[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Psql Backup

Subject: RE: [cobalt-security] Psql Backup
From: "Eric Frisch" <ericf@xxxxxxxxxxx>
Date: Thu, 17 Jan 2002 10:55:54 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Mark Anderson wrote:
> As a security precaution I'd like to be able to access my Postgres
> Database and back it up as part of a cronjob perhaps. But I can't
> seem to find the Cobalt perl file that defines the database name
> used and the password.
>
> Any help would be grately appreciated.
>
> Mark Anderson
>

It is a very good precaution in my mind, if that thing gets broken the whole
management interface gets hosed.  I wouldn't bother trying to get into the
database and export it, could be tricky to get put back together if you had
to.  I just shut down the database and capture all the database files
(/var/...) in a quiescent state along with the areas of the servers that we
play in so that I can put it back together and have it actually work when I
need to, something I couldn't achieve in a predictable/repeatable/non-labour
intensive way using the built-in backup or migration tools.  I then just scp
the files to a central server where they are captured on tape.

Here is an excerpt of my script, USE AT YOUR OWN RISK, it is unsupported and
it will probably void your warranty etc.  One must recover onto a fully
patched server, I keep a patched hot spare running that I can restore the
archives to.  You have to know what you are doing, anyone at all new to
Linux/UNIX should not venture here.  All users should try a recovery to a
spare machine if they have access to one, my rule of thumb is don't
implicitly trust any backup program.  In the past couple years I have
encountered two commercial backup solutions that simply didn't recovery
properly, one was from a huge vendor that specializes in backup software.
After they failed to properly support or fix the problem, we got our money
back along with significant grovelling from their senior management.
Thankfully this was caught in pre-deployment testing, always test your
backups . . .

Script follows . . .

Good luck,
Eric

# Disable swatch so that Postgresql is not restarted during the backup.

FILE="blah"

echo "Disabling swatch . . ."
vim -e /etc/crontab << END_COM >/dev/null;
g/swatch/
s/^/#/
w
q
END_COM

# Shutdown Postgresql for cold database backup.

/etc/rc.d/init.d/postgresql stop

# Backup files.

tar czvf /home/tmp/${FILE} /usr/local /etc /var /home/sites/home/users
/root --e
xclude /usr/local/frontpage

# Start Postgresql again.

/etc/rc.d/init.d/postgresql start

# Enable swatch again.

vim -e /etc/crontab << END_UNCOM >/dev/null;
g/swatch/
s/^#*//
w
q
END_UNCOM

Follow-Ups:
- Re: [cobalt-security] Psql Backup
  - From: Byron Servies

References:
- [cobalt-security] Psql Backup
  - From: Mark Anderson

Prev by Date: Re: [cobalt-security] Quick security guide
Next by Date: Re: [cobalt-security] Quick security guide
Previous by thread: [cobalt-security] Psql Backup
Next by thread: Re: [cobalt-security] Psql Backup

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index