burp-1.x

由 datahunter 在日, 17/03/2019 - 00:50 發表

最後更新: 2020-03-17

Server 安裝(package)
Install From Source
Firewall / NAT
SSL Setup
Server Usage
SERVER CONFIGURATION FILE
AutoUpgrade
Server Side 's per Client Configure
Notify on Success/Failure
Linux Client Config File
Client Script
Windows Client Config File
Windows installer options
Server initiated Backup / Restore
Backup Data Structure
Signals
Debug
Backup Phases
Server / Client 的安全考慮
Group Deduplication
"hardlinked" backup
FAQ

Server 安裝(package)

不建議用這方法安裝, 因為 repository 的 package 已經很舊

# Install

apt-get install burp

# Ubuntu 12

/etc/default/burp

RUN=no
DAEMON_ARGS="-c /etc/burp/burp-server.conf -l /var/log/burp"

# check version:

burp -v

burp-1.3.1

Install From Source

Version: burp-1.4.4 <-- 20131008

Download Source:

apt-get install git

cd /usr/src

git clone git://github.com/grke/burp.git

cd burp

git checkout 1.4-master

準備依賴的 Package

# Debian

apt-get install librsync-dev libz-dev libssl-dev \
uthash-dev libncurses5-dev \
libacl1-dev libattr1-dev libwrap0-dev

apt-get install gcc g++ make

# Centos 7

yum install librsync-devel libzip-devel openssl-devel \
uthash-devel ncurses-devel \
libacl-devel libattr-devel

./configure

.......................................
configure: Configuration summary
configure:
configure: =====================
configure:
configure:                   Host: x86_64-unknown-linux-gnu
configure:           Burp version: 2.0.54
configure:       Install binaries: ${exec_prefix}/sbin
configure:   Install config files: ${prefix}/etc
configure:             C Compiler: gcc -std=gnu99
configure:     Preprocessor flags:
configure:         Compiler flags: -Wall -g -O2
configure:           Linker flags:
configure:
configure:                    acl: yes
configure:                  crypt: yes
configure:                   ipv6: yes
configure:                ncurses: yes
configure:                openssl: yes
configure:                  xattr: yes
configure:                   zlib: yes
configure:

OPTS:

# V1.4

--enable-static # enable static burp [default=no]
--prefix=/usr/opt
--with-tcp-wrappers
--disable-ipv6

i.e.

./configure --disable-ipv6 --with-tcp-wrappers --enable-static --prefix=/usr/opt

make & install

make -j 2

make install

make install-configs

ln -sf /opt/burp/sbin/burp /usr/sbin/burp

Test: Run Server

burp -v

burp-2.0.54

burp -c /opt/burp/etc/burp-server.conf

* 要有 CA 後 Server 才行到

Firewall / NAT

Backup: 4971/tcp # 要對街開

Status: 4972/tcp # 千萬別對街開

Server Usage

一般 Opts

-c [path] # Default /etc/burp/burp.conf ( ON Server: mv burp-server.conf burp.conf )

-i Print an index table of symbols that humans may see burp produce

Index of symbols

  a: Append to a file
  b: Backup timestamp
  c: Generic command
  .......................

-l <path> # Log file for the status monitor.

-g # Generate initial CA keys and certificates, and then exit.

Debug

-t Dry-run to test config file syntax.

-F foreground

-n No forking mode. The program will accept a single query, and then exit.

Startup

# Server startup (start_burp-server.sh)

burp -c /opt/burp/etc/burp-server.conf

* config file 必須用 Full Path

# Client startup (start_burp-client.sh)

burp -c /opt/burp/etc/burp.conf -a s

Checking

netstat -tnlp | grep burp

tcp        0      0 0.0.0.0:4971            0.0.0.0:*               LISTEN      10204/burp
tcp        0      0 127.0.0.1:4972          0.0.0.0:*               LISTEN      10204/burp

SERVER CONFIGURATION FILE

/opt/burp/etc/burp-server.conf

#### 基本設定 ####

# server / client
mode = server           # cli "burp" to run in server mode.

daemon = 1              # The default is 1
fork = 1                # The default is 1

address = 0.0.0.0
port = 4971

# Comment out below line to have no status server.
status_address = 127.0.0.1
status_port = 4972

# useradd -d /backup/burp_data burp -m
# chmod 770 /backup/burp_data
# chown -R burp. /opt/burp
user = burp
group = burp

# 0 to decide automatically, 1 to force protocol1 mode, 2 forces protocol2 mode
protocol = 1

#### File Location ####
# Synonym for 'lockfile' <- 在 Windows 上用此名稱會好理解些
# ensures that two server processes cannot run simultaneously
pidfile = /opt/burp/var/run/burp.server.pid

#### Client Setting ####

# 每個 client 的個別 config file, 
# 每個 config 檔的名稱係要用 Client 的 SSL 的 CNAME
clientconfdir = /opt/burp/etc/clientconfdir

# Whether to keep fqdn cname when looking-up in clientconfdir. Default: 1
cname_fqdn = 0

# force lowercase cname when looking-up in client‐confdir. Default: 0
cname_lowercase = 1

#### SSL ####

ssl_cert_ca = /opt/burp/etc/ssl/CA_burpCA.crt
ssl_cert    = /opt/burp/etc/ssl/burpServer.crt
# ssl_key_password = password
ssl_key     = /opt/burp/etc/ssl/burpServer.key
ssl_dhfile  = /opt/burp/etc/ssl/dhfile.pem
ca_crl      = /opt/burp/etc/CA/CA_burpCA.crl

#### Backup 保存的方式 ####

# 設定 backup 的位置
directory = /backup/burp_data/

# 建立的 backup 檔 permission
umask = 0007

# 保留 backup 的份數, 可以用 per user config "clientconfdir"
keep = 7

# level of zlib compression for files stored in backups
# compression=zlib[0-9], Default: zlib9 , zlib0 = off
compression = zlib9

# whether to keep hardlinked files in the backups, 
# or whether to generate reverse deltas and delete the original files
hardlinked_archive = 1

# 用不用 delta differencing, Default: 1
# 1: delta differencing will take
# 0: when a file changes, the server will request the whole new file.
librsync = 1

#### Backup proccess resume ####

# burp finds the working directory of an interrupted backup
# resume | delete (Default)
working_dir_recovery_method = resume


#### Resource Limit ####

# If no data is sent or received over a period of this length, burp will give up
# The default is 7200 seconds
network_timeout = 300

#  Megabits per second (Mb/s) (Default: as fast as it can)
ratelimit = 10

# number of clients that can simultaneously connect. (Default: 5)
max_children = 10

# status clients
max_status_children = 5

#### CA Setting ####

ca_conf = /opt/burp/etc/CA.cnf

# Name of the CA that the server will generate generate when using the ca_conf option
# CA_burpCA.crt, CA_burpCA.key
ca_name = burpCA

# put into its own SSL certficates when using the ca_conf option.
# burpserver.crt, burpserver.csr, burpserver.key
ca_server_name = burpserver

# check for revoked certificates
ca_crl_check = 1
# Override the default path to the certificate revocation list.
ca_crl = /opt/burp/etc/CA/CA_burpCA.crl

ca_burp_ca = /usr/sbin/burp_ca

#### LOG ####

# log 到 /var/log/daemon.log
syslog = 1
stdout = 0

# Print progress counters on stdout. Defaults to on.
progress_counter = 1

#### security client config ####

client_can_list = 1
client_can_delete = 0
client_can_force_backup = 1
client_can_verify = 1
client_can_restore = 0

#### timed backup ####
here

#### restore_client ####
# Clients that are able to list and restore files belonging to ANY other client.
# restore_client = someclient
# restore_client = someotherclient
# 那 client restore 時可以加入 "-C [client]"

#### scripts ####
# The server can run scripts on X

#### notify ####
here

#### autoupgrade 設定 ####
# Leave it commented out to not autoupgrade clients.
#autoupgrade_dir = /etc/burp/autoupgrade/server

#### Quota ####
# A warning will be issued when the estimated size of all files
# is greater than the specified size and smaller than hard_quota.
# 0 (the default) = no warning/limit
soft_quota = 95Gb
hard_quota = 100Gb

#### Read additional configuration files ####
. /opt/burp/etc/local.conf

Retention (Multiple 'keep' settings)

Each time burp creates a backup, it will be given a number that is one greater than the previous successful backup.

# 放 Client backup 的目錄

0000001 2017-09-20 13:12:47/
0000002 2017-09-20 13:17:04/
current -> 0000002 2017-09-20 13:17:04/

"keep" setting

keep = 7
keep = 4
keep = 12

This guarantees to keep 7 backups in a row,

plus 4 on multiples of 7,
plus 12 on multiples of 4*12.

../
0000001 2017-09-20 13:12:47/
0000008 2017-09-20 13:22:57/
0000011 2017-09-20 13:23:53/
0000012 2017-09-20 13:24:33/
0000013 2017-09-20 13:25:09/
0000014 2017-09-20 13:25:22/
0000015 2017-09-20 13:25:41/
0000016 2017-09-20 13:26:00/
0000017 2017-09-20 13:26:15/
current -> 0000017 2017-09-20 13:26:15/

修改已有 backup 的 client 的 'keep' setting

On the next backup of a client, burp will do it's reduction algorithm based on the new settings for that client.

ca_crl

Sep 20 12:45:40 home burp[1273]: CRL: cannot read CRL from file /opt/burp/etc/CA/CA_burpCA.crl
Sep 20 12:45:40 home error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: X509 CRL

fix by regenerate the crl:

burp_ca --name burpCA --crl

timed backup

Client 會每隔一段時間執行一次 "burp -a t" 去問 Server 是否要進行 Backup

當收到 Client 的 timed backup 訪問, Server 就會行 timer_script 去必定是否 backup

As of 2.1.22, the timer script has been internalised as part of the main C code.

(You may still use an external timer script though.)

timer_script

# run when a client connects with the timed backup option

# If the script exits with code 0, a backup will run

# Arguments: "client name" "'current' storage directory" "" "reserved" "reserved" timer_arg timer_arg ...

timer_script = /etc/burp/timer_script

timer_arg

* They are passed to the timer script in the order

* can be overridden by the client configuration files in clientconfdir

# first timer_arg - as the minimum interval since the last successful backup

# Allow backups to start any time: "timer_arg = always"

# Unit: s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months)

timer_arg = 20h

# second timer_arg - timebands

# no timebands => timer script will never allow backups.

# Allow backups to start in the evenings and nights during weekdays

timer_arg = Mon,Tue,Wed,Thu,Fri,00,01,02,03,04,05,19,20,21,22,23
timer_arg = Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23

timebands

When it runs, it will create a glob expression for the current day and hour, using the command:

LANG=C LC_TIME=C date +"*%a*%H*"

output

*Fri*11*

If this glob expression matches one of the time band arguments, the timer script decides that it is time to backup.

Server tigger timed backup ('burp -a t')

cd path_to_client's_storage_directory

su burp

touch backup

Forcing backups

Client

burp -a b

Server

# 禁止 Client 執行 'burp -a b' Per client config

client_can_force_backup=1

AutoUpgrade

# On the Server:

# 目錄結構 Client_OS_TYPE/Server_Version
# i.e. /etc/burp/autoupgrade/server/win32/1.3.1
# i.e. /etc/burp/autoupgrade/server/some_os/1.3.1

autoupgrade_dir = /etc/burp/autoupgrade/server

# 當 client 見到有 update 時(client_version < server_version),
# 它會 download 2 個 FILE (script, burp) 到本地的 autoupgrade_dir
# 之後就會行 "script" file 言後 exit

# 假設 Client 是 windows (32bit), 而 Server upgrade 了 (burp-2.2.18)

mkdir -p /opt/burp/etc/autoupgrade/server/win32/2.2.18

# 例子: SOURCE/configs/server/autoupgrade/windows.script

# 所有 win32 用同一 script

/opt/burp/etc/autoupgrade/server/win32/script

# 某一 SERVER_VERSION 用某一 script

/opt/burp/etc/autoupgrade/server/win32/SERVER_VERSION/script

# Copy installer & rename it "package"

cp burp-win32-installer-2.2.18.exe \
/opt/burp/etc/autoupgrade/server/win32/2.2.18/package

# Examples of "script"

# SOURCE/configs/server/autoupgrade/windows.script

@echo off

IF EXIST "C:\Program Files\Burp\autoupgrade\package.exe" (
        "C:\Program Files\Burp\autoupgrade\package.exe" /S
)

# SOURCE/configs/server/autoupgrade/debian.script

# On the Client:

autoupgrade_os = win32
autoupgrade_dir = C:/Program Files/Burp/autoupgrade

過程

當 client 連上 server 後, 當 server version 大過 client version 時, 那 client 就會下載兩個檔案 (script, package)

2019-04-01 12:54:31: burp[436] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:counters_json:msg:forceproto=1:
2019-04-01 12:54:31: burp[436] Received: C:/Program Files/Burp/autoupgrade/script.bat
2019-04-01 12:54:34: burp[436] Received: C:/Program Files/Burp/autoupgrade/package.exe

在下次 client 再執行時, 它會執行 script

Notify on Success/Failure

notify_success_*

on server side
email notifications

# %b - "backup"/"restore"/"verify"
# %c - client name
# %w - number of warnings, if any
#notify_success_script = /etc/burp/notify_script
#notify_success_arg = sendmail -t
#notify_success_arg = To: [email protected]
#notify_success_arg = From: burp
#notify_success_arg = Subject: %b succeeded: %c %w
# Uncomment the following to have success notifications only if there were
# warnings.
#notify_success_warnings_only = 1

notify_failure_*

# Uncomment the following for email notifications of backups that failed.
#notify_failure_script = /etc/burp/notify_script
#notify_failure_arg = sendmail -t
#notify_failure_arg = To: [email protected]
#notify_failure_arg = From: burp
#notify_failure_arg = Subject: %b failed: %c %w

Linux Client Config File

Gobal 設定

/etc/burp/burp.conf

#### Gobal Settings
mode = client
enabled = 1
pidfile = /opt/burp_client/var/run/burp.client.pid

#### Network
server = n.n.n.n
port = 4971
# send rate limit, Unit: mb/s (megabits)
ratelimit = 10
# timeout
network_timeout=300
protocol = 1

#### Log
# 當測試沒有問題, 那就兩個都 set 成 0
syslog = 0
stdout = 1
progress_counter = 1

#### 安全設定
# To prevent the server from initiating restores. The default is 1.
server_can_restore = 0
# 0 => server 不可以 override local 的 include/exclude list.
# The default is 1.
server_can_override_includes = 0
# This option is prefixed to the path of all restores, 
# It overridden by'-d' on the command line.
restoreprefix = /backup/restore

#### SSL Setting
# Uncomment the following lines to automatically generate
# a certificate signing request and send it to the server.
# burp 第一次 connect 時會用 "password" 認證身份
ca_burp_ca = /opt/burp/sbin/burp_ca
ca_csr_dir = /opt/burp/etc/ssl

# CA 認證
# SSL certificate authority - same file on both server and client
ssl_cert_ca = /opt/burp/etc/ssl/CA_burpCA.crt

# Must match the common name in the SSL certificate on backup server
# If ssl_peer_cn is not set, the "server" name will be used instead.
ssl_peer_cn = burpserver

# Client SSL Certificate & Key
ssl_cert = /opt/burp/etc/ssl/client.crt
ssl_key =  /opt/burp/etc/ssl/client.key

#### Other Settings
# Wait a random number of seconds between 0 and the given number before
# contacting the server on a timed backup.
# This can be specified by the '-q' command line option.
randomise = 1800

#### Include Local Setting
. /opt/burp/etc/local.conf

local.conf

# Defines the client name to identify as to the server.
# 亦會用這個名找 per client config
cname = seafile

# Defines the password to send to the server.
password = abcdefgh

# Encryption(Local)
#encryption_password=[password]

#### Path to include in the backup ####
# At least one 'include='
include = /root
# Include paths that match the glob expression.
include_glob = /home/vhosts/*/public_html

* include 及 exclude 必須用 absolute paths

P.S.

使用 encryption_password 後, 每當有檔案更新時, 將會整個檔案加密後才傳到 server
(用不到 deltas backup)

Cron Job

/etc/cron.d/burp

7,27,47 * * * * root    /usr/sbin/burp -a t

額外 Settings

Auto upgrade burp

#### auto upgrade ####
# autoupgrade_os = [string]
# Name of the client operating system (match "directory name" inside autoupgrade_dir)
# not set => 不 auto update

autoupgrade_os = win.i386

Scripts

#### Scripts
#backup_script_pre=/path/to/a/script
#backup_script_post=/path/to/a/script
#restore_script_pre=/path/to/a/script
#restore_script_post=/path/to/a/script

Exclude file or folder

#### Exclude

# The directory containing it will not be backed up
nobackup = .nobackup

## Path to exclude from the backup.
# exclude = [path] 

## Exclude paths that match the regular expression.
# exclude_regex = [regular expression]

# Extensions to exclude from the backup
exclude_ext = tmp
exclude_ext = bak
exclude_ext = bk

#### exclude file system ####
# Allow backups to cross all filesystem mountpoints.
cross_all_filesystems = 1

# Allow backups tocross a particular filesystem mountpoint.
cross_filesystem = /home

exclude_fs = sysfs
exclude_fs = tmpfs

Compression

no_compression_file.conf

#### exclude from compression (Case insensitive)
# compress files
exclude_comp = zip
exclude_comp = rar
exclude_comp = bz
exclude_comp = gz
exclude_comp = 7z
# media
exclude_comp = mp3
exclude_comp = m4a
exclude_comp = mp4
exclude_comp = avi
exclude_comp = mkv
# image
exclude_comp = jpg
exclude_comp = jpeg
exclude_comp = png

Client Script

# The arguments to it are 'pre', 'reserved2' to 'reserved5',
# and then arguments defined by backup_script_pre_arg
backup_script_pre=[path]

backup_script_pre_arg=[string]

# The arguments to it are 'post',
# [0|1] if the backup failed or succeeded,
# 'reserved3' to 'reserved5',
# arguments defined by backup_script_post_arg

backup_script_post=[path]

backup_script_post_arg=[string]

# default is 0, which means that backup_script_post will only be run if the backup succeeds.

backup_script_post_run_on_fail=[0|1]

# you want to run the same script before and after a backup.
# It overrides backup_script_pre and backup_script_post.
# save space in your config file

backup_script=[path]

# Goes with backup_script and overrides
# backup_script_pre_arg and backup_script_post_arg.

backup_script_arg=[path]

Windows Client Config File

# Time backup

A Windows Scheduler task will have been installed and

will be configured to run every 20 minutes from the time of the installation.

# Force a backup by hand

cd "C:\Program Files\Burp\bin"

burp.exe -a b

P.S.

"Run as Administrator"

安裝後的 Default 設定 :

mode = client

cname    = winxp
password = abcdefgh

ssl_peer_cn = burpserver
server      = 192.168.88.175
port        = 4971
status_port = 4972

stdout           = 1
progress_counter = 1

nobackup = .nobackup
lockfile = C:/Program Files/Burp/lockfile

ca_burp_ca = C:/Program Files/Burp/bin/burp_ca.bat
ca_csr_dir = C:/Program Files/Burp/CA

ssl_cert_ca = C:/Program Files/Burp/ssl_cert_ca.pem
ssl_cert    = C:/Program Files/Burp/ssl_cert-client.pem
ssl_key     = C:/Program Files/Burp/ssl_cert-client.key

server_can_restore = 0

# 1 => to save the VSS header data separate from the file data. Default: 0
# 0 => which means that the VSS header data is saved prepended to the file data
# This option has no effect in protocol 2
split_vss = 0

# To prevent the VSS header data being backed up. Default: 0
# To restore a backup that has no VSS information on Windows,
# you need to give the client the '-x' command line option.
# "-x" On restore, do not use the Windows VSS API, and strip out the VSS data.
# This option has no effect in protocol 2.
strip_vss = 0

# autoupgrade 設定
autoupgrade_os  = win32
autoupgrade_dir = C:/Program Files/Burp/autoupgrade

# exclude
exclude       = C:/Windows/Temp          # win7
exclude_regex = ^[A-Z]:/Recovery$
exclude_regex = ^[A-Z]:/\$recycle\.bin$
exclude_regex = ^[A-Z]:/pagefile\.sys$
exclude_regex = ^[A-Z]:/hiberfil\.sys$
exclude_regex = ^[A-Z]:/System Volume Information$

# 設定 backup 什麼
# 只會 backup C:/Documents and Settings
include = C:/Documents and Settings

VSS

vss_drives

# If you omit this option, burp will automatically decide based on the 'include' options.

# If you want no drives to have snapshots taken of them, you can specify '0'.

vss_drives=[list of drive letters]

Scheduled Task

Default: 安 exe 會自動建立 scheduled task

設定: Poll every 20 minutes (call "C:\Program Files\Burp\bin\burp.exe" -a t)

Windows installer options

/S Silent install
/server=[address] Set the address of the burp server
/port=[port] Set the port of the burp server
/cname=[name] Set the client name
/password=[password] Set the client password
/autoupgrade=[0|1] Set whether autoupgrades are allowed
/server_can_restore=[0|1] Set whether the server can initiate restores or not.
/encryption_password=[password] Set an encryption password.
/poll=[minutes] Set the poll interval
/overwrite Allow existing client configuration to be overwritten

Server initiated Backup / Restore

backups

You can queue a backup on the server, to be performed when the client next makes contact.

To do this, you put a file called 'backup' into the top level of the client storage directory.

The contents of the file are ignored.

restores

put a file called 'restore' into the top level of the client storage directory.

(burp.conf 要有 "server_can_restore=1" <= Default 係有的)

Backup Data Structure

log.gz
'data' directory
'deltas.reverse' directory

File

root@ubuntu:/home/backup/winxp1# ls -al

total 24
drwxr-xr-x 6 root root 4096 Oct 17 20:07 ./
drwxr-xr-x 4 root root 4096 Oct 17 20:04 ../
drwxr-xr-x 2 root root 4096 Oct 17 20:04 0000001 2013-10-17 20:04:12/
drwxr-xr-x 2 root root 4096 Oct 17 20:05 0000002 2013-10-17 20:04:51/
drwxr-xr-x 3 root root 4096 Oct 17 20:07 0000003 2013-10-17 20:05:42/
drwxr-xr-x 3 root root 4096 Oct 17 20:07 0000004 2013-10-17 20:07:10/
lrwxrwxrwx 1 root root   27 Oct 17 20:07 current -> 0000004 2013-10-17 20:07:10/

current:

drwxr-xr-x 3 root root 4096 Oct 17 20:07 ./
drwxr-xr-x 6 root root 4096 Oct 17 20:07 ../
drwxr-xr-x 4 root root 4096 Oct 17 20:07 data/
-rw-r--r-- 1 root root  164 Oct 17 20:07 incexc
-rw-r--r-- 1 root root  515 Oct 17 20:07 log.gz
-rw-r--r-- 1 root root  409 Oct 17 20:07 manifest.gz
-rw-r--r-- 1 root root   28 Oct 17 20:07 timestamp

incexc

include = C:/test
nobackup = .nobackup
cross_all_filesystems = 0
split_vss = 0
strip_vss = 0
read_all_fifos = 0
min_file_size = 0
max_file_size = 0
compression = 9

manifest.gz

t00110000/0000/0000.gz
r0030A A EH/ B A A A A A A BSX2MI BSX2MI BSXnL+ A Q J
f0007C:/test
x0024276:5d90072b50aa6f71c660bdb7c839b225
t0029t/C:/test/burp-win32-installer-1.3.38.exe
r0033A A IH/ B A A A IG6R A A BSX2MC BSXmMU BSXnBo A g J
f0027C:/test/burp-win32-installer-1.3.38.exe
x00282125685:0e0c1f107a4af48f38bdea9ffa2b6d9a
t00110000/0000/0001.gz
r0030A A EH/ B A A A A A A BSX2MI BRJKRr BRJKRr A Q J
f001AC:/test/mysql-4.1.22-win32
x0024276:4870e45b966fb93ec3d24ee7173f7438
t0026t/C:/test/mysql-4.1.22-win32/Setup.exe
r0034A A IH/ B A A A CpXRc A A BSX2MF BFT1Ql BRJKRr A g J
f0024C:/test/mysql-4.1.22-win32/Setup.exe
x002944397888:9e358208f35776b728e3d1019f51e74e
t0019t/C:/test/pietty0.327.exe
r0033A A IH/ B A A A BPIA A A BSX2L7 BCrYTS BSX2L7 A g J
f0017C:/test/pietty0.327.exe
x0027324324:aaf99efac253c113319421c057550666

timestamp

0000004 2013-10-17 20:07:10

zcat log.gz

2013-10-17 20:07:10: burp[643] Client version: 1.3.38
2013-10-17 20:07:10: burp[643] Begin phase1 (file system scan)
2013-10-17 20:07:14: burp[643] End phase1 (file system scan)
2013-10-17 20:07:14: burp[643] Begin phase2 (receive file data)
2013-10-17 20:07:24: burp[643] End phase2 (receive file data)
2013-10-17 20:07:24: burp[643] Begin phase3 (merge manifests)
2013-10-17 20:07:24: burp[643] End phase3 (merge manifests)
2013-10-17 20:07:24: burp[643] Backup ending - disconnect from client.
2013-10-17 20:07:24: burp[643] Begin phase4 (shuffle files)
2013-10-17 20:07:24: burp[643] Duplicating current backup.
2013-10-17 20:07:24: burp[643] do not need to hardlink archive
2013-10-17 20:07:24: burp[643]  not doing hardlinked archive
2013-10-17 20:07:24: burp[643]  will generate reverse deltas
2013-10-17 20:07:24: burp[643] Doing the atomic data jiggle...
--------------------------------------------------------------------------------
Start time: 2013-10-17 20:07:10
  End time: 2013-10-17 20:07:25
Time taken: 00:15
                         New   Changed Unchanged   Deleted     Total |  Scanned
                   ------------------------------------------------------------
            Files:         4         1         0         0         5 |        5
      Grand total:         4         1         0         0         5 |        5
                   ------------------------------------------------------------

             Warnings:             0

      Bytes estimated:      46847213 (44.68 MB)
      Bytes in backup:      46848449 (44.68 MB)
       Bytes received:      45758628 (43.64 MB)
           Bytes sent:             0
--------------------------------------------------------------------------------
2013-10-17 20:07:25: burp[643] Backup completed.
2013-10-17 20:07:25: burp[643] End phase4 (shuffle files)

Signals

signal 1 (HUP) to the main server process will cause it to reload

signal 12 (USR2) to the main server process will cause it to wait until there are no longer any child processes

Debug

burp -F -c burp-server.conf

# Case 0:

Oct 17 00:45:30 ubuntu burp[21376]: forked child pid 24176
Oct 17 00:45:30 ubuntu burp[24176]: password rejected for client winxp1
Oct 17 00:45:30 ubuntu burp[24176]: unable to authorise on server
Oct 17 00:45:31 ubuntu burp[24176]: exit child

# 錯 password

# Case 1:

w2013-10-08 17:37:50: burp[29240] WARNING: Client 'winxp1' version '1.4.4' 
                      does not match server version '1.3.1'. An upgrade is recommended.

# version 不對仍可以 backup 的

# Case 2:

Oct 17 02:41:50 ubuntu burp[31981]: Client winxp1 wants a certificate signed
Oct 17 02:41:50 ubuntu burp[31981]: Will not accept a client certificate request for 
                                    'winxp1' - /etc/burp/CA/winxp1.crt already exists!
Oct 17 02:41:50 ubuntu burp[31981]: Error signing client certificate request for winxp1
Oct 17 02:41:50 ubuntu burp[31981]: exit child

Client 不見了 certification

# Case 3:

Oct 17 02:43:09 ubuntu burp[31886]: forked child pid 31984
Oct 17 02:43:09 ubuntu burp[31984]: auth ok for: winxp1
Oct 17 02:43:09 ubuntu burp[31984]: Client winxp1 wants a certificate signed
Oct 17 02:43:10 ubuntu burp[31984]: Received: /etc/burp/CA/winxp1.csr
Oct 17 02:43:10 ubuntu burp[31984]: Signing certificate signing request from winxp1
Oct 17 02:43:10 ubuntu burp[31984]: Running '/usr/sbin/burp_ca --name winxp1 --ca burpCA 
                            --sign --batch --dir /etc/burp/CA --config /etc/burp/CA.cnf'
Oct 17 02:43:10 ubuntu burp[31984]: /usr/sbin/burp_ca returned: 1
Oct 17 02:43:10 ubuntu burp[31984]: Error running /usr/sbin/burp_ca
Oct 17 02:43:10 ubuntu burp[31984]: Error signing client certificate request for winxp1
Oct 17 02:43:10 ubuntu burp[31984]: exit child

# 用了 default 的 ca_name = burpCA

# Case 4:

client:

C:\Program Files\Burp\bin>burp.exe -a b
2013-10-16 16:48:42: burp.exe[3196] before client
2013-10-16 16:48:42: burp.exe[3196] begin client
2013-10-16 16:48:42: burp.exe[3196] auth ok
2013-10-16 16:48:42: burp.exe[3196] Server version: 1.4.4
2013-10-16 16:48:42: burp.exe[3196] nocsr ok
2013-10-16 16:48:42: burp.exe[3196] Client uses TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384 
                                    Certificate doesn't verify.
2013-10-16 16:48:42: burp.exe[3196] check cert failed
2013-10-16 16:48:42: burp.exe[3196] after client

server:

Oct 17 00:46:51 ubuntu burp[21376]: forked child pid 24178
Oct 17 00:46:51 ubuntu burp[24178]: auth ok for: winxp1
Oct 17 00:46:51 ubuntu burp[24178]: Client winxp1 does not want a certificate signed
Oct 17 00:46:51 ubuntu burp[24178]: Client uses TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
Oct 17 00:46:51 ubuntu burp[24178]: problem reading in extra_comms
Oct 17 00:46:51 ubuntu burp[24178]: running extra comms failed on server
Oct 17 00:46:51 ubuntu burp[24178]: write returned: -1
Oct 17 00:46:51 ubuntu burp[24178]: error in do_write
Oct 17 00:46:51 ubuntu burp[24178]: exit child

其中一方錯 ssl_peer_cn

Backup Phases

backup_phase1_client: Scan the client filesystem and send stats to the server.

backup_phase1_server: Receive the stats from the client.

backup_phase2_server: Request and receive changes from the client and create an unchanged list and a changed list.

backup_phase2_client: Send the changes that the server requests. The work of the client is now finished.

backup_phase3_server: Generate the new manifest list for the backup out of the unchanged list and the changed list.

backup_phase4_server: Finish off the backup by jiggling the received data

around and putting everything in the correct place. Need to generate reverse deltas in order to save space for the previous backup

(unless hardlinked_archive is turned on).

Server / Client 的安全考慮

# You are a client, and you don't trust the server.

# encrypt your data
# client encryption means that you cannot do network librsync deltas.
encryption_password=????????????
server_can_restore=0
autoupgrade=0

# You have a burp server and you don't trust your users

client_can_force_backup=0
client_can_list=0
client_can_restore=0
client_can_verify=0

Group Deduplication

# Enables you to group clients together for file deduplication purposes

dedup_group=[string]

# Server seting

dedup_group = global

# Client seting

* set 'dedup_group=xp' for each Windows XP client

-g xp

"hardlinked" backup

hardlinked_archive=1

# no reverse deltas need to be applied

# complete copy of every version of each file will be kept

=> speeding up restores for older backups

Default (hardlinked_archive=0)

Once all the files and bits of files have been transferred to the server, it needs to assemble them into the final backup.

burp generates reverse deltas for the files that changed and it deletes the original files (previous files)
(burp will just delete the original and keep the new version, and not keep a delta at all)

=> uses more diskspace

以上過程叫 "shuffle operation"

瀏覽次數： 1066