it may be important to try to extract your tar files on the same platform as they were created
on. This is because some operating systems (such as Solaris) support Access Control Lists; others (such as
Linux) do not. If maintaining ACL controls is important for you at your site, note that the information will
be lost
Another thing to keep in mind when creating a tar archive is the use of absolute vs. relative path names. Tar
files are restored to locations based on how they were put on the tape. If they were created using absolute
path names, they will be restored to the same location. Otherwise they are restored relative to the current
working directory. To illustrate the significance, here is a true story:
At the site I used to work at, we routinely got deliveries of software from our contractors. Unfortunately,
one company was lax in their documentation, especially when it came to installation notes. The normal
course of action with a new delivery was to unload it to a “test” area, where the code would be tested prior to
being put into production. The current version remains in use until the code is tested. One day, I was given
an update to install. I extracted the tar file that was delivered. Since it was backed up using absolute path
names, the current version wound up being overwritten. I had to restore the original version, move it to a
temporary location, extract the new files, move them to a test directory, and move the old version back to
where it belonged. Moral of the story: know what you are extracting, make sure you know where the files
are going, and know if the files already exist on disk. Otherwise, a 15 minute task could take you all
afternoon.
7
Unix and Linux Backups – SANS GIAC LevelOne
© 2000, 2001
7
Absolute vs Relative Examples
•Backup /etc to etc_archive.tar
Absolute path: would overwrite /etc when
extracted)
tar -cvf etc_archive.tar /etc
Relative path
: use “.” to indicate current directory
cd /etc
tar cvf /etc_archive.tar . relative
path
Here are examples of how an archive is created with tar using both absolute and relative path names.
In the absolute path example, the contents of /etc would be overwritten when restored.
Use of the “.” indicates that the archive uses relative path names. Restoring files created in this
manner will place them in the current directory. Typically, you would want to first create an empty
directory from which to stage the tar extraction.
By the way, Linux (Red Hat) tar, by default, strips any leading slashes. However, this can be
overridden with the -P flag. However, this does not apply to all vendors’ implementations of tar.
8
Unix and Linux Backups – SANS GIAC LevelOne
© 2000, 2001
8
Use Caution When Extracting
Tar Files
• If backed up with absolute path:
–Take care that files by that name
don’t already exist
• If backed up with relative path
– Will restore to current directory. Be
certain you cd to the directory you
want the files to reside in
Whether using relative or absolute pathnames, caution should be used. If absolute pathnames are
used, make sure you do not accidentally overwrite files on disk. The next slide shows a snippet of
code that can be used as a shell script to check that the files that are on a tape will not overwrite any
files without you knowing it.
Alternatively, if relative paths are used and the files go to the directory you are in, you need to make
sure that is where you want them to wind up. A common mistake is to untar the file while still sitting
in a directory full of files like /usr for example, and then having to “relocate” the files that do not
belong there.
9
Unix and Linux Backups – SANS GIAC LevelOne
© 2000, 2001
9
Ensure Don’t Overwrite Files
With tar
• The following code could help find
files that could get overwritten:
tar -tvf /dev/nrst0 > tar_listing.out
for FILE in `cat tar_listing.out|cut -f6
-d” “`
do
if [ -f $FILE ]; then
echo “$FILE exists
mv $FILE $FILE.orig
fi
done
Here is one way to ensure that you don’t overwrite files. First, we use tar with the -t option to
extract a file listing and save it off to a temporary file called tar_listing.out.
Then, we read the contents of the tar listing, extract the filename with the cut command, and test to
see if a file by that name exists. If so, print a warning and save it off with a .orig extension. This
way we can be proactive when we restore files and not just cross our fingers and hope for the best.
As a rule of thumb, it is recommended that you use relative path names, extract to a temporary
directory, and then copy files to where you want them to permanently reside. This way, you avoid
overwriting a file by accident.
10
Unix and Linux Backups – SANS GIAC LevelOne
© 2000, 2001
10
Other Tar Options
• Tar a list of files with -I (include)
–Want all *.C files from the /development
directory tree or file system:
find /development -name “*.C” > filelist.Out
tar -I filelist.Out -cvf c_files_archive.Tar
• Likewise, exclude files with -X
This example shows how you can use the find command in conjunction with tar (with the -I
flag) to create an include list. Here we are archiving C source files.
The find command says “search the /development directory tree for files matching the pattern *.c.
Save the results to a file called filelist.out”.
The tar command says “archive all the files in filelist.out and call the archive c_files_archive.tar”.
[...]... of=output_device Unix and Linux Backups – SANS GIAC LevelOne © 2000, 2001 21 If your system should ever be infected by a virus, Trojan horse, etc., first perform a backup of the filesystem using dd This will preserve filesystem information, along with “deleted” disk blocks which forensics experts may be able to recover Ideally, you will have a ready spare to rebuild onto from your backups and can set the... we just did Fourth, do a second restore command with the t flag that reads the level 2 and lists a table of contents and saves the output in level2.toc 27 Tutorial Outline • Unix/ Linux Backup commands • Tape operation • Backup strategies • Conclusion Unix and Linux Backups – SANS GIAC LevelOne © 2000, 2001 28 Now that we have discussed the backup commands and how to manipulate the tape device, the next... Reusable and economical • However, disks and CDROM are other technologies that might be considered Unix and Linux Backups – SANS GIAC LevelOne © 2000, 2001 24 Tapes, by and far, are the backup media of choice They offer high capacity, take little space, are available in various sizes and formats, and are cost efficient However, they are not the only option available Disks are getting cheaper and bigger... modify format of a dump file – Copy archives between tapes Unix and Linux Backups – SANS GIAC LevelOne © 2000, 2001 22 This slide compares and contrasts the backup commands tar, dump, and dd tar is best for backing up a single directory or selected files You can also use it to copy the contents of one directory to another, with the exception of /dev dump and its counterpart restore are best suited for. .. backup for forensics and to assess damage • Running tripwire is of little use if you have no way to restore corrupted files • A hacker could corrupt your tripwire database if left on-line Should backup the database to off-line media Unix and Linux Backups – SANS GIAC LevelOne © 2000, 2001 32 From a security perspective, two issues that backups should address are forensics and file integrity Forensics... system files you cannot account for /bin/login, /bin/ps, /bin/ls, etc • First, pull network connection (if there is one) • Check for compromise on other remotely connected systems, especially those with trust relationships Unix and Linux Backups – SANS GIAC LevelOne © 2000, 2001 33 Suppose that some time after setting up a system, you see that Tripwire reports that a system file has been modified and. .. restored Without backups, there is no way to get the system (or user’s software) back to a known baseline A copy of the latest baseline of your system should be stored offsite in the event of a fire, flood, etc 29 Safety Net • Protect users from themselves • Protect system administrators from themselves • Cost of time and resources to backup is trivial when compared to cost of data Unix and Linux Backups –... between SGI and other UNIX variants Other conversions include changing upper to lowercase data, ASCII to EBCIDC, and others Refer to the man pages for a complete list 19 dd Examples • Image copy of a file system dd if=/dev/hd0a of=/dev/nrst0 • Tape to tape copy dd if=/dev/nrst0 of=/dev/nrst1 • Copy from a platform with different byte order dd if=/dev/nrst0 conv=swab| tar xf - Unix and Linux Backups –... from an SGI to a Linux system Since these two platforms have a different byte order, a conversion needs to take place The byte-order conversion is made to an archive residing on a tape and piped to a tar command This is probably not something you need to do often but is shown to illustrate how powerful dd can be 20 dd Examples - Forensics • Files AND filesystem metadata are saved for forensics study... baseline state of the system Unix and Linux Backups – SANS GIAC LevelOne © 2000, 2001 35 Configuration management is the control of change to a system s configuration It is possible for a change, a patch, or an upgrade to either not fix a problem, or create yet another, unexpected one In some cases, the modification may be difficult to undo and backups are required to restore the system to some known . 1
Unix and Linux Backups – SANS GIAC LevelOne
© 2000, 2001
1
Unix and Linux Backups
for System Administrators
By Robert Blader
Hello,. a backup plan, and wrap up with some closing
notes.
4
Unix and Linux Backups – SANS GIAC LevelOne
© 2000, 2001
4
Unix/ Linux Backup Commands
•tar
•dump
•dd
•cpio
Ngày đăng: 17/01/2014, 08:20
Xem thêm: Tài liệu Unix and Linux Backups for System Administrators pptx, Tài liệu Unix and Linux Backups for System Administrators pptx