3.3 features

From The Open Source Backup Wiki (Amanda, MySQL Backup, BackupPC)

Jump to: navigation, search

Contents

3.3.9

  • new --with-security-file configure option
    • It set the default security file
    • default to /etc/amanda-security.conf
  • security-fix
    • All previous release of amanda allow the 'amanda' user to execute any code as root, and to execute an interactive shell as root.
    • This is a security vulnerability if you do not trust the 'amanda' user.
    • There is no need to upgrade if you trust the 'amanda' user and the account is secure.
      • good password
      • secure xinetd.conf setting
      • secure .amandahosts setting
    • The 'amanda' user can read all files in the machine, it is what a backup program do.
    • The set of fix disable the abilities to run unwanted code as root or to write file anywhere in the filesystem.
  • /etc/amanda-security.conf
    • A file that contains security setting.
    • It list all binaries amanda can execute as root
    • restore_by_amanda_user
      • It tell if the 'amanda' user can do restore as root.
      • It allow the 'amanda' user to write files anywhere in the filesystem
    • see: man amanda-security.conf
  • amgtar/amstar/ambsdtar/runtar
    • Disable arguments that can fork program.
    • Verify the realpath (with symbolic link resolved) is in the amanda-security.conf file.
    • Verify the tar/star/bsdtar realpath program is secure
      • owned by root and modifiable only by root.
    • On restore, check the restore_by_amanda_user setting if not run by root.

3.3.8

  • s3 device
    • New NEARLINE S3-STORAGE-CLASS for Google storage.
    • New AWS4 STORAGE-API
  • amcryptsimple
    • Works with newer gpg2.
  • amgtar
    • Default SPARSE value is NO if tar < 1.28.
    • Because a bug in tar with some filesystem.
  • amstar
    • support include in backup mode.
  • ampgsql
    • Add FULL-WAL property.
  • Many bugs fix.

3.3.7

  • amvault
    • new --no-interactivity argument.
    • new --src-labelstr argument.
  • amdump
    • compute crc32 of the streams and write them to the debug files.
  • chg-robot
    • Add a BROKEN-DRIVE-LOADED-SLOT. property.
  • Many bugs fix.

3.3.6

  • ambsdtar
    • new application that use BSD tar to do the backup.
  • Many bugs fix.

3.3.5

  • amtape
    • faster 'verify' command.
  • fix parsing of config override arguments.
  • amsamba
    • Add REGEX-MATCH property.
  • amvault
    • Print progress status.
  • ndmp device
    • INDIRECT property default to yes.
  • Many bugs fix.

3.3.4

  • amreport
    • new --format argument
    • new 'json' and 'json_raw' format.
  • amanda.conf
    • new REPORT-FORMAT option.
  • amtape
    • new 'verify' command.
  • amadmin
    • new 'force-level-1' command.
  • ampgslq
    • Add VERBOSE property.
  • S3 device
    • handle DURABLE_REDUCED_AVAILABILITY for google storage.
  • Many bugs fix.

3.3.3

  • amdump.X log files use timestamp instead of number, amdump and amdump.1 are maintained as symlink.
  • chg-disk
    • Use the changerfile for the statefile.
  • s3 device
    • support CASTOR storage
  • amanda.conf
    • New REPORT-USE-MEDIA and REPORT-NEXT-MEDIA.
  • amfetchdump
    • new --extract, --directory, --data-path and --application-property arguments. It allow to do the extraction on the server.
  • --exact-match argument to many command, and '=' prefix to expression.
    • It diable use of expression for host, disk, level and datestamp on command line argument.
  • All changer scripts.
    • Add LOCK-TIMEOUT property.
  • Many bug fix

3.3.2

Please see man pages for more details.

  • amgtar
    • New IGNORE-ZEROS property.
  • amsamba
    • Fix use of subdir for restore.
  • s3 device
    • New PROXY property.
    • New PASSWORD, USERNAME, TENANT_ID, TENANT_NAME properties.
    • New STORAGE_API property.
    • New S3_MULTI_DELETE property
    • New CLIENT_ID, CLIENT_SECRET and REFRESH_TOKEN properties.
    • New CREATE-BUCKET property.
    • New PROJECT-ID property.
    • New REUSE-CONNECTION property.
    • Works with swift and google storage.
  • amanda.conf
    • Added 'max-warnings', The maximum number of warning lines in the report.
    • Default 'columnspec' changed to: HostName=0:-12:12,Disk=1:-11:11,Level=1:-1:1,OrigKB=1:-7:0,OutKB=1:-7:0,Compress=1:-6:1,DumpTime=1:-7:7,Dumprate=1:-6:1,TapeTime=1:-6:6,TapeRate=1:-6:1
  • amadmin
    • Add --no-default and --print-source arguments for config and disklist command.
  • amfetchdump
    • Print progress.
    • Add --decrypt, --no-decrypt, --server-decrypt, --client-decrypt, --compress, --no-compress, --server-compress and --client-compress options.
  • fixes for compilation with newer glib.
  • fixes for compilation on cygwin.
  • Lot of bug fixes

3.3.1 and 3.3

  • The default auth is changed to "bsdtcp", if you are using the default bsd then you must add it to your configuration.
    • in amanda.conf
    • in amanda-client.conf
    • in dumptype/disklist
    • in xinetd (if no '-auth' argument to amandad)
  • amdump trap crtl-c, it still send the report and do cleanup if you do one crtl-c, do it more than once to abort the run.
  • s3 device
    • use multiple threads to speedup the transfer
    • can connect to eucalytus.
    • new NB_THREADS_BACKUP property
    • new NB_THREADS_RECOVERY property
    • new S3_HOST property
    • new S3_SERVICE_PATH property
    • new S3_SUBDOMAIN property
  • chg-aggregate: new changer that use other changer sequentially.
  • meta-volume
  • Add meta label in tapelist file
  • chg-disk:
    • support for removable disk
    • new NUM-SLOT property
    • new AUTO-CREATE-SLOT property
    • new REMOVABLE property
    • new MOUNT property
    • new UMOUNT property
    • new UMOUNT-LOCKFILE property
    • new UMOUNT-IDLE property
  • new taperscan algorithm:
    • oldest: this algorithm try to run through the volumes in the oldest order
    • lexical: this algorithm try to run through the volumes in the natural order
  • Change in amanda.conf
    • new meta-autolabel option
    • autolabel can include org, config, barcode, meta in the label
    • new client-name option in appication and script
  • application and script in amanda-client.conf can be used to set default properties for application or script
  • amlabel
    • The label argument is no longer required, an autolabel can be generated
    • new --meta option
    • new --barcode option
    • new --assign option
  • amgtar, amstar: The path must be specified, it will not works with a device.
  • amrecover: decompression and decryption are now done on the client if compression/encryption was done on the client
  • amtape: inventory print the current slot
  • amanda.conf:
    • autoflush have value "no|yes|all"
    • script have single-execution setting
    • Add pre-amcheck, post-amcheck, pre-estimate, post-estimate, pre-backup and post-backup to execute-on of script
    • Add taperscan and interactivity section
    • add 'server' value in recovery-limit
    • add dump-limit in a dumptype
  • amanda-client.conf
    • add amdump-server setting
  • script are searched in $APPLICATION_DIR, $CONFIG_DIR/<conf>/application and $CONFIG_DIR/application
  • amservice amservice(8)
    • add -s argument
    • is also installed on client
  • new amdumpd server service, if enable, it allow client to start a backup of itself
  • new amdump_client program, it is use on client to start a backup of itself
  • implement restore command in amzfs-sendrecv, it can be use with amrecover.
Personal tools