Bareos News

Administration

Bareos Applied as Mentoring Organization in Google Summer of Code 2024


Google Summer of Code (GSoC) and Mentor Organizations

GSoC, now in its 20th year, is a global, online program focused on bringing new contributors into open source software development. GSoC Contributors work with an open source organization on a 12+ week programming project under the guidance of mentors.

Bareos as a Mentoring Organization

In 2024, Bareos applied for the first time as mentoring organization for GSoC. Here’s why you should be excited:

  • Diverse Project Ideas: Bareos has curated a list of intriguing project ideas for GSoC 2024. From enhancing backup performance to improving user interfaces, there's something for everyone. Check out the project ideas list to explore the possibilities.
  • Welcoming Community: Bareos promotes a welcoming and inclusive community. The goal is to bring new contributors into the fold.

How to Get Involved

As Bareos steps into its role as a mentoring organization, we invite you to be part of this exciting journey. If you’re a student and an open-source enthusiast, GSoC 2024 is a great opportunity to develop various skills and get involved in an important open-source project.

The next step is to check our project ideas list at https://github.com/bareos/GSoC2024/. You can also propose your own project idea there.

Important Next Items on the GSoC 2024 Timeline

  • February 21 – 18:00 UTC: List of accepted mentoring organizations will be published
  • February 22 – March 18: Potential GSoC contributors discuss application ideas with mentoring organizations
  • March 18 – April 2: GSoC contributor application period

For more information about GSoC, visit https://summerofcode.withgoogle.com/

Enhance security by hardening the Bareos filedaemon

The Bareos filedaemon (client) runs per default with administrator/root privileges in order to be able to backup all files. The Filedaemon also is able to execute scripts before and after the backups and restores. In order to perform restores, the filedaemon has the ability to overwrite all files on the client machine. While all of this is required for normal backup and restore operation, certain environments might have higher security requirements.
Bareos offers the following options are available to enhance the security and limit the power of the filedaemon:

Favicon für den Browser
  • Limit the directories from where the filedaemon executes scripts. This can be achieved with the configuration directive Allowed Script Dir
  • Limit the Job Commands that the filedaemon accepts. The Allowed Job Command directive determines which of the existing job commands (backup, restore, verify, estimate and runscript) are allowed. By prohibiting the restore command, the filedaemon will not allow to do restores. Without the runscript command, no runscripts will be executed.
  • run the filedaemon as non-root user with the capabilities CAP_DAC_READ_SEARCH. This uses the Linux capabilities mechanism to run as normal user but have the the right to read all files. Writing files will not be possible in this setup.

These security measures can prevent an attacker that gained control over the bareos director to alter the files of the machines being backed up.
However, when a restore is required, the filedaemon on the client needs to be reconfigured to allow restores and/or runscripts. Alternatively, a second bareos filedaemon can be started that has a configuration that allows restores.

Usually the amount of restores is much smaller than the backups, so these measures still can enhance the security with relatively little effort and inconvenience.

Import and export tapes from your tape library with Bareos


Tape libraries usually offer an option to insert and remove tape cartridges. Therefore, the libraries have a number of dedicated slots (so called import/export slots or mail slots) that can be accessed from outside of the library without the danger of the operator to collide with the tape robot. Bareos supports this functionality with the bconsole commands import and export commands:

  • To import tapes into the library, just fill the import/export slots with the tapes and type import.
  • To export tapes from the library, use export volume=<volumename>
  • Tapes used by a job can be automatically exported with use of a runscript

For more details, please check the bconsole documentation about import and export console commands.

Nach oben scrollen