Backup Script, how can I make it better/secure?

Backup Script, how can I make it better/secure?

Posted by: basskozz
Posted on: 2009-05-19 13:36:00

I made a backup script to backup a domain, a sub-domain, and a MySQL DB. The domain is standard HTML/Flash, the subdomain is a Magento Store, and the DB is the Magento DB. Here is what the script looks like:

In reply to:

#!/bin/sh
###
# 5/19/09
# backup.domain.com.sh
# Backup /domain.com & /store.domain.com & mysql.domain.com
###

TODAYSDATE="$(date +"%Y%m%d")"
DOTCOMSOURCE="/home/user/domain.com"
DOTCOMDESTINATION="/home/user/BACKUPS/$TODAYSDATE/domain.com-BACKUP-$TODAYSDATE.tgz"
STORESOURCE="/home/user/store.domain.com"
STOREDESTINATION="/home/user/BACKUPS/$TODAYSDATE/store.domain.com-BACKUP-$TODAYSDATE.tgz"
MYSQLDBDUMP="/home/user/BACKUPS/$TODAYSDATE/mysql.domain.com-BACKUP-$TODAYSDATE.sql"
LOG="/home/user/BACKUPS/$TODAYSDATE/domain.com-BACKUP-$TODAYSDATE.log"

mkdir $TODAYSDATE
echo "Backup .COM Begin: $(date)" >> $LOG
tar cvpzf "$DOTCOMDESTINATION" "$DOTCOMSOURCE" >> $LOG
echo "Backup .COM End: $(date)" >> $LOG
echo "#######################" >> $LOG
echo "Backup STORE Begin: $(date)" >> $LOG
tar cvpzf "$STOREDESTINATION" "$STORESOURCE" >> $LOG
echo "Backup STORE End: $(date)" >> $LOG
echo "#######################" >> $LOG
echo "Backup MySQL DB Begin: $(date)" >> $LOG
mysqldump --opt --user=****** --password=****** --host=mysql.domain.com magento_**** > $MYSQLDBDUMP
tar cvpzf "$MYSQLDBDUMP.tgz" "$MYSQLDBDUMP" >> $LOG
rm $MYSQLDBDUMP
echo "Backup MySQL DB End: $(date)" >> $LOG

A couple of problems:
1. The username and passwords for the MySQL Dump are stored in plain text. How can I make this more secure? Can other DreamHost users navigate into my home directories and read this?
2. When I run the script I get the following messages:

In reply to:

tar: Removing leading `/' from member names
tar: Removing leading `/' from member names
tar: Removing leading `/' from member names

Why is that? Should I be worried?
...
Any/All idea's on how to make this script better &/or more secure would be greatly appreciated.
TiA,
-BassKozz

Re: Backup Script, how can I make it better/secure

Posted by: sdayman
Posted on: 2009-05-19 15:03:00

If you turned on Enhanced User Security in the panel for Users -> Manage Users and then Edit, your home directory is locked up and others can't get in. Besides, the username and password are probably in some other file for your site.

When making tarfiles, I use relative paths since at home, I don't have a /home/USERNAME/example.com/blahblah like it is here.

-Scott

Re: Backup Script, how can I make it better/secure

Posted by: basskozz
Posted on: 2009-05-19 15:14:00

Ok, Enhanced Security is enabled :-)

As for relative paths, I did some research and according to what I've found if I add the "P" option to my tar command that should eliminate the warning messages I was getting:

In reply to:

tar: Removing leading `/' from member names

according to the man page (http://unixhelp.ed.ac.uk/CGI/man-cgi?tar):

In reply to:

-P, --absolute-names
don't strip leading `/'s from file names

So should I use "-P" ?
Relative vs. Absolute paths is confusing to me crazy

Re: Backup Script, how can I make it better/secure

Posted by: sdayman
Posted on: 2009-05-19 16:04:00

You may stick with absolute paths if you want to put the files back *exactly* where they came from. There may be an option to restore *to* a relative path, but if you do a standard extract, it'll want to put them back where they came from.

The disadvantage of all of this is that it's pretty convenient to restore to a different location and easily pull just what you want.

-Scott

Re: Backup Script, how can I make it better/secure?

Posted by: basskozz
Posted on: 2009-05-30 09:44:00

Ok I am trying to make a restore script now to restore from the backups I made with the backup script.
Here goes:

In reply to:

#!/bin/sh
###
# 5/30/09
# restore.domain.com.sh
# RESTORE /domain.com & /store.domain.com & mysql.domain.com
# You must enter the DATE you want to restore from
###

echo -n "Please Enter the RESTORE DATE you would like to Restore (YYYYMMDD): "
read -e RESTOREDATE

DOTCOMDESTINATION="/home/user/domain.com"
DOTCOMSOURCE="/home/user/BACKUPS/$RESTOREDATE/domain.com-BACKUP-$RESTOREDATE.tgz"
STOREDESTINATION="/home/user/store.domain.com"
STORESOURCE="/home/user/BACKUPS/$RESTOREDATE/store.domain.com-BACKUP-$RESTOREDATE.tgz"
MYSQLDBDUMP="/home/user/BACKUPS/$RESTOREDATE/mysql.domain.com-BACKUP-$RESTOREDATE.sql"
LOG="/home/user/BACKUPS/$RESTOREDATE/domain.com-RESTORE-$RESTOREDATE.log"


echo "Restore .COM Begin: $(date)" >> $LOG
tar -C "$DOTCOMDESTINATION" -xvzf "$DOTCOMSOURCE" >> $LOG
echo "Restore .COM End: $(date)" >> $LOG
echo "#######################" >> $LOG
echo "Restore STORE Begin: $(date)" >> $LOG
tar -C "$STOREDESTINATION" -xvzf "$STORESOURCE" >> $LOG
echo "Restore STORE End: $(date)" >> $LOG
echo "#######################" >> $LOG
echo "Restore MySQL DB Begin: $(date)" >> $LOG
tar -xvzf $MYSQLDBDUMP.tgz >> $LOG
mysql --user=****** --password=****** --host=mysql.domain.com magento_**** < $MYSQLDBDUMP
rm $MYSQLDBDUMP
echo "Restore MySQL DB End: $(date)" >> $LOG

How does that look, am I missing anything? I am nervous to test this out, because I don't want to screw anything up, and I am new to scripting. So I appreciate all comments.
Thanks in advance,
-BassKozz

Tags: backup scriptmysql dbsubdomainreply