Difference between revisions of "3.3 features"

From The Open Source Backup Wiki (Amanda, MySQL Backup, BackupPC)
Jump to navigationJump to search
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 +
== 3.3.9 ==
 +
* new --with-security-file configure option
 +
** It set the default security file
 +
** default to /etc/amanda-security.conf
 +
* security-fix
 +
** All previous release of amanda allow the 'amanda' user to execute any code as root, and to execute an interactive shell as root.
 +
** This is a security vulnerability if you do not trust the 'amanda' user.
 +
** There is no need to upgrade if you trust the 'amanda' user and the account is secure.
 +
*** good password
 +
*** secure xinetd.conf setting
 +
*** secure .amandahosts setting
 +
** The 'amanda' user can read all files in the machine, it is what a backup program do.
 +
** The set of fix disable the abilities to run unwanted code as root or to write file anywhere in the filesystem.
 +
* /etc/amanda-security.conf
 +
** A file that contains security setting.
 +
** It list all binaries amanda can execute as root
 +
** restore_by_amanda_user
 +
*** It tell if the 'amanda' user can do restore as root.
 +
*** It allow the 'amanda' user to write files anywhere in the filesystem
 +
** see: man amanda-security.conf
 +
* amgtar/amstar/ambsdtar/runtar
 +
** Disable arguments that can fork program.
 +
** Verify the realpath (with symbolic link resolved) is in the amanda-security.conf file.
 +
** Verify the tar/star/bsdtar realpath program is secure
 +
*** owned by root and modifiable only by root.
 +
** On restore, check the restore_by_amanda_user setting if not run by root.
 +
 +
== 3.3.8 ==
 +
* s3 device
 +
** New NEARLINE S3-STORAGE-CLASS for Google storage.
 +
** New AWS4 STORAGE-API
 +
* amcryptsimple
 +
** Works with newer gpg2.
 +
* amgtar
 +
** Default SPARSE value is NO if tar < 1.28.
 +
** Because a bug in tar with some filesystem.
 +
* amstar
 +
** support include in backup mode.
 +
* ampgsql
 +
** Add FULL-WAL property.
 +
* Many bugs fix.
 +
 +
== 3.3.7 ==
 +
* amvault
 +
** new --no-interactivity argument.
 +
** new --src-labelstr argument.
 +
* amdump
 +
** compute crc32 of the streams and write them to the debug files.
 +
* chg-robot
 +
** Add a BROKEN-DRIVE-LOADED-SLOT. property.
 +
* Many bugs fix.
 
== 3.3.6 ==
 
== 3.3.6 ==
  

Latest revision as of 13:46, 10 February 2016

3.3.9

  • new --with-security-file configure option
    • It set the default security file
    • default to /etc/amanda-security.conf
  • security-fix
    • All previous release of amanda allow the 'amanda' user to execute any code as root, and to execute an interactive shell as root.
    • This is a security vulnerability if you do not trust the 'amanda' user.
    • There is no need to upgrade if you trust the 'amanda' user and the account is secure.
      • good password
      • secure xinetd.conf setting
      • secure .amandahosts setting
    • The 'amanda' user can read all files in the machine, it is what a backup program do.
    • The set of fix disable the abilities to run unwanted code as root or to write file anywhere in the filesystem.
  • /etc/amanda-security.conf
    • A file that contains security setting.
    • It list all binaries amanda can execute as root
    • restore_by_amanda_user
      • It tell if the 'amanda' user can do restore as root.
      • It allow the 'amanda' user to write files anywhere in the filesystem
    • see: man amanda-security.conf
  • amgtar/amstar/ambsdtar/runtar
    • Disable arguments that can fork program.
    • Verify the realpath (with symbolic link resolved) is in the amanda-security.conf file.
    • Verify the tar/star/bsdtar realpath program is secure
      • owned by root and modifiable only by root.
    • On restore, check the restore_by_amanda_user setting if not run by root.

3.3.8

  • s3 device
    • New NEARLINE S3-STORAGE-CLASS for Google storage.
    • New AWS4 STORAGE-API
  • amcryptsimple
    • Works with newer gpg2.
  • amgtar
    • Default SPARSE value is NO if tar < 1.28.
    • Because a bug in tar with some filesystem.
  • amstar
    • support include in backup mode.
  • ampgsql
    • Add FULL-WAL property.
  • Many bugs fix.

3.3.7

  • amvault
    • new --no-interactivity argument.
    • new --src-labelstr argument.
  • amdump
    • compute crc32 of the streams and write them to the debug files.
  • chg-robot
    • Add a BROKEN-DRIVE-LOADED-SLOT. property.
  • Many bugs fix.

3.3.6

  • ambsdtar
    • new application that use BSD tar to do the backup.
  • Many bugs fix.

3.3.5

  • amtape
    • faster 'verify' command.
  • fix parsing of config override arguments.
  • amsamba
    • Add REGEX-MATCH property.
  • amvault
    • Print progress status.
  • ndmp device
    • INDIRECT property default to yes.
  • Many bugs fix.

3.3.4

  • amreport
    • new --format argument
    • new 'json' and 'json_raw' format.
  • amanda.conf
    • new REPORT-FORMAT option.
  • amtape
    • new 'verify' command.
  • amadmin
    • new 'force-level-1' command.
  • ampgslq
    • Add VERBOSE property.
  • S3 device
    • handle DURABLE_REDUCED_AVAILABILITY for google storage.
  • Many bugs fix.

3.3.3

  • amdump.X log files use timestamp instead of number, amdump and amdump.1 are maintained as symlink.
  • chg-disk
    • Use the changerfile for the statefile.
  • s3 device
    • support CASTOR storage
  • amanda.conf
    • New REPORT-USE-MEDIA and REPORT-NEXT-MEDIA.
  • amfetchdump
    • new --extract, --directory, --data-path and --application-property arguments. It allow to do the extraction on the server.
  • --exact-match argument to many command, and '=' prefix to expression.
    • It diable use of expression for host, disk, level and datestamp on command line argument.
  • All changer scripts.
    • Add LOCK-TIMEOUT property.
  • Many bug fix

3.3.2

Please see man pages for more details.

  • amgtar
    • New IGNORE-ZEROS property.
  • amsamba
    • Fix use of subdir for restore.
  • s3 device
    • New PROXY property.
    • New PASSWORD, USERNAME, TENANT_ID, TENANT_NAME properties.
    • New STORAGE_API property.
    • New S3_MULTI_DELETE property
    • New CLIENT_ID, CLIENT_SECRET and REFRESH_TOKEN properties.
    • New CREATE-BUCKET property.
    • New PROJECT-ID property.
    • New REUSE-CONNECTION property.
    • Works with swift and google storage.
  • amanda.conf
    • Added 'max-warnings', The maximum number of warning lines in the report.
    • Default 'columnspec' changed to: HostName=0:-12:12,Disk=1:-11:11,Level=1:-1:1,OrigKB=1:-7:0,OutKB=1:-7:0,Compress=1:-6:1,DumpTime=1:-7:7,Dumprate=1:-6:1,TapeTime=1:-6:6,TapeRate=1:-6:1
  • amadmin
    • Add --no-default and --print-source arguments for config and disklist command.
  • amfetchdump
    • Print progress.
    • Add --decrypt, --no-decrypt, --server-decrypt, --client-decrypt, --compress, --no-compress, --server-compress and --client-compress options.
  • fixes for compilation with newer glib.
  • fixes for compilation on cygwin.
  • Lot of bug fixes

3.3.1 and 3.3

  • The default auth is changed to "bsdtcp", if you are using the default bsd then you must add it to your configuration.
    • in amanda.conf
    • in amanda-client.conf
    • in dumptype/disklist
    • in xinetd (if no '-auth' argument to amandad)
  • amdump trap crtl-c, it still send the report and do cleanup if you do one crtl-c, do it more than once to abort the run.
  • s3 device
    • use multiple threads to speedup the transfer
    • can connect to eucalytus.
    • new NB_THREADS_BACKUP property
    • new NB_THREADS_RECOVERY property
    • new S3_HOST property
    • new S3_SERVICE_PATH property
    • new S3_SUBDOMAIN property
  • chg-aggregate: new changer that use other changer sequentially.
  • meta-volume
  • Add meta label in tapelist file
  • chg-disk:
    • support for removable disk
    • new NUM-SLOT property
    • new AUTO-CREATE-SLOT property
    • new REMOVABLE property
    • new MOUNT property
    • new UMOUNT property
    • new UMOUNT-LOCKFILE property
    • new UMOUNT-IDLE property
  • new taperscan algorithm:
    • oldest: this algorithm try to run through the volumes in the oldest order
    • lexical: this algorithm try to run through the volumes in the natural order
  • Change in amanda.conf
    • new meta-autolabel option
    • autolabel can include org, config, barcode, meta in the label
    • new client-name option in appication and script
  • application and script in amanda-client.conf can be used to set default properties for application or script
  • amlabel
    • The label argument is no longer required, an autolabel can be generated
    • new --meta option
    • new --barcode option
    • new --assign option
  • amgtar, amstar: The path must be specified, it will not works with a device.
  • amrecover: decompression and decryption are now done on the client if compression/encryption was done on the client
  • amtape: inventory print the current slot
  • amanda.conf:
    • autoflush have value "no|yes|all"
    • script have single-execution setting
    • Add pre-amcheck, post-amcheck, pre-estimate, post-estimate, pre-backup and post-backup to execute-on of script
    • Add taperscan and interactivity section
    • add 'server' value in recovery-limit
    • add dump-limit in a dumptype
  • amanda-client.conf
    • add amdump-server setting
  • script are searched in $APPLICATION_DIR, $CONFIG_DIR/<conf>/application and $CONFIG_DIR/application
  • amservice amservice(8)
    • add -s argument
    • is also installed on client
  • new amdumpd server service, if enable, it allow client to start a backup of itself
  • new amdump_client program, it is use on client to start a backup of itself
  • implement restore command in amzfs-sendrecv, it can be use with amrecover.