3.3 features: Difference between revisions

From wiki.zmanda.com
Jump to navigation Jump to search
No edit summary
No edit summary
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== 3.3.9 ==
* new --with-security-file configure option
** It set the default security file
** default to /etc/amanda-security.conf
* security-fix
** All previous release of amanda allow the 'amanda' user to execute any code as root, and to execute an interactive shell as root.
** This is a security vulnerability if you do not trust the 'amanda' user.
** There is no need to upgrade if you trust the 'amanda' user and the account is secure.
*** good password
*** secure xinetd.conf setting
*** secure .amandahosts setting
** The 'amanda' user can read all files in the machine, it is what a backup program do.
** The set of fix disable the abilities to run unwanted code as root or to write file anywhere in the filesystem.
* /etc/amanda-security.conf
** A file that contains security setting.
** It list all binaries amanda can execute as root
** restore_by_amanda_user
*** It tell if the 'amanda' user can do restore as root.
*** It allow the 'amanda' user to write files anywhere in the filesystem
** see: man amanda-security.conf
* amgtar/amstar/ambsdtar/runtar
** Disable arguments that can fork program.
** Verify the realpath (with symbolic link resolved) is in the amanda-security.conf file.
** Verify the tar/star/bsdtar realpath program is secure
*** owned by root and modifiable only by root.
** On restore, check the restore_by_amanda_user setting if not run by root.
== 3.3.8 ==
* s3 device
** New NEARLINE S3-STORAGE-CLASS for Google storage.
** New AWS4 STORAGE-API
* amcryptsimple
** Works with newer gpg2.
* amgtar
** Default SPARSE value is NO if tar < 1.28.
** Because a bug in tar with some filesystem.
* amstar
** support include in backup mode.
* ampgsql
** Add FULL-WAL property.
* Many bugs fix.
== 3.3.7 ==
* amvault
** new --no-interactivity argument.
** new --src-labelstr argument.
* amdump
** compute crc32 of the streams and write them to the debug files.
* chg-robot
** Add a BROKEN-DRIVE-LOADED-SLOT. property.
* Many bugs fix.
== 3.3.6 ==
* ambsdtar
** new application that use BSD tar to do the backup.
* Many bugs fix.
== 3.3.5 ==
* amtape
** faster 'verify' command.
* fix parsing of config override arguments.
* amsamba
** Add REGEX-MATCH property.
* amvault
** Print progress status.
* ndmp device
** INDIRECT property default to yes.
* Many bugs fix.
== 3.3.4 ==
* amreport
** new --format argument
** new 'json' and 'json_raw' format.
* amanda.conf
** new REPORT-FORMAT option.
* amtape
** new 'verify' command.
* amadmin
** new 'force-level-1' command.
* ampgslq
** Add VERBOSE property.
* S3 device
** handle DURABLE_REDUCED_AVAILABILITY for google storage.
* Many bugs fix.
== 3.3.3 ==
* amdump.X log files use timestamp instead of number, amdump and amdump.1 are maintained as symlink.
* chg-disk
** Use the changerfile for the statefile.
* s3 device
** support CASTOR storage
* amanda.conf
** New REPORT-USE-MEDIA and REPORT-NEXT-MEDIA.
* amfetchdump
** new --extract, --directory, --data-path and --application-property arguments. It allow to do the extraction on the server.
* --exact-match argument to many command, and '=' prefix to expression.
** It diable use of expression for host, disk, level and datestamp on command line argument.
* All changer scripts.
** Add LOCK-TIMEOUT property.
* Many bug fix
== 3.3.2 ==
== 3.3.2 ==


Line 19: Line 123:
* amanda.conf
* amanda.conf
** Added 'max-warnings', The maximum number of warning lines in the report.
** Added 'max-warnings', The maximum number of warning lines in the report.
** Default 'columspec' changed to: HostName=0:-12:12,Disk=1:-11:11,Level=1:-1:1,OrigKB=1:-7:0,OutKB=1:-7:0,Compress=1:-6:1,DumpTime=1:-7:7,Dumprate=1:-6:1,TapeTime=1:-6:6,TapeRate=1:-6:1
** Default 'columnspec' changed to: HostName=0:-12:12,Disk=1:-11:11,Level=1:-1:1,OrigKB=1:-7:0,OutKB=1:-7:0,Compress=1:-6:1,DumpTime=1:-7:7,Dumprate=1:-6:1,TapeTime=1:-6:6,TapeRate=1:-6:1
* amadmin
* amadmin
** Add --no-default and --print-source arguments for config and disklist command.
** Add --no-default and --print-source arguments for config and disklist command.
* amfetchdump
* amfetchdump
** Print progress.
** Print progress.
** Add --decrypt, --no-decrypt, --server-decrypt, --client-decrypt, --compress, --no-compress, --server-compress and --client-compres options.
** Add --decrypt, --no-decrypt, --server-decrypt, --client-decrypt, --compress, --no-compress, --server-compress and --client-compress options.
* fixes for compilation with newer glib.
* fixes for compilation with newer glib.
* fixes for compilation on cygwin.
* fixes for compilation on cygwin.

Latest revision as of 13:46, 10 February 2016

3.3.9

  • new --with-security-file configure option
    • It set the default security file
    • default to /etc/amanda-security.conf
  • security-fix
    • All previous release of amanda allow the 'amanda' user to execute any code as root, and to execute an interactive shell as root.
    • This is a security vulnerability if you do not trust the 'amanda' user.
    • There is no need to upgrade if you trust the 'amanda' user and the account is secure.
      • good password
      • secure xinetd.conf setting
      • secure .amandahosts setting
    • The 'amanda' user can read all files in the machine, it is what a backup program do.
    • The set of fix disable the abilities to run unwanted code as root or to write file anywhere in the filesystem.
  • /etc/amanda-security.conf
    • A file that contains security setting.
    • It list all binaries amanda can execute as root
    • restore_by_amanda_user
      • It tell if the 'amanda' user can do restore as root.
      • It allow the 'amanda' user to write files anywhere in the filesystem
    • see: man amanda-security.conf
  • amgtar/amstar/ambsdtar/runtar
    • Disable arguments that can fork program.
    • Verify the realpath (with symbolic link resolved) is in the amanda-security.conf file.
    • Verify the tar/star/bsdtar realpath program is secure
      • owned by root and modifiable only by root.
    • On restore, check the restore_by_amanda_user setting if not run by root.

3.3.8

  • s3 device
    • New NEARLINE S3-STORAGE-CLASS for Google storage.
    • New AWS4 STORAGE-API
  • amcryptsimple
    • Works with newer gpg2.
  • amgtar
    • Default SPARSE value is NO if tar < 1.28.
    • Because a bug in tar with some filesystem.
  • amstar
    • support include in backup mode.
  • ampgsql
    • Add FULL-WAL property.
  • Many bugs fix.

3.3.7

  • amvault
    • new --no-interactivity argument.
    • new --src-labelstr argument.
  • amdump
    • compute crc32 of the streams and write them to the debug files.
  • chg-robot
    • Add a BROKEN-DRIVE-LOADED-SLOT. property.
  • Many bugs fix.

3.3.6

  • ambsdtar
    • new application that use BSD tar to do the backup.
  • Many bugs fix.

3.3.5

  • amtape
    • faster 'verify' command.
  • fix parsing of config override arguments.
  • amsamba
    • Add REGEX-MATCH property.
  • amvault
    • Print progress status.
  • ndmp device
    • INDIRECT property default to yes.
  • Many bugs fix.

3.3.4

  • amreport
    • new --format argument
    • new 'json' and 'json_raw' format.
  • amanda.conf
    • new REPORT-FORMAT option.
  • amtape
    • new 'verify' command.
  • amadmin
    • new 'force-level-1' command.
  • ampgslq
    • Add VERBOSE property.
  • S3 device
    • handle DURABLE_REDUCED_AVAILABILITY for google storage.
  • Many bugs fix.

3.3.3

  • amdump.X log files use timestamp instead of number, amdump and amdump.1 are maintained as symlink.
  • chg-disk
    • Use the changerfile for the statefile.
  • s3 device
    • support CASTOR storage
  • amanda.conf
    • New REPORT-USE-MEDIA and REPORT-NEXT-MEDIA.
  • amfetchdump
    • new --extract, --directory, --data-path and --application-property arguments. It allow to do the extraction on the server.
  • --exact-match argument to many command, and '=' prefix to expression.
    • It diable use of expression for host, disk, level and datestamp on command line argument.
  • All changer scripts.
    • Add LOCK-TIMEOUT property.
  • Many bug fix

3.3.2

Please see man pages for more details.

  • amgtar
    • New IGNORE-ZEROS property.
  • amsamba
    • Fix use of subdir for restore.
  • s3 device
    • New PROXY property.
    • New PASSWORD, USERNAME, TENANT_ID, TENANT_NAME properties.
    • New STORAGE_API property.
    • New S3_MULTI_DELETE property
    • New CLIENT_ID, CLIENT_SECRET and REFRESH_TOKEN properties.
    • New CREATE-BUCKET property.
    • New PROJECT-ID property.
    • New REUSE-CONNECTION property.
    • Works with swift and google storage.
  • amanda.conf
    • Added 'max-warnings', The maximum number of warning lines in the report.
    • Default 'columnspec' changed to: HostName=0:-12:12,Disk=1:-11:11,Level=1:-1:1,OrigKB=1:-7:0,OutKB=1:-7:0,Compress=1:-6:1,DumpTime=1:-7:7,Dumprate=1:-6:1,TapeTime=1:-6:6,TapeRate=1:-6:1
  • amadmin
    • Add --no-default and --print-source arguments for config and disklist command.
  • amfetchdump
    • Print progress.
    • Add --decrypt, --no-decrypt, --server-decrypt, --client-decrypt, --compress, --no-compress, --server-compress and --client-compress options.
  • fixes for compilation with newer glib.
  • fixes for compilation on cygwin.
  • Lot of bug fixes

3.3.1 and 3.3

  • The default auth is changed to "bsdtcp", if you are using the default bsd then you must add it to your configuration.
    • in amanda.conf
    • in amanda-client.conf
    • in dumptype/disklist
    • in xinetd (if no '-auth' argument to amandad)
  • amdump trap crtl-c, it still send the report and do cleanup if you do one crtl-c, do it more than once to abort the run.
  • s3 device
    • use multiple threads to speedup the transfer
    • can connect to eucalytus.
    • new NB_THREADS_BACKUP property
    • new NB_THREADS_RECOVERY property
    • new S3_HOST property
    • new S3_SERVICE_PATH property
    • new S3_SUBDOMAIN property
  • chg-aggregate: new changer that use other changer sequentially.
  • meta-volume
  • Add meta label in tapelist file
  • chg-disk:
    • support for removable disk
    • new NUM-SLOT property
    • new AUTO-CREATE-SLOT property
    • new REMOVABLE property
    • new MOUNT property
    • new UMOUNT property
    • new UMOUNT-LOCKFILE property
    • new UMOUNT-IDLE property
  • new taperscan algorithm:
    • oldest: this algorithm try to run through the volumes in the oldest order
    • lexical: this algorithm try to run through the volumes in the natural order
  • Change in amanda.conf
    • new meta-autolabel option
    • autolabel can include org, config, barcode, meta in the label
    • new client-name option in appication and script
  • application and script in amanda-client.conf can be used to set default properties for application or script
  • amlabel
    • The label argument is no longer required, an autolabel can be generated
    • new --meta option
    • new --barcode option
    • new --assign option
  • amgtar, amstar: The path must be specified, it will not works with a device.
  • amrecover: decompression and decryption are now done on the client if compression/encryption was done on the client
  • amtape: inventory print the current slot
  • amanda.conf:
    • autoflush have value "no|yes|all"
    • script have single-execution setting
    • Add pre-amcheck, post-amcheck, pre-estimate, post-estimate, pre-backup and post-backup to execute-on of script
    • Add taperscan and interactivity section
    • add 'server' value in recovery-limit
    • add dump-limit in a dumptype
  • amanda-client.conf
    • add amdump-server setting
  • script are searched in $APPLICATION_DIR, $CONFIG_DIR/<conf>/application and $CONFIG_DIR/application
  • amservice amservice(8)
    • add -s argument
    • is also installed on client
  • new amdumpd server service, if enable, it allow client to start a backup of itself
  • new amdump_client program, it is use on client to start a backup of itself
  • implement restore command in amzfs-sendrecv, it can be use with amrecover.
Retrieved from ‘http://wiki.zmanda.com/index.php?title=3.3_features&oldid=8878