Get in Touch
Back to main blog page

Time machine – Back to the future!

13th February 2020 | posted by David Acland

The following are the notes from the presentation given by James Bousfield to the LAA’s community on 13th Feb 2020.

Security Considerations:

  • All data sent over the network should be encrypted from end to end.
  • Data stored on any disk should be encrypted using a minimum of SHA-256 encryption where possible
  • Change the default ports for any known ports, eg: 22 for SSH should be changed before using this.
  • User authentication should only be used when being accessed from known locations and where Authorised SSH Keys are not possible.

The use of rsync to complete backups:

Local machine cloning of files / folders:

This is used to clone a single file / Folder from one area on a machine to another. This wouldn’t classify as a backup, but a clone of information

 rsync -rhlH $source $destination 

Cloning of files / folders over a network:

This would be used to create a clone of the information desired on another machine. This could be classified as a backup but not a great one as there is no history and is a snapshot style backup.

 rsync  -rhlH -e “ssh -p $sshport” $source $username@$server:/$path/

Add the Variable for Date in a pre-defined format:

This is to start building on a snapshot backup solution with some history involved in the backups.

 folder=$(date +%Y-%m%d-%H%M)

Add Hard-Linking of files/ folders to save space:

Again, this builds on the above by being able to link the last backup to a latest file using a symlink that can be referenced later when cleaning up the backups.

 ssh -p $port $UserName@$Server "rm $Path/latest”
 ssh -p $port $username@$Server "ln -s $path/$folder $path/latest”

Combine this with Hard-Linking of files / folders for space efficiency:

rsync --progress -rhlH -e "ssh -p $port" —link-dest=$path/latest "$source" $username@$server:$/path/$folder

Make the backup run a little faster:

By limiting the check to size only, this will limit the amount of checks completed by the rsync process to speed up the backup process.

Add the filter to check only for size differences : —sizeonly

Merge an excluded files list in to the script:

By completing a merge of a list of exclusions, you can specify some files / file types that will be removed from backups. Candidates for this would be files like:

.DS_Store

.afp_deleted

rsync --progress --size-only -rhlH --filter='merge /Library/Backups/exclusions.txt' -e "ssh -p $port" --link-dest=$path/latest "$source" $username@$Server:$path/$folder

Add some integrity checks:

These were added to ensure that if anyone was able to spoof then DNS or repoint the client to a new server, it would check for our SSH Key and confirm the identity of the server that is receiving data.

if [[ $(ssh-keyscan -p $port -t ecdsa-sha2-nistp256 $Server 2>/dev/null | awk '{print $3}') == “$fingerprint Key” ]]

then

    writelog "Server fingerprint check: PASSED"

else

    writelog "##### ERROR ##### Server fingerprint mismatch.  This isn't the server you are looking for...  Exiting with error code 1"

    exit 1

fi

The complete script:

################################################################################

####                     Check server is the right one                      ####

################################################################################

if [[ $(ssh-keyscan -p $port -t ecdsa-sha2-nistp256 $Server 2>/dev/null | awk '{print $3}') == "$fingerprint" ]]

then

    writelog "Server fingerprint check: PASSED"

else

    writelog "##### ERROR ##### Server fingerprint mismatch.  This isn't the server you are looking for...  Exiting with error code 1"

    exit 1

fi

################################################################################

####                           Run the backup                               ####

################################################################################

writelog "Running sync"

rsync --size-only -rhlH --filter='merge /Library/Backups/exclusions.txt' -e "ssh -p $port" --link-dest=$path/latest "$source" 

$username@$Server:$path/$folder

writelog "Sync complete, creating latest symlink"

ssh -p $port $username@$Server "rm $path/latest"

ssh -p $port $username@$Server "ln -s $path/$folder $path/latest"

Other Articles

Time machine – Back to the future!
13th February 2020

The following are the notes from the presentation given by James Bousfield to the LAA’s…

maya
Deploying Autodesk Maya 2018 with Jamf Pro
19th February 2018

Hi all. I recently had the pleasure of deploying Autodesk Maya 2018 with Jamf Pro…

How to hide your Desktop icons during a presentation
13th January 2020

If you have ever presented from your Mac and showed the full contents of your…

I’m Spartacus
13th June 2018

Apple CodeSigning vulnerability A new vulnerability has been announced in the tech news this week…

LJMU – Jamf project feedback
6th July 2020

We have recently completed an Apple management project with Liverpool John Moores University, Alex Parker…

About moof IT

moof IT are an Apple focused IT company providing a full range of services to over 150 clients including user support, device management, infrastructure and security.

Contact Info

Tel: 0203 983 4444

Email: hello@moof-it.co.uk

London: 1st Floor 20 Noel Street London W1F 8GW

Manchester: The Sharp Project, Thorp Rd, Manchester M40 5BJ

Surrey: Unit 9B, Southbridge House, Southbridge Place, Croydon CR0 4HA

Social Media