SSL 인증서 깔고 나서 잘 깔렸는지 확인하는 방법 입니다. 웹서버 잘 올라 오고 브라우저에 자물쇠 표시
나오는 것으로만 확인을 했는데 아래 사이트에서 확인해 보니 오만 가지 오류가 주루룩~~~
운영하고 있는 싸이트의 보안 및 안전성 확인 하세요!
How to host and Unix (호스팅과 유닉스)
SSL 인증서 깔고 나서 잘 깔렸는지 확인하는 방법 입니다. 웹서버 잘 올라 오고 브라우저에 자물쇠 표시
나오는 것으로만 확인을 했는데 아래 사이트에서 확인해 보니 오만 가지 오류가 주루룩~~~
운영하고 있는 싸이트의 보안 및 안전성 확인 하세요!
When I initiated backup job, I encountered errors like followings, (from bconsole, bacula.log, and other logging sources)
It was because of version mismatch across clients (FD) and daemons (SD/Director). I found this problem in half a day. 🙁
This happened when I relocated the storage server to new place for more disk capacity. I did not touch any configuration at all, even with host name unchanged (DNS propagation confirmed with new IP address before the relocation job)
I could realize, all of sudden, that I has simply complied older version of bacula source code for new server. All bacula entities (FD/SD/Director) must run on the same version of binaries!
Two measures (as far as I know) are available for secure data backup with Bacula. One is for communication channel security using TLS across Bacula entities like storage daemon, file daemon, bconsole, director, and so on because Bacula spans multiple hosts over the net. The other is back(ed) up date set encryption with PKI.
Let me share how I figured out TLS configuration with certificates from CAcert.org. This configuration can go for any sections (Storage, Director, FileDaemon, …) asking you set TLS glue.
FileDaemon { # this is me
Name = some_name
FDport = 9102
WorkingDirectory = /var/spool/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 3
TLS Enable = yes
TLS Require = yes
# TLS Verify Peer = yes
TLS Certificate = location_to_cert_file_you_got_from_cacert
TLS Key = location_to_private_key_you_generated_yourself
TLS CA Certificate File = location_to_root_cert_file_you_got_from_cacert
PKI Signatures = Yes # Enable Data Signing
PKI Encryption = Yes # Enable Data Encryption
PKI Keypair = blah_blah.pem # Public and Private Keys
PKI Master Key = blah_blah_master.cert # ONLY the Public Key
}