Backup your Mac on CentOS 6.5


I’ve been using Mac’s for several years now and wouldn’t want anything else as a laptop.

Making a backup is essential of course and for this I use build-in TimeMachine. This requires a ‘TimeCapsule’ which you can buy at Apple or you can build your own on Linux with Netatalk, avahi and a bit of storage.
As server OS not much can beat CentOS in terms of security and stability so it was a simple choice. You can however use a Debian based OS just as easily.

I always like to have large ‘things’ separated by volume but you can use any directory as long as it’s writable by the user and large enough to take backups of the Mac. In the guide I simply use a directory within my home directory.

First install EPEL

rpm -ihv ftp://ftp.nluug.nl/ftp/pub/os/Linux/distr/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm

Than use Yum to install the required packages:

yum -y install netatalk avahi dbus nss-mdns

Set services to start at boot:

chkconfig netatalk on
chkconfig messagebus on
chkconfig avahi-daemon on

Now configure netatalk by editing this line at the bottom of /etc/netatalk/netatalk.conf:

- -transall -uamlist uams_randnum.so,uams_dhx.so,uams_dhx2.so -nosavepassword

Edit /etc/netatalk/AppleVolumes.default and create the network share. Lots of config options you could explore by the way, you can allow groups or users for example and lots more.

If you leave the line starting with ~, you will grant the user also access to his/her home directory. I’m not using this so I deleted that line.

I changed the line with DEFAULT to look like this:

:DEFAULT: cnidscheme:dbd options:upriv,usedots,tm

And I created the share like this:

/home/emiel/TimeMachine allow:emiel "TimeCapsule"

Edit /etc/nsswitch.conf and change the line with hosts to like like this:

hosts: files mdns4_minimal dns mdns mdns4

Create /etc/avahi/services/afpd.service with the contents:

<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=TimeCapsule</txt-record>
</service>
</service-group>

 

IPTABLES is running by default and so it should! It’s not that hard to learn so just add the following to /etc/sysconfig/iptables to open up some ports and then reload iptables service.  This is not an IPTables guide so I have simply taken the default one and added the ports for AFP and avahi.

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 548 -j ACCEPT 
-A INPUT -m state --state NEW -m udp -p udp --dport 548 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5353 -j ACCEPT 
-A INPUT -m state --state NEW -m udp -p udp --dport 5353 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Now reload iptables to activate the rules:

service iptables reload

You can check iptables with

iptables -L

Time to start the required services:

service messagebus start
service avahi-daemon start
service netatalk start

 

You should now be able to open TimeMachine on your Mac from System Preferences and select the new backup disk. First backup can take several hours so be prepared. After that, all will be automated and you can enjoy the comfort of having backups.

 

 


About Emiel van Grinsven

Emiel van Grinsven is a Unix & Linux engineer at Proxy Services in The Netherlands. Loves his Mac, says he prefers Redhat distributions but has a secret affair with Ubuntu that his colleagues cannot know about.

Leave a comment

Your email address will not be published. Required fields are marked *