ComputerLab.v7

From Access Information
Jump to: navigation, search


Installing New Server Mrepo smartd RAID Hardening YUM Crontabs LogWatch systemctl firewalld CentOS 7
Packages
 Apache Bind Cacti DHCP mariadb Samba Sarg Sendmail Smokeping Rsync Work Apps
Problems VPN VPN Win Extras Bash MailScanner Horde Google CE Wake Up KVM
Other Computer Lab ISO2USB aiContact Google CE Android USB Live SRS XML

Objective:

  1. Have a computer lab of xx computers.
    1. Any student can go to any computer, login to their account and see their work.
    2. All work is stored on the server.
  2. The computer sets it's self to a steady state any time a user logs in
    1. With the exception of icons on the desktop
  3. Only the administrator can install new programs
  4. The computer can be wiped back to a factory default.

Possible solutions

http://www.nongnu.org/rdiff-backup/

  • rsnapshot : is in yum
  • snapper : is in yum
  • backintime : via scripts


Snapper

yum install snapper.x86_64 snapper-devel.x86_64 snapper-libs.x86_64 pam_snapper.x86_64

Hmm, seems dependant on also creating file systems

rsnapshot

https://wiki.centos.org/HowTos/RsnapshotBackups 

yum install rsnapshot

mkdir /etc/rsnapshot
mkdir /srv/backups/snapshots -p
mkdir /var/log/rsnapshot

Make a rsnapshot user 

adduser rsnapshot
cd /home/rsnapshot/
su rsnapshot

with SSH keypair 

ssh-keygen -t dsa

Installing keys on hosts

After you get a key created on the rsnapshot server, you can easily append the public key to the appropriate file remotely if you already have SSH access. Do not append the other non-public key. Run the following from the rsnapshot server to the remote host you wish to backup. I am not a big fan of having root access ssh, but as this for an internal computer lab, with no machines pointing at the Internet natively, I am making an exception. 

ssh root@192.168.0.38 "mkdir ~/.ssh"
cat ~/.ssh/id_dsa.pub | ssh root@192.168.0.38 "cat >> ~/.ssh/authorized_keys"
ssh root@192.168.0.38 "chmod 700 ~/.ssh"
ssh root@192.168.0.38 "chmod 600 ~/.ssh/authorized_keys"

Also the ~/.ssh/id_dsa private key needs to be copied in to /root/.ssh for the backup command to work with our passwords Test autologin 

ssh -vvv -i /home/rsnapshot/.ssh/id_dsa root@192.168.0.38

There si something going on here between authorized_keys & authorized_keys2

You may wish to turn off password logins via SSH now on the remote host, but that's for you to decide. If you decide to do so, edit /etc/ssh/sshd_config. Make sure you turn PasswordAuthentication and PermitEmptyPasswords to say no. Also, I'm not a security expert, but you should change permissions on your .ssh directories and files to something like below. Please correct me if I have the permissions listed incorrectly. 

chmod 700 .ssh; chmod 600 .ssh/authorized_keys

Not Working

Needs password for command 

/usr/bin/rsync -a --delete --exclude-from=/etc/rsnapshot/laptop.exclude --rsh=/usr/bin/ssh root@192.168.0.38:/ /srv/backups/snapshots/laptop/daily.0/laptop/

but not 

/usr/bin/rsync -auvtP --delete --exclude-from=/etc/rsnapshot/laptop.exclude -e "/usr/bin/ssh -i /home/rsnapshot/.ssh/id_dsa" root@192.168.0.38:/ /srv/backups/snapshots/laptop/daily.0/laptop/

Problem was that I did not have ~/.ssh/id_dsa.pub in /root/.ssh

Workstations

New Users on all Computer lap PCs

Server

  • Did you find this page useful?
  • Do you have an issue that you have not yet fixed?

We can do this for you.

I am available for technical support. Please follow this link. Tech Support Request.
+64-6-880-0000 : ++1-808-498-7146 : help@ai.net.nz
Getting us to help you

Retrieved from "http://ai.net.nz/wiki/index.php?title=ComputerLab.v7&oldid=2209"