Download the latest package from: http://rsnapshot.org/downloads.html
# wget http://rsnapshot.org/downloads/rsnapshot-1.3.1-1.noarch.rpm
# rpm -Uvh rsnapshot-1.3.1-1.noarch.rpm
Configure public key authentication
- Enable public key authentication with remote hosts with normal user privilege
local# ssh-keygen -t rsa
local# scp id_rsa.pub ssh-remote-server:id_rsa.pub
remote# useradd -c "Backup user" -d /data/home/backup/ backup
remote# su - backup
remote# vi .ssh/authorized_keys
remote# chmod 600 .ssh/authorized_keys
remote# cat id_rsa.pub >> authorized_keys ; rm id_rsa.pub
Add the command allowed to execute in the authorized_keys
command="/home/backup/validate-rsync.sh"
Create the /home/backup/validate-rsync.sh script with following contents
#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected 1"
;;
*\;*)
echo "Rejected 2"
;;
rsync*)
$SSH_ORIGINAL_COMMAND
;;
*true*)
echo $SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected 3"
;;
esac
$ chmod 700 validate-rsync.sh
Create the rsync wrapper script
$ cat > /usr/local/bin/rsync_wrapper.sh
#!/bin/sh
/usr/bin/sudo /usr/bin/rsync "$@";
# chmod 755 /usr/local/bin/rsync_wrapper.sh
This steps will basically force the ssh connection to execute the rsync as sudo
Grant user to execute rsync as root
backup ALL=(root) NOPASSWD: /usr/bin/rsync
Configure Rsnapshot
master# cp /etc/rsnapshot.conf.default /etc/rsnapshot.conf
Configure path for cp, rsync, ssh, logger, du etc
set link_dest = 1
change rsync_long_args like
rsync_long_args --rsync-path=rsync_wrapper.sh --delete --numeric-ids --relative --delete-excluded
If you require daily backup for a week,
interval daily 7
More details are on the how to section for rsnapshot website
http://rsnapshot.org/howto/1.2/rsnapshot-HOWTO.en.html
Configure the hosts and file system to backup
backup backup@remotehost:/etc/ remotehost/
./arun
