[BackupPC-users] backuppc hangs when rsync XferMethod is used for client with openssh-6.0
Hi, few days ago I've upgraded my box from openssh-5.9 to openssh-6.0 and since then I've seen many hangs from backuppc (actually no full backup was completed, e.g. still running after 24hours, usually it finishes in ~ 3 hours - 60GB) rsync --server was running fine (I was able to rsync whole disk with it) perl process was stuck in select() call: pid 5553: /usr/bin/perl /usr/bin/BackupPC_dump -v -f 127.0.0.1 # strace -p 5553 Process 5553 attached select(16, [10], NULL, [10], NULL^CProcess 5553 detached # gdb --pid=5553 (gdb) bt #0 0x7fb20ba3f6e3 in select () from /lib64/libc.so.6 #1 0x7fb20cb69465 in Perl_pp_sselect () from /usr/lib64/libperl.so.5.14 #2 0x7fb20cb1f306 in Perl_runops_standard () from /usr/lib64/libperl.so.5.14 #3 0x7fb20cac0d6a in perl_run () from /usr/lib64/libperl.so.5.14 #4 0x00400e89 in main () Usually it rsynced 24MB to new backup, sometimes more, but e.g. XferLogLevel and --verbose haven't changed that. Looking at openssh changelog I suspect this 2 changes: https://bugzilla.mindrot.org/show_bug.cgi?id=1859 https://bugzilla.mindrot.org/show_bug.cgi?id=1943 but it could be something completly different, but now after downgrade back to 5.9 I've rsynced 2,7G to new sofar and it's still running. I'll try to narrow this a bit more (even bisect openssh if needed), but wanted to report it here asap so people don't need to debug perl and other stuff like I did (not expecting openssh to be the cause). Or maybe someone already knows about better work around with -W or something which should be added to default BackupPC config.. Cheers, -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
[BackupPC-users] encrypted pc and pool directory
Is there any way to setup backuppc so that the pc and the pool directory are encrypted so they can only be accessed by the web interface with a valid user? John -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] encrypted pc and pool directory
Short answer: no. Speculative answers: 1. The web interface and dump/link commands could be re-written to support ecryptfs or a similar file-based method. 2. You could use loop-AES to decrypt the partition/logical volume only when you need it, including when accessing the web page, running backups or restores, or running BackupPCNightly. Snarky conclusions: if you don't trust your backup server itself, you are doing something wrong. Loop-AES at boot to ensure the machine cannot be carried off, plus decent host security, should be sufficient. Regards, Tyler On 2012-05-16 21:52, John Hutchinson wrote: Is there any way to setup backuppc so that the pc and the pool directory are encrypted so they can only be accessed by the web interface with a valid user? John -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/ -- Complaining about ionizing radiation on your way to a plane flight is like complaining about a TSA pat-down on your way to Caligula's palace. -- Soren Ragsdale -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] encrypted pc and pool directory
On 16.05.2012 22:52, John Hutchinson wrote: Is there any way to setup backuppc so that the pc and the pool directory are encrypted so they can only be accessed by the web interface with a valid user? If you mean encryption: No, not really. You can encrypt the disk where backuppc stores the data. But anything you do will be un-encrypted as long as backuppc (and the webinterface via apache) is running. If you mean authentication/authorization, yes thats one of the things apache can do. And thats really what access the web-interface with a valid user means. Note the the definition of a valid user is only limited by what apache supports for this (which is quite a lot and includes kerberos and ldap and such things). See the apache-documentation for that. Have fun, Arnold PS: Is there a reason you didn't start your own thread? - Note that just hitting reply and editing the subject does _not_ create a new thread, your mail still contains headers in-reply-to: and references: and thus is still belonging to a different thread... -- Dieses Email wurde elektronisch erstellt und ist ohne handschriftliche Unterschrift gültig. signature.asc Description: OpenPGP digital signature -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
