Mamadou Babaei

Update 1 [2016/09/23]: OmniBackup now officially supports GNU/Linux. More info…

Update 2 [2016/09/23]: Official documentation moved to GitHub which means this guide won’t be maintained anymore and maybe out of date or inaccurate.

A week ago was System Administrator Appreciation Day. It is celebrated on the last Friday in July and it has been celebrated since July 28, 2000. But, system administrators know not all days are like that day. They face many hard times and struggles during their careers and the worse of them all is either a security breech or data loss.

For so many years I’ve been writing and maintaining backup scripts on and on, for every single database I added, for every single directory with critical data, or any other service I was running on every new server I got my hands on. In the end, I found myself ended up in a pile of backup scripts and multitudinous cron entries which was a nightmare to keep track of. I even had to manage the schedule so that two backup scripts do not run at the same time. Even more, I had to manually track the backups to see whether they were successful or not. Also, someone has to manually delete the old ones to make rooms for the next ones.

Therefore, I came up with an elegant solution to replace the old process which I found exceptionally error-prone. An end to all my hardships which I call OmniBackup. At last, I’m able to confidently keep abreast of all the ever-growing data that I have to keep safe.

“So, what exactly is OmniBackup?” you may ask. “A fair question,” I would say. OmniBackup is a MIT licensed Bash script which delivers the following set of features:

• Configuration and customization of backup mechanism through JSON
• Support for OpenLDAP backups
• Support for PostgreSQL backups as a whole or per database
• Support for MariaDB and MySQL backups as a whole or per database
• Support for filesystem backups with optional ability to follow symbolic links
• Support for pluggable customized scripts to extend OmniBackup functionality beyond its original design which allows support for many different backup scenarios that has not been built into OmniBackup, yet
• Backup file name tagging which allows including date or host name in the archive name
• Online backup without a prerequisite to suspend any service
• Support for customized backup tasks priority order
• Support for multiple backup servers
• Ability to always keep a copy of backups offline
• Ability to keep a copy of backups offline if no backup server is available, or in case of an error such as a file transfer error
• Secure file transfer through SSH / SCP protocol
• LZMA2, gzip and bzip2 compression algorithms along with different compression levels to maintain a balance between speed and file size
• Ability to preserve permissions inside backup files
• Support for symmetric cryptography algorithms AES-128, AES-192 and AES-256 (a.k.a Rijndael or Advanced Encryption Standard)
• Random passphrase generation for encrypted backups with variable length and patterns or a unique passphrase for all backups
• Support for RSA signatures to verify the backup origin and integrity
• Passphrase encryption using RSA public keys for individual backup servers
• Backup integrity verification by offering hash algorithms such as MD4, MD5, MDC-2, RIPEMD160, SHA, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 and WHIRLPOOL
• Optional Base64 encoding
• System logs and a standalone log file including all details
• Reporting through email to a list of recipients with ability to include passphrases
• Customized mail subject for successful and failed backup operations
• Customized support message for reports
• Crontab integration
• Custom temporary / working directory
• Automatic and smart clean-up ability
• One instance only policy which avoids running multiple instances by mistake at the same time, therefore avoids system slow-down
• An example configuration file in JSON format to get you up and running

There is also a list of planned features and TODOs which did not make it into 0.1.0 release:

• Restore script
• GnuPG integration
• SFTP and FTP support
• Refactoring and code clean-up
• Any potential bug fixes

Disclaimer: Please be wary of the fact that this script has approximately 3.5 K lines of Bash code and devoured hell of a time from me to write and debug. You should also consider that this is my first heavy Bash experiment and I may not write quality code in the language since I’m a newcomer to Bash. I do not claim that OmniBackup is production ready, that’s why I did version the first release at 0.1.0. Also keep in mind that OmniBackup heavily relies on 3rd-party software which increases the chance for fatal bugs, therefore losing data. So, I provide OmniBackup without any warranties, guarantees or conditions, of any kind and I accept no liability or responsibility for any misuse or damage. Please use it at your own risk and remember you are solely responsible for any resulting damage or data loss.

Credits: Many thanks go to my fellow and long-time friend, Morteza Sabetraftar for his help and ideas without whom OmniBackup lacked features or quality. Another kudos goes to my brother Amir by releasing me from shopping, cooking and house-cleaning without even mentioning it, an invaluable and priceless assistance that encouraged me even more to use my best endeavours to get this task done.

Please, feel free to clone and modify it as you wish. Pull requests for new features, improvements or bug fixes are also very welcome.

• OmniBackup on GitLab
• OmniBackup on GitHub

The rest of this post serves as a comprehensive guide on how to setup OmniBackup in order to backup and restore all your critical data in a production environment.

There is an old saying that the only safe computer is one that’s disconnected from the network, turned off, and locked in an underground bunker—and even then you can’t be sure!

Since most of us can’t afford to keep our servers in an underground bunker, the least little thing that could have been done in order to keep their threat exposure at rock-bottom is protecting them by running a combination of a firewall and an intrusion prevention system or IPS (a.k.a intrusion detection and prevention systems or IDPS). Surely, that alone proved insufficient and other security measures and best practices should also be considered.

This blog post covers setting up a basic secure and stateful IPFW firewall on FreeBSD along with Sshguard by iXsystems Inc as intrusion prevention system.

I can only say wow! Packt Publishing has just released their comprehensive IT industry salary reports, with data from over 20,000 developers around the globe.

If you really want to identify or get an idea of the upcoming trends over the next few years, you should consider this comprehensive analysis in order to get the most out of your career and skills. This report covers four segments of IT industry including Web Development & Design, Application Development, Security & System Administration, and Data Science & Business Intelligence, making this one of the most comprehensive surveys in recent years.

Modern web development is filled with an abundance of tools and technologies, but it’s difficult to know where to begin. You want both efficiency of your work and high performance of your site; Gulp brings that right to your doorstep. With its rising popularity, you don’t want to leave Gulp out of your toolbox.

Until not so long ago, to add my own cron jobs I always had the habit of modifying /etc/crontab on my FreeBSD system which turned out to be wrong. In simple words, there are two types of crontab files:

• System crontab which should not be altered due to the troubles it cause during FreeBSD upgrades
• User crontab which has one less column than the system crontab file

From 30th April, 2015 Packt Publishing has thrown open the virtual doors of its new Free Learning Library and offering its customers a daily chance to grab a fresh free eBook from its website. The publisher is encouraging people to learn new skills and try out new technologies and so every day it will be offering a different eBook from its huge list of titles free for anyone to download.

Well, I was living a happy life with Octopress 2.x despite the fact that I didn’t do much blogging in the past couple of years. Moreover, in my estimation Octopress still should be considered as one of the greatest blogging platforms among its peers and I really got nothing against it. But, I see a few shortcomings which made me looking for alternatives (and some of these still affects the 3.x version of Octopress):

Digital Restrictions Management (DRM) harms almost everyone, but most people have never heard of it. Today is one of our best opportunities to change that.

There are people around the world coming together to say that we will not tolerate the remote deletions, unethical surveillance, and invasive restrictions of DRM. In fact, with events in at least nine countries and huge online participation, it’s the world’s biggest anti-DRM protest.

Well, I just found out that this year, to demonstrate their continuing support for Day Against DRM, as they celebrates International Day Against DRM, May 6th 2015, Packt Publishing is offering all its DRM-free content at $10 for 24 hours only on May 6th – with more than 3000 eBooks and 100 Videos available across the publisher’s website.