1 / 19

MARC 10.5 Update: Enhanced Backup Features and Security Enhancements

Explore the latest features in MARC 10.5 update, including restructured backup scripts for improved management, new tape command templates, and enhanced security measures ensuring script integrity.

berget
Télécharger la présentation

MARC 10.5 Update: Enhanced Backup Features and Security Enhancements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MARC 10.5 Update John Harvey

  2. MARC 10.5 Changes • Backup Scripts restructured • Added a script to generate scripts outside of MARC • Generate Scripts has a “Yes All” option to force overwrite • Set Run Dates has a clear all feature • Script permissions default with no write permissions

  3. Backup Scripts • All backup scripts have logic for AI management. Now, the flag in the backup configuration sets a variable within the script which is used as a flag • EXCLUDEDIRS is a comma separated list of directories at the top of the script • Tape commands have been put into separate scripts that get called from the main script

  4. Backup Tape Scripts • There are new templates for the tape commands • They allow the tape commands to be separate from the general flow logic of the backup script • There are two tape commands that are delivered as standard • cpio • fbackup

  5. Backup Tape Scripts • The master tape scripts are in marc/scripts/backup • The correct one gets copied when the backup is configured in MARC • The name of the command is put into a new field in the backup type • Tape command scripts with the command in the name are copied • backup.readtape-cpio.tpl

  6. Custom Backup Commands • The tape command scripts allow for custom backup commands to be used • Just create the following templates in marc/scripts/backup • backup.readtape-newcmd.tpl • backup.writetape-newcmd.tpl • After they are created, put the command in the backup type

  7. Custom Tape Commands • The new tape command scripts have some requirements • readtape must create two files • tapelist – a record of files read from the backup • tapelist.tmp – a sorted list of filenames read from backup • writetape has two variables it can use • $BKUPINCLUDEDIRS – a comma separated list of directories to include on the backup • $BKUPEXCLUDEDIRS – a comma separated list of directories to exclude from the backup • Writetape must create two files • backuplist – a record of files written to the backup • backuplist.tmp – a sorted list of filenames written to the backup

  8. genscript.sh • There is a new script that generates scripts outside of MARC • Run genscript.sh from the bin directory • It takes a list of base template names as input • A base template name is the name of the template without the .tpl extension

  9. Overwrite All For Scripts • When generating scripts, there is an option to force an overwrite of all scripts • This means all selected scripts will be generated and there won’t be a prompt to overwrite each individual script

  10. All Option for Set Run Dates • When running Set Run Dates, there is an “All” option at the top with the current date as the run date • If a “?” is entered there and then <GO> hit, all the run dates will be cleared • This is by far the most popular enhancement to this version of MARC

  11. Default Script Permissions • In the last version of MARC, a new formatting tag was added to specify the permissions for that script when it was generated • In this version (10.5), all of the write permissions have been removed • This helps remind everyone to not modify the scripts, but rather modify the template

  12. Questions?

  13. An Overview of Recent Security Enhancements • In MARC 10.4, support was added allowing MARC and scripts to run without using the blank user id • This has caused some confusion, so a brief explanation follows

  14. The Progress Blank User • The Progress database allows for a convenience mechanism when accessing the database called the Blank User ID • It allows a user access to the database without using a login name or password • It works great for batch jobs and scripts that run in the background • It is also a huge security hole

  15. The Blank User ID • This convenience feature can be disabled • It is disabled by going into the Progress editor->Data Dictionary -> Admin -> Security -> Disallow Blank Userid Access • However, with no Blank Userid Access, EVERY connection to the database must have a valid database user id and password

  16. MARC Access • MARC is not excluded and needs to connect with a user id and password as well • If MARC is going to connect to the database, then the user will be prompted for one • This value is not stored, so each session of MARC will prompt • There is a new configuration flag in MARC that controls this prompt called “Use Userid” • This only controls whether or not MARC prompts for the information, not whether or not the information is required by the database

  17. Script Access • Scripts also need a user id and password in order to connect to the database • This include report managers and audit managers • These scripts now look for a special PF file that contains a user id and password • These PFs are created from templates and the values are prompted for during script generation

  18. Difficulties With TWL • TWL scripts have an interesting issue when combined with database security • TWL scripts are set up to run as a specific Unix user • The user id PF files are generated with owner-only read access (to make them a little more secure) • Usually root generates the TWL scripts • Therefore, if the TWL scripts are run with a non-root user, they can’t read the user id or password from the PF file. • We don’t have a standard solution to this issue yet - sorry

  19. Questions – Round 2? • This is it – no more material • I promise

More Related