Dropbox

From GoBlueMich Wiki
Jump to navigation Jump to search

This wiki entry is a work in progress. We're still not quite done with everything. Please do not blindly copypasta from this wiki. Read it, and use good judgment in following the steps. If you run into trouble or have any questions just ask your friendly local mentors or escalations.

"Port Scanning"

Dropbox will try to LAN Sync on port 17500. This means it will broadcast a ton of traffic on that port, and will scare the pants off of some customers when they receive lfd notifications that the machine of origin has been blocked for "port scanning." This will sometimes result in alarmed support tickets coming in, reporting malicious activity upon our network.

The activity is not malicious, but it is also not allowed. If the server is a Windows server (it almost always will be,) ping Windows team to have them disable LAN Sync and notify the customer. For Linux customers, it's probably easier to just block port 17500 in the firewall so the traffic doesn't leave the machine.

Reassure the complaining party the traffic is not malicious in nature, and thank them for bringing it to our attention; we will get it resolved.

Installing

Gather Info

To link a server to a dropbox account, you will need a Dropbox account (imagine that!). Either obtain the login credentials for Dropbox.com from the customer, or coordinate with them to have them link the account with the URL you will receive later in the installation process.

Create DropBox User

Create a dropbox user for the service to run under.
NEVER, EVER run this as root. Do not install it as root. Do not work with it as root. So say we all.

useradd dropbox

Enter a secure password for user dropbox:

passwd dropbox

Switch to the dropbox user:

su - dropbox

Download and install dropbox daemon and tools

First, make sure you're the dropbox user or a regular cpanel user:

whoami

As long as this does *not* return 'root' then you are okay to proceed.

cd ~
if [ "`uname -m`" == "x86_64" ]; then plat='lnx.x86_64'; else plat='lnx.x86'; fi
wget -O - "https://www.dropbox.com/download?plat=${plat}" | tar xzvf - 

When the download is complete start the dropbox daemon from the newly created .dropbox-dist folder.

~/.dropbox-dist/dropboxd

After the agent is started you will be given a URL to link the server to the account, give this URL to the customer. Once the server is linked to the account you will see a message similar to this:

This computer is now linked to Dropbox. Welcome User.

Change back to root and add python script to manage Dropbox.

wget -O /usr/local/bin/dropbox.py 'https://www.dropbox.com/download?dl=packages/dropbox.py'
chmod a+x /usr/local/bin/dropbox.py

Init and Chkconfig

Download Scripts

 curl -o /etc/init.d/dropbox https://gist.githubusercontent.com/thisismitch/6293d3f7f5fa37ca6eab/raw/2b326bf77368cbe5d01af21c623cd4dd75528c3d/dropbox
curl -o /etc/systemd/system/dropbox.service https://gist.githubusercontent.com/thisismitch/6293d3f7f5fa37ca6eab/raw/99947e2ef986492fecbe1b7bfbaa303fefc42a62/dropbox.service

Manually

  • Create config file, which will contain info about which system users to start Dropbox on.
touch /etc/sysconfig/dropbox
DROPBOX_USERS="dropbox"
  • Add Dropbox to startup.
chkconfig dropbox on


  • Create init.d script
touch /etc/init.d/dropbox
chmod 0755 /etc/init.d/dropbox
vim /etc/init.d/dropbox


Init.d Script

# chkconfig: 345 85 15
# description: Startup script for dropbox daemon
#
# processname: dropboxd
# pidfile: /var/run/dropbox.pid
# config: /etc/sysconfig/dropbox
#

### BEGIN INIT INFO
# Provides: dropboxd
# Required-Start: $local_fs $network $syslog
# Required-Stop: $local_fs $syslog
# Should-Start: $syslog
# Should-Stop: $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start up the Dropbox file syncing daemon
# Description: Dropbox is a filesyncing sevice provided by dropbox.com
# This service starts up the dropbox daemon.
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

# To configure, add line with DROPBOX_USERS="user1 user2" to /etc/sysconfig/dropbox
# Probably should use a dropbox group in /etc/groups instead.

[ -f /etc/sysconfig/dropbox ] && . /etc/sysconfig/dropbox
prog=dropboxd
lockfile=${LOCKFILE-/var/lock/subsys/$prog}
config=${CONFIG-/etc/sysconfig/dropbox}
RETVAL=0

start() {
echo -n $"Starting $prog"
if [ -z $DROPBOX_USERS ] ; then
echo -n ": unconfigured: $config"
echo_failure
echo
rm -f ${lockfile} ${pidfile}
RETURN=6
return $RETVAL
fi
for dbuser in $DROPBOX_USERS; do
# normal users
daemon --user $dbuser /bin/sh -c "/home/$dbuser/.dropbox-dist/dropboxd&"
# hint for root
# daemon --user $dbuser /bin/sh -c "/$dbuser/.dropbox-dist/dropboxd&"
done
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}

status() {
for dbuser in $DROPBOX_USERS; do
dbpid=`pgrep -u $dbuser dropbox | grep -v grep`
if [ -z $dbpid ] ; then
echo "dropboxd for USER $dbuser: not running."
else
echo "dropboxd for USER $dbuser: running (pid $dbpid)"
fi
done
}

stop() {
echo -n $"Stopping $prog"
for dbuser in $DROPBOX_USERS; do
killproc /home/$dbuser/.dropbox-dist/dropbox
done
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}

# See how we were called.
case "$1" in
start)
start
;;
status)
status
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage: $prog {start|status|stop|restart}"
RETVAL=3
esac
exit $RETVAL

Start the Daemon

After the server is linked start the daemon with the control script:

dropbox.py start

Please also disable lansync to prevent noise on the network.

dropbox.py lansync n

To see a list of other commands you can pass to the daemon with the control script, enter:

dropbox.py

Sync WHM Backups to Dropbox

This assumes a dedicated /backup partition. If there isn't one, you may need to adjust this process as appropriate. The idea here is to sync backups to the Dropbox service, without duplicating the backups or consuming unnecessary disk space on the server. This also assumes that the user has adequate space in their Dropbox account to accommodate backups. If you're not sure how to proceed, just ask mentors or escalations.

Create a symlink from the existing /backup

First, make sure you're the dropbox user:

whoami

Does that say dropbox? Good. Proceed.

ln -s /backup ~/Dropbox/backup

Update permissions

We're done with the dropbox user for now. Exit that shell, and return to a root login.

whoami

Does that say root? Good. Proceed. Then, set ownership of backups to the dropbox user:

chown -Rh dropbox:dropbox /backup

Now, make sure that future backups are owned the same way. Create this file, if it doesn't exist already, and edit it. This script will be run automatically after backups run.

touch /scripts/postcpbackup
chmod 700 /scripts/postcpbackup
$EDITOR /scripts/postcpbackup

Make it the following. If there is already something in the file, use good judgment or ask mentors if you're not sure:

#!/bin/bash
chown -Rh dropbox:dropbox /backup

Backup Cron

Create Backup Script

touch /scripts/dropbox-backup.sh
chmod +x /scripts/dropbox-backup.sh
vim /scripts/dropbox-backup.sh


#!/bin/bash
#Dropbox Backup
#Author: Nick DiLernia
#Version 0.1.0

#Set Variables
DATE=$(echo `date +%Y-%m-%d::%T`)
TEMPDIR="/home/temp"
BKUPDIR="/home/dropbox/Dropbox/Colo/Cent67"
DB="gobluem_mwiki"
WIKIDIR="/home/gobluem/public_html/mw"
LOG="/var/log/dropbox-backup.log"


#Functions
function running {
if [[ -z $(runuser -l dropbox -c '/usr/local/bin/dropbox.py running') ]]
then
   echo "$DATE" -- Dropbox is running but function "running" was executed... >> "$LOG"
else
   echo "$DATE" -- Dropbox is not running... starting... >> "$LOG"
   runuser -l dropbox -c '/usr/local/bin/dropbox.py start' >> "$LOG"
   runuser -l dropbox -c '/usr/local/bin/dropbox.py lansync n'
fi
}


#Verify Dropbox is running
if [[ ! -z $(pgrep dropbox) ]]
then
   echo "$DATE" -- Dropbox is running >> "$LOG"
else
   echo "$DATE" -- Dropbox is not running... starting... >> "$LOG"
   running
   if [[ -z $(ps -ef |grep "dropbox") ]]
   then
     echo > /dev/null
   else
     echo "$DATE" -- Dropbox could not start... exitting... >> "$LOG"
     exit
   fi
fi



#Verify Log File
if [ ! -f "$LOG" ]; then
    touch "$LOG"
fi

#Backup Wiki DB
mysqldump "$DB" > "$TMPDIR"/"$DB"."$DATE".sql &&
zip $TMPDIR/$DB.$DATE.sql.zip $TMPDIR/$DB.$DATE.sql &&
chown dropbox. "$TMPDIR"/"$DB"."$DATE".sql.zip &&
mv "$TMPDIR"/"$DB"."$DATE".sql.zip "$BKUPDIR"/MySQL-Dumps/ &&
rm -f "$TMPDIR"/"$DB"."$DATE".sql &&
echo "$DATE" -- DB backup for "$DB"."$DATE".sql.zip has completed to "$BKUPDIR"/MySQL-Dumps/ >> "$LOG"


#Backup Wiki Files
zip -r $TMPDIR/wiki.$DATE.zip  $WIKIDIR/ &&
chown dropbox. "$TMPDIR"/wiki."$DATE".zip &&
mv "$TMPDIR"/wiki."$DATE".zip "$BKUPDIR"/Wiki/wiki."$DATE".zip &&
echo "$DATE" -- Wiki Dir backup for "$WIKIDIR"."$DATE".zip has completed to "$BKUPDIR"/Wiki/ >> "$LOG"

Add Cron

crontab -e
30 20 * * * /bin/bash /scripts/dropbox-backup.sh