Category Archives: Technical

About software, hardware, and everything in between.

FreeBSD Full / Incremental Filesystem Dump Shell Script

Posted on by
11

I wanted to automate filesystem dumps on my servers running FreeBSD 7.2. After some searching I came across Vivek Gite’s FreeBSD Full / Incremental Tape Backup Shell Script which gave me a lot of ideas. Since I’m not using tape as the backup target I wanted to make a script specifically for that purpose while at the same time improve handling of some error conditions (such as, most importantly, checking for a missing level 0 dump before proceeding with an incremental dump) and add some new features such as autoincrement the dump level so that the dump level is not tied to specific day of the week.

Here’s my version of the script. While it bears some resemblance to Vivek’s script, it is largely rewritten. Read the script header for more information.

NOTE! In his comment James pointed out a possible bug in the script. The displayed script indeed had a problem: it was missing a backslash in front of the first dollar sign at:

eval “local fspath=\$${fsname}path”

This was caused by the script display plugin in WordPress that treated the backslash as an escape character (this has now been fixed). To be on the safe side, please download the script as a tarball. To further validate the integrity of the tarball, it should produce a md5 hash of 732ac44f11ba4484be4568e84929bb6a. 

#!/bin/sh

# Autodump 1.5a (released 01 August 2009)
# Copyright (c) 2009 Ville Walveranta
#
# A FreeBSD shell script to dump filesystems with full, and automatically
# incremented incremental backups to a given directory location; this script
# was written with the intent of saving the filesystem dumps not onto a tape
# device but on another hard drive such as a different filesystem on the same
# computer. The resulting dump files can be copied offsite with a separate
# cron job.
#
# This script creates the necessary directory structure below the defined
# 'BASEDIR' as well as the necessary log file. This script also ensures that
# the level 0 dump exists before creating an incremental dump; if it doesn't
# the script automatically erases the incremental files for the current week
# (if any exist) and starts over with a level 0 dump. This way you can start
# using the script on any day of the week and level 0 dump is automatically
# created on the first run.
#
# When ran daily (such as from a cron job), the script creates level 0 dump
# on every Monday (beginning the ISO week), or Sunday (beginning of the U.S.
# week) and an incremental dump on all the other days of each week. The dumps
# are compressed with gzip and saved below the 'BASEDIR' to an automatically
# created directory whose name is derived from the list given in 'FSNAMES'.
# Each week's dumps are organized into subfolders with name YYYY-WW ('WW'
# being the current week). By default three most recent weekly dumps
# (level 0 + incrementals) are retained.
#
# The script maintains each weekly folder's date at the _beginning_ date
# of the dump (i.e. Monday or Sunday of the current week) at 00:00, not
# at the most recent incremental's date/time.
#
# By default the root (/) and usr (/usr) filesystems are dumped. To add more
# add a "friendly name" to the 'FSNAMES' list (it is used for the weekly folder
# names, for dump filenames, and to reference the corresponding mount point
# variable); then add the corresponding mount point variable (i.e. if you
# add "var" to 'FSNAMES', then add a variable varpath=/var). The "path"
# ending of the mount point variable name is required.
#
# Since the number of incremental dumps is limited to nine (level 0 +
# incremental levels 1-9), the script will allow maximum of one dump
# to be created per day. However, since the level incrementing is dynamic
# you can start the script on any day of the week, and run it on any
# number of days during the rest of the week and you'll always get
# level 0 plus the incremental dumps in sequential order. However, The
# new weekly folder is always created on Monday or Sunday (as chosen by
# you). Note that the script determines whether "today's" dump exists
# based on the modification date stamp of the most recent dump. Hence
# it is a good idea to run this script in the early hours of each day
# rather than in the very end of each day. Running the script, for
# example, at 23:50 has the potential to push longer dump processes
# over the midnight and so potentially cause the next day's dump to
# be skipped.
#
# Written for FreeBSD 7.2 but should work on most BSD and *NIX systems with
# minor modifications.
# -------------------------------------------------------------------------
# Copyright (c) 2009 Ville Walveranta
# <http://my.galagzee.com/2009/07/17/freebsd-dump-filesystem-shell-script>
# This script is licensed under GNU GPL version 2.0 or above, and is provided
# 'as-is' with no warranty which is to say that I'm not liable if it wipes out
# your hard drive clean or doesn't back up your precious data. However, to the
# best or my knowledge it is working as expected -- I'm using it myself. :-)
# -------------------------------------------------------------------------
# This script was inspired by
# FreeBSD Full / Incremental Tape Backup Shell Script
# by nixCraft project / Vivek Gite
# at <http://bash.cyberciti.biz/backup/freebsd-dump-filesystem-shell-script/>
# -------------------------------------------------------------------------

#### GLOBAL VARIABLES ###############################################

WEEKSTARTS=Mon      # Accepted values are "Mon" (ISO standard) or "Sun" (U.S.)
KEEPDUMPS=30        # in days; this is evaluated on the weekly level per start
                    # of the week, so '30' keeps 3-4 weekly dumps
BASEDIR=/bak/dumps
GLOBALDUMPOPTS=Lua  # add 'n' for wall notifications
LOGFILE=/var/log/dump.log

# to add more filesystems to be dumped add the dump name in 'FSNAMES'
# and add the corresponding mount point variable (dumpname+path=mountpoint)
FSNAMES="root usr"  # this is used for dump directory name
                    # and to ID the path from a variable below
rootpath=/
usrpath=/usr

#####################################################################

DUMP=/sbin/dump
GZIP=/usr/bin/gzip
LOGGER=/usr/bin/logger

WEEKDAY=$(date +"%a")
DATE=$(date +"%Y%m%d")
HUMANDATE=$(date +"%d-%b-%Y")
HUMANDATE=`echo $HUMANDATE | tr '[:lower:]' '[:upper:]'`
HUMANTIME=$(date +"%H:%M (%Z)")
TODAYYR=$(date +"%Y")
TODAYMO=$(date +"%m")
TODAYDT=$(date +"%d")

# datestamp at midnight today
TODAYSTARTSTAMP=$(date -j +%s "${TODAYYR}${TODAYMO}${TODAYDT}0000")

# default lastdump to midnight today; it will be checked
# and and adjusted later
LASTDUMP=$TODAYSTARTSTAMP

# do not crete world-readable dumps!
umask 117

# make sure the logfile exists
if [ ! -e $LOGFILE ] ; then
   touch $LOGFILE
   chmod 660 $LOGFILE
fi

# make sure that entire week's incremental dumps are deposted
# in the same directory, even when a week spans new year
# NOTE: When the ending year has a partial 53rd week, there
# won't be a dump folder for the first week of the new year.
# The incremental dumps instead complete the 53rd week folder,
# even when the 1st week of the new year begins mid-week.
# However, the dates of the incremental dump files in the
# 53rd week folder correctly reflect the dates of the
# beginning year.
adjust_date(){
   local dateoffset=$1
   local epochnow=$(date +%s)
   local offsetsecs=`expr $dateoffset "*" 86400`
   local newepoch=`expr $epochnow "-" $offsetsecs`
   local year=`date -r $newepoch +"%Y"`

   if [ "$WEEKSTARTS" = "Mon" ] ; then
      local week=`date -r $newepoch +"%W"`
   else
      local week=`date -r $newepoch +"%U"`
   fi
   NEWEPOCHISO=`date -r $newepoch +"%Y%m%d0000"`

   #system week starts from `0', there is no calendar week `0'
   week=`expr $week "+" 1`
   YWEEK=${year}-${week}
}

# determines the 'distance' from the level 0 dump in days
if [ "$WEEKSTARTS" = "Mon" ] ; then
   case $WEEKDAY in
      Mon) adjust_date 0;;
      Tue) adjust_date 1;;
      Wed) adjust_date 2;;
      Thu) adjust_date 3;;
      Fri) adjust_date 4;;
      Sat) adjust_date 5;;
      Sun) adjust_date 6;;
      *) ;;
   esac
else
   case $WEEKDAY in
      Sun) adjust_date 0;;
      Mon) adjust_date 1;;
      Tue) adjust_date 2;;
      Wed) adjust_date 3;;
      Thu) adjust_date 4;;
      Fri) adjust_date 5;;
      Sat) adjust_date 6;;
      *) ;;
   esac
fi

mk_auto_dump(){

   local fsname=$1

   # get the current filesystem's path
   # as defined in the corresponding variable
   eval "local fspath=\$${fsname}path"

   # composite the dump path
   local dumppath=${BASEDIR}/${fsname}/${YWEEK}

   # make sure the dump directory for this week exists;
   # this automatically creates a new dump directory on
   # every Monday or Sunday (as selected by 'WEEKSTARTS')
   [ ! -d $dumppath ] && mkdir -p $dumppath

   # get name of the last file in the current dump directory
   local lastfile=`ls -ltr $dumppath | grep -v "^d" | tail -n 1 | awk '{ print $9 }'`

   # assume that the 'lastfile', if it exists, was not created today
   local dumped_today=false

   # if a file exists, check its modification date;
   # if it is at or after 00:00 today, set a flag to skip the dump
   if [ "$lastfile" != "" ] ; then
      local fq_lastfile=${dumppath}/$lastfile
      if [ -e $fq_lastfile ] ; then
         # get the last modification time for the most recently created dumpfile
         LASTDUMP=`stat -f %m $fq_lastfile`
         if [ $LASTDUMP -ge $TODAYSTARTSTAMP ] ; then
            local dumped_today=true
         fi
      fi

      # get the first and the last dump level for this directory
      local levelcommand="ls $dumppath | sed -e 's/^[[:digit:]]*\_//' | sed -e 's/\..*$//'"
      local firstlevel=`eval $levelcommand | head -n 1`
      local lastlevel=`eval $levelcommand | tail -n 1`

      # make sure level zero dump exists;
      # if it doesn't, start over
      if [ "$firstlevel" != "0" ] ; then
         # it doesn't matter if a previous dump exists from today
         # since we're starting over as level 0 dump is missing
         local dumped_today=false
         local dumplevel=0
         rm -f $dumppath/*.gz
      else
         # otherwise just increment the dump level
         # for levels 1-6, i.e. normally Tuesday thru Sunday
         local dumplevel=`expr $lastlevel "+" 1`
      fi
   else
      # no dump exists in this week's folder; reset level to '0'
      local dumplevel=0
   fi

   # skip the entire dump process if a dumpfile has
   # already been created for this filesystem today
   if [ "$dumped_today" = "false" ] ; then  

      # define the dump filename
      local dumpfn=${DATE}_${dumplevel}

      echo ---------------- >> $LOGFILE
      echo >> $LOGFILE
      echo BEGINNING LEVEL $dumplevel DUMP OF \'$fsname\' \(${fspath}\) FILESYSTEM ON $HUMANDATE AT $HUMANTIME >> $LOGFILE
      echo >> $LOGFILE
      echo Creating a snapshot of \'$fspath\'.. >> $LOGFILE
      # execute the dump
      $DUMP -$dumplevel -$GLOBALDUMPOPTS -f ${dumppath}/${dumpfn} $fspath >> $LOGFILE 2>&1
      local dumpresult=$?

      if [ "$dumpresult" != "0" ] ; then
         # log the dump result to syslog
         $LOGGER "$DUMP LEVEL $dumplevel DUMP OF $fsname (${fspath}) FAILED!"

         echo "*** DUMP FAILED - LEVEL $dumplevel DUMP of $fsname (${fspath}) ***" >> $LOGFILE
         echo >> $LOGFILE
      else
         # log the dump result to syslog
         $LOGGER "LEVEL $dumplevel DUMP of $fsname (${fspath}) COMPLETED SUCCESSFULLY!"

         echo >> $LOGFILE
         # compress the dump
         echo Compressing the dumpfile \'${dumpfn}\'.. >> $LOGFILE
         $GZIP -v ${dumppath}/${dumpfn} >> $LOGFILE 2>&1
         echo DONE >> $LOGFILE
         echo >> $LOGFILE

         # make sure dumps are not world readable (security risk!)
         echo Updating dumpfile \'${dumpfn}.gz\' permissions.. >> $LOGFILE
         chmod -v -v 440 ${dumppath}/${dumpfn}.gz >> $LOGFILE 2>&1
         echo DONE >> $LOGFILE
         echo >> $LOGFILE

         # reset current dump dir's timestamp to that of the level 0 dump
         touch -t ${NEWEPOCHISO} ${dumppath}

         # delete old dumps
         echo Deleting old \'$fsname\' dumpfiles.. >> $LOGFILE
         find $BASEDIR/$fsname -mtime +$KEEPDUMPS -maxdepth 1 -print -exec rm -rf {} \; >> $LOGFILE 2>&1
         echo DONE >> $LOGFILE
         echo >> $LOGFILE
      fi
   else
      local lastdump_readable=`date -j -r $LASTDUMP +"%H:%M"`
      local lastdump_readableZ=`date -j -r $LASTDUMP +"%Z"`
      local lastdumpmsg="Autodump for filesystem '$fsname' ($fspath) has already been executed today at $lastdump_readable ($lastdump_readableZ)."
      echo $lastdumpmsg
      $LOGGER $lastdumpmsg
   fi
}

# Dump filesystems defined in 'FSNAMES'
#
# Monday or Sunday (as selected by 'WEEKSTARTS') starts with
# the level 0 dump, with incrementals created through the rest of
# the week (autoincremented). If the level 0 dump is missing in
# the current week's folder for filesystem currently being backed
# up, it is created automatically instead of an incremental dump,
# no matter what day of the week it is.
for f in $FSNAMES
do
   mk_auto_dump $f
done

FreeBSD vs the world

Posted on by
Reply

As I upgraded few FreeBSD installations to FreeBSD 7.2 over the last couple of days, I took the customary stroll to see how FreeBSD continues to stack up against the Linux distributions.  And once again I determined it does so very well.  I’ve been a devout FreeBSD user for almost a decade, and every time I take a look at the Linux world I come back to the same conclusion: I like the fact that there is just one FreeBSD. It’s very well managed and its QA is excellent (not to mention its TCP stack is famed for being the most stable, and its ports collection rivals anything offered by Linux).

Here’re couple of useful sites for those wondering which OS to choose:

Polishlinux.org – Compare distros: FreeBSD vs. Debian – Comparison data is up to date and there are a lot of good user comments to sift through. You can also choose other distros to compare to.

Wikipedia – Comparison of BSD operating systems

And lastly, a good example of why the sheer number of Linux distros is disorienting: DistroWatch lists at least a few hundred Linux distros (plus couple of BSD derivatives).

End of C·O·M·O·D·O Firewall (only)

Posted on by
Reply

For few years now I’ve used the lightweight C·O·M·O·D·O firewall in conjunction with ESET nod32 AntiVirus. Both are lightweight and effective. Or were. ESET nod32 is still getting better with every consecutive release (the recently released 4.x, for instance, it lighter on system resources than its predecessor). But C·O·M·O·D·O just merged the “Personal Firewall” with their AntiVirus product hence effectively discontinuing the separate, lightweight and easy-to-configure firewall. Time to part ways — I’m not willing to use C·O·M·O·D·O’s A/V.

ZoneAlarm Pro may be the next good choice.

Fusemail auto-suspends spam-suspect accounts!

Posted on by
5

My troubles with Fusemail were caused by automated outbound spam filtering system Fusemail utilizes!  Fusemail filters all outbound email for spam and when their system thinks an email you’re sending is spam, it incredibly deactivates your account, automatically! According to their tech support (who finally returned my call 15 hours later) the block from a suspected spammer account is removed usually very quickly, and in case of my yesterday’s troubles the block removal, somehow, slipped through the cracks.

Once the account was reactivated, I tried re-sending the email that triggered the trouble, and sure enough, the account became blocked again! This time it was unblocked within minutes, but what’s concerning is that it’s just a standard business email with few paragraphs of text, a bulleted list, and few domain names mentioned.  I also sent it to an internal distribution list that I had defined in Fusemail.  No external recipients.

So, basically, it seems I’m not allowed to send this email because the email is rejected before it’s sent, and then my account becomes blocked until they unblock it.  What an incredibly, incredibly stupid way of operating an email gateway service!! Because any outbound message that you send can be considered spam and thus lead to the automated account suspension—and if you run a spam filter you know that ‘good’ emails get trapped in the spam filter now and then while an occasional spam mail gets through—Fusemail can in a business setting be only considered a mail RECEIVING service.  Imagine sending a completely innocuous email in the middle of a busy day, and your account becomes suspended if their automated filtering system deems your email spam! Perhaps they’ll unblock it in a few minutes, but how many inbound messages bounce during that time? Or, like in my case, you send an email on Saturday evening and your account is suspended until the next morning — both for sending and receiving.

It is reasonable for a mail service provider to monitor outbound mail for spam to prevent abuse of their systems.  But rather than having an automated system block accounts on its own, it should absolutely work in reverse where potential spammer accounts would be flagged for suspension, and then a technician would assess whether the user was indeed sending spam.  My guess is that false positives occur way more often than actual spammers being shut down; and besides, it’s much less of a problem if a spammer get few messages out before being shut down than legitimate users being shut down on suspicion. Otherwise, like in the case of my email that triggered the trouble, I can never send the message without reformatting it (or, perhaps, sending it individually to all intended recipients). For all I care I should be able to send GTUBE message through the system without it getting blocked. I’m not sending spam.

Fusemail is still a reasonably good solution for receiving mail; it has integrated spam-filter even with an optional sender confirmation, and there is [supposedly] reasonable amount of redundancy so mail reception for multiple accounts is more stable than, say, running an internal singular mail server.

But for outbound email I will be setting up an internal SMTP server.  I can’t risk an outbound email disabling mail reception for an unknown period of time. If you’re considering Fusemail, then consider running Postfix on *NIX, or perhaps some simple Windows SMTP server like Corporate SMTP Server locally for outbound mail.

Fusemail, this sucks! Fix it!

Fusemail, strike one

Posted on by
27

Over last several weeks I’ve gradually externalized both my own and my employer’s mail systems from internal servers to an outsourced service.  My own mail has been running for years on qmail on FreeBSD.  It’s worked well, but the age of my own server has become a growing concern, and in general in event of a system failure mail would not flow – that’s not good, and nobody’s going to fix it if I’m out of town.  So paying couple of bucks per month per mailbox is—at least in theory—worth it to not have to stress over mail system (even though I’ve found Postfix/Dovecot really interesting and actually quite pleasant to configure.. I was going to move the qmail system to Postfix before I started thinking about outsourcing the whole thing to save time).

Meanwhile, my employer’s email has been running on Exchange for several years, starting preceding my time with the company.  It has been a grief, though I’m sure it’s partially due to the fact that the the mail server is also the domain controller of a small office LAN. But why should it be? Qmail or Postfix run quite well on a Linux/*BSD server with Apache, MySQL, BIND. So I’ve been looking forward getting rid of Exchange, and migrating to Postfix/Dovecot system until, again, I started thinking that perhaps it’s not worth the stress to run an internal mail server. I’m the only person tending to it and, say, if I’m on a vacation and the mail goes down, it would not be good.

Once I started considering outsourcing email an option, I started evaluating various services. Fusemail and Mailtrust quickly bubbled to the top. Fusemail has more features, and the deciding factors (in Fusemail’s favor) were the ability to adjust the spam filtering (Mailtrust only has “on” or “off” options which is a bit scary — if the filtering is too stringent or too lenient, there’d be nothing that could be done about it.. Mailtrust’s rep suggested that I might want to look into an external spam filtering solution if I wanted more control.. but no thanks; I had been running Katharion for mail filtering for several months which worked ok, but if I was going to outsource the mail, I wanted an integrated solution), and the ability to increase a mailbox allocation for an individual user by purchasing more user accounts and allocating their mailbox allowance to the existing users. Mailtrust is fixed to 10Gb.

On the web there is about 50/50 comments for and against the quality of support for both Fusemail and Mailtrust, so from the comments alone it was impossible to deduce which service would have better support. Pre-sales support was slightly better on Fusemail side, and the few quirks ran across during setup have been addressed satisfactorily.

Strike One

Tonight (Saturday evening) around 18:00 my user account under my employer’s master account suddenly disappeared.  I access mail from Outlook via IMAP, and suddenly Outlook prompted for the account password. So I logged in to Fusemail admin account and clicked on my user name. [Paraphrasing] “Cannot edit terminated user account”.  What?! To terminate a user account in Fusemail you have to check the checkbox next to the user name, click “Terminate”, check another checkbox (“yes, I’m sure I want to do that”), and then click on “Yes”. Only then does a user account get removed, or scheduled for deletion as it takes many, many hours for the username actually be purged from the system so that it can be taken into use again. I most certainly did not execute those steps.  I’m the only one with access to that admin account, and the password is sufficiently complex so that it’s very unlikely the account would’ve been compromised. This leaves system error as the most likely cause.  I called the emergency support around 18:30 and left a message (they claim to have someone on call), then again again around 20:00, and also opened an “Urgent” support ticket through their support system at 22:40.  It’s now over six hours since my first “emergency” support request, so I can only assume the on-call person has gone to party (or that they don’t have an on-call tech in the first place). The emergency support number instructs the caller that “while the support technician is not immediately available, it does not mean that support would not be available immediately”. It’s looking like they were wrong.

I didn’t lose a tremendous amount of email (and perhaps Fusemail can restore it), but during this downtime emails to my account which has multiple “admin” aliases are being rejected.  If I was running my own mail server I could obviously have fixed a problem already, but an outsourced solution is supposed to *reduce* system management stress.

Longevity of this outsourcing attempt depends largely on how Fusemail will deal with this situation. Having to reconfigure my user account and its associated aliases would be annoying, but more than restore I want to know what caused the problem, can they be sure to prevent it from recurring, and what’s the deal with the non-existent emergency support.

If the deleted account would’ve been that of the CEO of my employer, or my personal primary account (which I have also outsourced to Fusemail in a separate account), this first strike would’ve likely been also the last for Fusemail.

Couple of considerations for those who’re comparing, say, Fusemail and Mailtrust, or considering mail outsourcing in the first place:

  • Forward/distribution management is currently better implemented in Mailtrust.  It’s workable in Fusemail, but it’s more straightforward in Mailtrust. If this is an important feature to you, pay attention when you’re comparing the services.
  • Secure connections (SMTP, IMAP, POP) work better with Mailtrust than with Fusemail. Fusemail is supposedly looking into this. Not a huge issue for me since the SMTP traffic is generally not encrypted anyway, so encrypting the last leg (from the service to the client) isn’t very significant.
  • Fusemail’s IMAP is not blazingly fast even when accessed from a fast net connection. Same goes occasionally for their web client. They are, however, generally within acceptable limits.
  • A general comment if you’re using SPF: when you use a service provider’s SMTP servers you can’t positively lock down who’s authorized to send mail for your domain. If someone who’s hosting their mail at Fusemail decides to send spam spoofing one of my domains, they’ll appear as authorized for the recipient’s spam filter since I’ve authorized Fusemail’s SMTP servers in my domains’ SPF records.
  • Test (!) the support of different providers by sending them a support request on Saturday evening. See when you get a response. Fusemail claims on their website: “24x7x365 Support”, but I’m now finding that it is not completely solid; it should instead read: “You can leave us a message 24x7x365″.
  • If you don’t have large number of users to support and they use IMAP to access the remote email, consider setting up backup mailboxes at gmail (free!), and creating a mail rule (available at least in Fusemail) which automatically copies those backup mailboxes for all inbound email.