Install BackupPC on CentOS 6.3

  1. You need to have a running CentOS 6.3. I installed it with minimal components on a VM via Hyper-V 2; “lean but mean” so to say. 
  2. Using Putty, connect to your CentOS box and install these useful tools:
    • wget – an easy-to-use CLI download tool.
    • nano – a file editor for humans.
    • screen – I like this tool because it allows you to have different screens for every task you to do; very useful, it enhances your Putty experience 
    • man – your dependable CLI technical support.

    Use this command yum -y install man nano screen wget

  3. You need to add two special repositories, EPEL and REMI. A number of the packages we need for this endeavor is not part of the Red Hat / CentOS package manifest.
    wget -c
    wget -c
    rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm
  4. Enable the REMI repository.
    nano /etc/yum.repos.d/remi.repo 

    Edit and save the above file to reflect this:

    name=Les RPM de remi pour Enterprise Linux $releasever – $basearch

  5. Install the BackupPC pre-requisites.
    yum -y install perl-Compress-Zlib perl-Archive-Zip perl-File-RsyncP perl-suidperl openssh-clients expect 
  6. Do an update, then upgrade, to make sure everything is up-to-date.
    yum -y update
    yum -y upgrade 
  7. We need to create the user account that BackupPC will use and assign a password for it.
    adduser backuppc
    passwd backuppc 

    You will be prompted to key-in your desired password. Remember this password ’cause you will need it later.

  8. And now folks, the moment you’ve all been waiting for, the BackupPC installation!  
    yum -y install BackupPC 

    I wish the command was longer or better yet, extremely complex but that’s just it… 

  9. After the package installation, two biggies are now in place, Apache and BackupPC. Verify that these services are listed in the startup script.
    chkconfig –list backuppc
    chkconfig –list httpd 

    Notice that both are turned off.

  10. We need to make these two services start at startup. Do this:
    chkconfig backuppc on
    chkconfig httpd on 
  11. You’re probably guessing what’s Apache got to do with BackupPC; well, it runs the web interface but we need to do some tasks before we can use it. We first need to create the access file.
    htpasswd -c /etc/BackupPC/apache.users backuppc 

    You will be prompted for a password; just key-in the password you assigned the backuppc user awhile back.

  12. Edit and save the BackupPC configuration file for Apache.
    nano /etc/httpd/conf.d/BackupPC.conf 

    Your changes should reflect something like this:
    order deny,allow
    deny from all
    #allow from
    #allow from ::1
    allow from all
    AuthType Basic
    AuthUserFile /etc/BackupPC/apache.users
    AuthName “backuppc”

  13. As a safety precaution, make a duplicate of the BackupPC main configuration file.
    cp /etc/BackupPC/ /etc/BackupPC/ 
  14. We’ll use screen to help us accomplish this next task.
    nano /etc/BackupPC/ 

    In nano, press CTRL + W; this will invoke the search facility. Search for this parameter $Conf\{ServerMesgSecret\}.

    Now, press CTRL + A + C; this will open another screen. Run this command:
    mkpasswd -l 32 -d 16

    Highlight the output then press CTRL + A + P; this will bring you back to the previous screen. Right-click your mouse to paste the output between the single quotes of the aforementioned configuration parameter. You should have something like this:
    $Conf{ServerMesgSecret} = ’7687nR848l39etpm7812w1f-pj3iEpb7′;

    Next, search for this parameter $Conf{CgiAdminUsers} and add backuppc. You should have something like this:
    $Conf{CgiAdminUsers} = ‘backuppc’;

  15. This time, edit the Apache configuration file.
    nano /etc/httpd/conf/httpd.conf 

    Changes should reflect these changes:
    User backuppc
    Group apache
    ServerName actual_server_hostname_or_IP_Address:80
    (e.g. ServerName

  16. Now, the secret that made the BackupPC web interface work:
    iptables -I INPUT -p tcp –dport 80 -j ACCEPT
    /sbin/service iptables save 

    Just to make sure the firewall entry was saved, we verify.
    cat /etc/sysconfig/iptables. Result below:

    # Generated by iptables-save v1.4.7 on Mon Oct 15 15:57:49 2012
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [4:464]
    -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
    -A INPUT -j REJECT –reject-with icmp-host-prohibited
    -A FORWARD -j REJECT –reject-with icmp-host-prohibited
    # Completed on Mon Oct 17 15:57:49 2012

  17. We now are nearing completion, let’s start the services.
    service httpd start
    service backuppc start 
  18. The finale, access the BackupPC web interface. 



2 thoughts on “Install BackupPC on CentOS 6.3

  1. BackupPC SSH Keys
    Since concentrating on rsync backups, you’ll want to create passwordless keys used for the backuppc process to connect remotely to your hosts being backed up. As root create the hidden SSH directory under /var/lib/backuppc and change the permissions accordingly.

    # cd /var/lib/backuppc
    # mkdir .ssh
    # chown backuppc.backuppc .ssh
    # chmod 700 .ssh

    Next, drop in as the backuppc user. You’ll have to specify a shell because by default the backuppc user has no shell assigned to it. Then create the passwordless SSH keys using ssh-keygen.

    # su -s /bin/bash backuppc
    bash-3.2$ ssh-keygen -t dsa

    Generating public/private dsa key pair.
    Enter file in which to save the key (/home/backuppc/.ssh/id_dsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/backuppc/.ssh/id_dsa.
    Your public key has been saved in /home/backuppc/.ssh/
    The key fingerprint is:

    Server Key to Client
    For each client you’re going to configure backups for, you’ll need to copy the key you created from the server over to the client. To do so, continue from the last step, and run the ssh-copy-id command while still logged in as the backuppc user on the server.

    bash-3.2$ ssh-copy-id -i .ssh/ root@host_to_backup

    It should have copied the key over to the host, and then also logged you into the host with SSH.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s