DIY Backups – Part II

In the last article we talked about the fundamental requirements for our DIY backup solution. Now that we understand what’s required, it’s time to set the wheels in motion.  As I mentioned previously, our off-site backup server will be running Linux.  For this type of workhorse function, I prefer a lightweight OS, so I chose Ubuntu Server 8.04 LTS, but feel free to install any other Linux or BSD distro.  What makes the Ubuntu server distro so great is that it ships without a graphical interface which keeps the install lightweight and clutter free.

Server Installation: Since this box will contain sensitive data, it’s important to ensure that you only install essential services.  Installing unnecessary services such as a web or ftp server only opens your server up to potential hacks.  To limit our risks, perform a basic install and only install the ssh server and nothing else.  Be sure to setup a static IP address.  If you don’t know how to do this, a quick Google search will get you the information you need. 

Server Firewall Configuration: Ubuntu server ships with a firewall but it’s disabled by default. I recommend enabling the firewall so that it disables everything and then poking holes through the firewall for the specific services we’ll need.  In our case, we’ll be using ssh and rsync.  I also recommend that you limit access to these services from a specific IP address, in this case, your home address.  Here’s how we set it up.

Login to your server then issue the following commands:

sudo ufw default deny
sudo ufw allow from to any port 22
sudo ufw allow from to any port 873
sudo ufw enable

Router Configuration: Don’t forget to configure your router to allow the ssh and rsync services through.  Most routers provided by ISPs have a firewall built into them that, by default, blocks all services.  We setup the firewall on our server which protects us from “inside” malicious behavior, but we will still need to repeat the process on our ISP provided router.  Setting this up is usually pretty simple.  Just login to the web interface and fiddle with the configuration until you figure it out.

Next time we will cover the steps required to make an initial data snapshot and how to put that data on our new server.  We’ll also talk about how we “convince” our new server to always trust our source server so that it will not ask for passwords when performing our backup operations.

Until next time!