burp-2.x

最後更新: 2023-04-26

目錄

  • Install From Source
  • Server Settings
  • systemd
  • Client Settings
  • restore_client / super_client
  • Signals
  • backup_tool_script
  • working_dir
  • Monitor
  • Doc

 


Install From Source

 

Download Source

wget https://github.com/grke/burp/releases/download/2.4.0/burp-2.4.0.tar.bz2

Debian 準備

apt-get install gcc g++ make pkg-config check autoconf automake libtool

apt-get install librsync-dev libz-dev libssl-dev \
  uthash-dev libncurses5-dev \
  libacl1-dev libattr1-dev libwrap0-dev

Centos 7 準備

yum groupinstall "Development Tools" -y

yum install autoconf automake libtool \
  librsync-devel libzip-devel uthash-devel \
  openssl-devel ncurses-devel libacl-devel \
  libattr-devel tcp_wrappers-devel

Update "./configure" files

tar -jxf burp-2.4.0.tar.bz2

cd burp-2.4.0/

# Check version

./configure -V

Burp configure 2.2.18

# (-v, --verbose   &   -i, --install   &   -f, --force)

autoreconf -vif

建立 build_burp.sh 去 build burp

build_burp.sh

#!/bin/bash

Ver=2.4.0

cd burp-$Ver

./configure --prefix=/opt/burp \
        --enable-xattr \
        --enable-acl

make clean
make -j
make install
make install-configs

 

 


Create User A/C to run burp

 

useradd -d /backup/burp_data burp -s /bin/false -m

passwd -l burp

chown 700 /backup/burp_data -R

chown burp: /backup/burp_data

chown burp: /opt/burp -R

 


Server Settings

 

ssl_compression

ssl_compression=zlib0

# The default is 5
# Choose the level of zlib compression over SSL.
# zlib0 turns SSL compression off.

ssl_ciphers

Server

ssl_ciphers = RC4-SHA:AES128-SHA

Client

ssl_ciphers = RC4-MD5

應用: 改用較不吃 CPU 的資源的加密

在 Backup 時會見到 log

...
2019-08-01 13:18:07 +0800: burp[8627] SSL is using cipher: 
  DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

# 找出系統支的的 ciphers

openssl ciphers -s -v RC4

...
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
...

# 在 burp.conf 設定 ciphers

ssl_ciphers = RC4-MD5

再次 Backup 時的 log

...
Aug  1 14:51:49 burp burp[8752]: SSL is using cipher: 
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5

參考

monitor_browse_cache

Whether or not the server should cache the directory tree when a  monitor client is browsing.

Advantage: browsing is faster.

Dis‐advantage: more memory is used.

atime

atime=[0|1]

The default is 0, which enables O_NOATIME.

This allows you to control whether the client uses O_NOATIME when opening files and directories.

This means that the client can read files and directories without updating the access times.

However, this is only possible if you are running as root, or are the owner of the file or directory.

If this is not the case (perhaps you only have group or world access to the files), you will get errors until you set atime=1.

With atime=1, the access times will be updated on the files and directories that get backed up.

network_allow

network_allow='127.0.0.0/8'
network_allow='192.168.123.0/24'

umask

Set the file/folder creation umask. Default is 0022

umask = 0027

Summary

burp.conf

# burp server config
mode = server
listen = 0.0.0.0:4971
max_children = 5
#
listen_status = 127.0.0.1:4972
max_status_children = 5
#
protocol = 1
pidfile = /opt/burp/var/run/burp.server.pid
#
user=burp
group=burp
# 
umask = 0022
syslog = 1
#
umask = 0027
#
client_can_delete = 0
client_can_force_backup = 1
client_can_verify = 1
#
ratelimit = 40
network_timeout = 1800
compression = zlib9
#
ca_conf = /opt/burp/etc/CA.cnf
ca_name = burpCA
ca_server_name = burpserver
ca_burp_ca = /opt/burp/sbin/burp_ca
ca_crl_check = 1

# Server SSL 設定
ssl_cert_ca = /opt/burp/etc/ssl/CA_burpCA.crt
ssl_cert    = /opt/burp/etc/ssl/burpServer.crt
ssl_key     = /opt/burp/etc/ssl/burpServer.key
ssl_dhfile  = /opt/burp/etc/ssl/dhfile.pem

directory = /backup/burp_data
clientconfdir = /opt/burp/etc/clientconfdir

version_warn = 0
keep = 14

#timer_arg = always
#timer_arg = Mon,Tue,Wed,Thu,Fri,00,01,02,03,04,05,19,20,21,22,23
timer_arg = 20h

 


systemd

 

修改 SRC/systemd/burp-server-unprivileged.service

...

[Service]
Type=forking
User=burp
Group=burp
RuntimeDirectory=burp
RuntimeDirectoryMode=0750
ExecStart=/opt/burp/sbin/burp -c /opt/burp/etc/burp-server.conf

cp systemd/burp-server-unprivileged.service /etc/systemd/system/burp-server.service

systemctl daemon-reload

systemctl enable burp-server --now

netstat -ntlp | grep burp

tcp        0      0 127.0.0.1:4972          0.0.0.0:*               LISTEN      333558/burp
tcp        0      0 0.0.0.0:4971            0.0.0.0:*               LISTEN      333558/burp

tail /var/log/daemon.log

Apr 24 18:26:39 localhost systemd[1]: Starting Burp backup server...
Apr 24 18:26:39 localhost systemd[1]: Started Burp backup server.

 


Client Settings

 

restoreprefix

# This option is prefixed to the path of all restores, and is overridden by
# '-d' on the command line.

restoreprefix = /root/restore/data

Windows

# client configure

cname    = win7-admin
password = XXXXXXXX
server   = 192.168.123.10

# Backup path
include = c:\test-burp
include = C:\Users\tim\Documents

# exclude path
exclude = C:\Users\tim\Documents\Tencent
exclude = C:\Users\tim\Documents\Tencent Files

# Restore to path
restoreprefix = c:\restore

# Other Settings
mode = client
ssl_peer_cn = burpserver
port        = 4971

# Incldue
. local.conf
. exclude_file.conf
. no_compression_file.conf

local.conf

# Common settings
server_can_restore = 0
server_can_override_includes = 0

protocol = 1
network_timeout = 600

stdout = 0
progress_counter = 1
nobackup = .nobackup

lockfile = C:/Program Files/Burp/lockfile

ca_burp_ca = C:/Program Files/Burp/bin/burp_ca.bat
ca_csr_dir = C:/Program Files/Burp/CA

ssl_cert_ca = C:/Program Files/Burp/ssl_cert_ca.pem
ssl_cert = C:/Program Files/Burp/client.crt
ssl_key = C:/Program Files/Burp/client.key

split_vss = 0
strip_vss = 0

#autoupgrade_os = win.i386
#autoupgrade_dir = C:/Program Files/Burp/autoupgrade

exclude_common_file.conf

 

exclude_regex = ^[A-Z]:/recycler$
exclude_regex = ^[A-Z]:/\$recycle\.bin$
exclude_regex = ^[A-Z]:/pagefile\.sys$
exclude_regex = ^[A-Z]:/swapfile\.sys$
exclude_regex = ^[A-Z]:/hiberfil\.sys$

 

 


restore_client / super_client

 

SERVER OPTIONS

restore_client=[client]

A client that is permitted to list, verify, restore, delete, and diff files belonging to any other client

According to the client_can permissions (eg,  'client_can_list') on both the restore_client and the original client

 - restore_clients 才可以 monitor 到所有 client

 - can specify multiple restore_clients

 - restore_client for individual original clients (clientconfdir files)

CLIENT OPTIONS

-C [client]

Allows  you  to specify an alternative client to list or restore from.

(See the 'restore_client' and 'super_client' options.)

Usage

burp -a l -C win7-admin

Backup: 0000004 2018-01-12 19:15:37 (deletable)
Backup: 0000010 2018-01-18 19:15:27 (deletable)
Backup: 0000011 2019-03-27 11:42:47 +0800 (deletable)
Backup: 0000012 2019-03-27 12:20:52 +0800 (deletable)
Backup: 0000013 2019-03-27 13:09:44 +0800 (deletable)
Backup: 0000014 2019-03-27 16:34:23 +0800 (deletable)
Backup: 0000015 2019-03-27 16:37:13 +0800 (deletable)
Backup: 0000016 2019-03-28 19:18:49 +0800 (deletable)

burp -a r -C win7-admin -d /home/restore

--------------------------------------------------------------------------------
Start time: 2019-03-29 11:04:40
  End time: 2019-03-29 11:04:41
Time taken: 00:01
                             Attempted | Expected
                   ------------------------------
             Files:                  6 |        6
       Grand total:                  6 |        6
                   ------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:         19119 (18.67 KB)
      Bytes attempted:             0
       Bytes received:         20377 (19.90 KB)
           Bytes sent:           627
--------------------------------------------------------------------------------
2019-03-29 11:04:41 +0800: burp[10124] restore finished

 


Signals

 

signal    1  (HUP) 

to the main server process will cause it to reload.

For the vast majority of configuration changes, a  reload  is unnecessary as the server will pick up changes "on-the-fly".

signal 12 (USR2)

to the main server process will cause it to wait until there are no longer any child processes, and then exit.

The intention is to help with upgrades without interrupting current backups.

if you are running upstart, a new burp server process will start up when the old one exits.

 

 


backup_tool_script

 

It is a script to check backup sanity on the server.

It can verify a given number of backups for each client.

It can run verify operations in parallel ( interleaving different client )

 

# Check that the burp service is running

# 依賴 /opt/burp/sbin/burp -a S

backup_tool_script -j burp

# Check for clients that don't have backups newer than 3 days:

backup_tool_script -d /path/to/clients/backups/dir -o 3

# Launch backup verification for last 7 backups for each client:

backup_tool_script -d /path/to/clients/backups/dir -v 3

# Check for exceeded quotas in most recent backups:

backup_tool_script -d /path/to/clients/backups/dir -q

 


working_dir

 

working_dir 它一共有 4 個 Phases (1 ~ 4)

Symbolic link

  • working
  • finishing
  • current

Start Backup

/var/spool/burp/<client>/0000027 2015-04-12 01:24:29
/var/spool/burp/<client>/working -> 0000027 2015-04-12 01:24:29

phases 1 (file system scan)

phases 2 (send actual data)

/var/spool/burp/<client>/finishing -> 0000027 2015-04-12 01:24:29

phases 3 (manifest generation)

phases 4 (shuffling)

/var/spool/burp/<client>/current -> 0000027 2015-04-12 01:24:29

Interruption

If the interruption

[1] left a 'finishing' symlink

the server will attempt to carry on and complete the backup.

Part of phase 4 may involve operations that alter the immediately previous backup

(it may need to convert its files into reverse deltas),

so once it is 'finishing', burp can only try to move forwards.

Note that when the backup is 'finishing', no more data is required from the client.

[2] left a 'working' symlink

If the interruption left a 'working' symlink behind, the server will check the

'working_dir_recovery_method' server-side option to decide what to do next.

 


Monitor

 

In burp 2

  • The status port connection is secured via SSL.
  • able to see its own details
  • details of any other client that you are a 'super_client' or 'restore_client' of.

Action section

"backup", "list", "restore", "verify", "delete", or "diff".

Phase section

"scanning", "backup", "merging", "shuffling", "listing", "restoring", "verifying", "deleting", or "diffing"

Opts

-a s                # Run this to connect to a running server to get a live monitor of the status

-a S               # Similar to '-a s', 但只會輸出一次 status

-a m               # Raw connection(JSON output)

Example

burp -a s

    burp monitor 2.2.18                               2020-04-28 12:22:08 +0800

 * burpServer              idle  last backup: 0000011 2019-08-02 13:16:06 +0800
   vm.admin                idle  last backup: 0000273 2020-04-23 23:15:00 +0800
   vm.apps01               idle  last backup: 0000265 2020-04-23 23:17:31 +0800
   vm.apps02               idle  last backup: 0000266 2020-04-23 23:01:34 +0800
   vm.file01               idle  last backup: 0000263 2020-04-23 23:19:00 +0800

 


Doc

 

https://burp.grke.org/docs/manpage.html

 

 

Creative Commons license icon Creative Commons license icon