Author Archives: jan

Spamassassin and Postifx configuration

http://www.akadia.com/services/postfix_spamassassin.html

aptitude install spamassassin spamc

/etc/default/spamassassin

ENABLED=1
SAHOME="/var/log/spamassassin/"
OPTIONS="--create-prefs --max-children 2 --username debian-spamd -H ${SAHOME} -s ${SAHOME}spamd.log"
PIDFILE="/var/run/spamd.pid"
CRON=1

/etc/postfix/master.cf

smtp inet n - - - - smtpd -o content_filter=spamfilter
spamfilter unix - n n - - pipe
flags=Rq user=debian-spamd argv=/usr/local/bin/spamfilter.sh -oi -f ${sender} ${recipient}

mkdir /var/spamchk
chmod 775 /var/spamchk
chown debian-spamd:debian-spamd /var/spamchk

/usr/local/bin/spamfilter.sh

#!/bin/sh
# -----------------------------------------------------------------
# File: spamchk
#
# Purpose: SPAMASSASIN shell-based filter
#
# Location: /usr/local/bin
#
# Usage: Call this script from master.cf (Postfix)
#
# Certified: Ubuntu Linux, Spamassassin 3.3.x, Postfix 2.7.x
# -----------------------------------------------------------------
# Variables
SENDMAIL="/usr/sbin/sendmail -i"
EGREP=/bin/egrep
TMPFILE=/tmp/spamchk.$$
SIDELINE_DIR=/var/spamchk
# Number of *'s in X-Spam-level header needed to sideline message:
# (Eg. Score of 5.5 = "*****" )
SPAMLIMIT=3
# Clean up when done or when aborting.
trap "rm -f $TMPFILE" 0 1 2 3 15
# Pipe message to spamc and store in $TMPFILE
cat | /usr/bin/spamc -u filter | sed 's/^\.$/../' > $TMPFILE
# Are there more than $SPAMLIMIT stars in X-Spam-Level header?
if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < $TMPFILE
then
# Option 1: Move high scoring messages to sideline dir so
# a human can look at them later:
mv $TMPFILE $SIDELINE_DIR/`date +%Y-%m-%d_%R`-$$
# Option 2: Divert to an alternate e-mail address:
# $SENDMAIL xyz@xxxx.xx < $TMPFILE
# Option 3: Delete the message
# rm -f $TMPFILE
else
$SENDMAIL "$@" < $TMPFILE
fi
# Postfix returns the exit status of the Postfix sendmail command.
exit $?

/etc/spamassassin/local.cf

rewrite_header Subject *****SPAM***** (_SCORE_)
report_safe 0
trusted_networks 192.168.122.
required_score 3.0
use_bayes 1
bayes_auto_learn 1
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
shortcircuit ALL_TRUSTED on
endif # Mail::SpamAssassin::Plugin::Shortcircuit

service spamassassin start
service postfix restart

FusionInvoice installation on LAMP

FusionInvoice installation on Linux / Apache / MySQL / PHP (LAMP) with czech language support
https://www.fusioninvoice.com/

aptitude install apache2 mysql-server php5 php5-mcrypt php5-mysql

mkdir /var/www/fusion
cd /var/www/
wget -O fusion.zip https://www.fusioninvoice.com/download_file/15/install
unzip fusion.zip
rm -f fusion.zip
mv FusionInvoice-1.3.5-full/ fusion

mkdir /var/www/fusion/application/language/cz_CZ
cd /var/www/fusion/application/language/cz_CZ
wget -O fusion-translation.zip https://crowdin.net/download/project/fusioninvoice.zip
unzip -j fusion-translation.zip cs/application/language/* .
rm -f fusion-translation.zip

cd /var/www
chown -R www-data:www-data fusion

mysql -u root -p

CREATE DATABASE `fusion`;
CREATE USER `fusion`;
SET PASSWORD FOR 'fusion' = PASSWORD('mysecretpassword');
GRANT ALL PRIVILEGES ON `fusion`.* TO 'fusion'@'localhost' IDENTIFIED BY 'mysecretpassword';
FLUSH PRIVILEGES;
EXIT

rm -f ~/.mysql_history

/var/www/fusion/application/config/config.php
Replace

$config['index_page'] = 'index.php';

with
$config['index_page'] = '';

/var/www/fusion/application/config/database.php

$db['default']['username'] = 'fusion';
$db['default']['password'] = 'mysecretpassword';
$db['default']['database'] = 'fusion';

/var/www/fusion/.htaccess

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php/$0 [PT,L]

/etc/apache2/sites-available/fusion

<VirtualHost *:80>
ServerAdmin sysadmin@mydomain.com
ServerName fusion.mydomain.com
ServerAlias localhost
DocumentRoot /var/www/fusion

<Directory /var/www/fusion>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
DirectoryIndex index.php index.html
</Directory>

ErrorLog /var/log/apache2/fusion-error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/fusion-access.log combined
</VirtualHost>

/etc/apache2/ports.conf
# comment following line
#NameVirtualHost *:80
Listen 80

a2enmod rewrite
a2ensite fusion
service apache2 reload

http://localhost/index.php/setup

How to fix “X11 forwarding request failed on channel 0″

https://joshua.hoblitt.com/rtfm/2013/04/how_to_fix_x11_forwarding_request_failed_on_channel_0/

I’m using Ubuntu 12.04. The X11 forwarding is enabled in /etc/ssh/sshd_config (X11Forwarding yes).

As I stared more verbose mode:
ssh -vvv -X remotehost

I received following error:

X11 forwarding request failed on channel 0

The solution is to add following to configuration file /etc/ssh/sshd_config:

X11UseLocalhost no

Do not forget to restart ssh daemon:
service ssh restart

Install Munin node on CentOS 6.4

rpm -Uhv http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install munin-node

As you attempt to install Munin node on CentOS 6.4 from EPEL repository, you may encounter following error message:

Transaction Check Error:
  file /usr/share/man/man3/XML::SAX::Base.3pm.gz conflicts between attempted installs of perl-XML-SAX-Base-1.04-1.el6.rf.noarch and perl-XML-SAX-0.96-7.el6.noarch
  file /usr/share/man/man3/XML::SAX::Exception.3pm.gz conflicts between attempted installs of perl-XML-SAX-Base-1.04-1.el6.rf.noarch and perl-XML-SAX-0.96-7.el6.noarch

Simply install perl-XML-SAX-0.96-7:

yum install perl-XML-SAX-0.96-7.el6.noarch

and now you can install munin-node without any error message:

yum install munin-node

LVM and RAID guide

http://www.davelachapelle.ca/guides/ubuntu-lvm-guide/

Installing necessary tools:

apt-get install lvm2 dmsetup mdadm reiserfsprogs xfsprogs

Raid Setup:

Please refer to some of my other guides regarding setting up various raid levels. You can, and I would highly recommend, setting up your drives in a raid configruation prior to adding them to a logical volume. By doing so, you’ll have properly redundant drives to keep all of your precious data safe.

To remove the raid super block:
mdadm --zero-superblock /dev/vdb

Create RAID1 array:
mdadm -v --create /dev/md0 --level=raid1 --raid-devices=2 /dev/sdx1 /dev/sdy1
OR
mdadm -v --create /dev/md1 --level=raid10 --raid-devices=4 /dev/sdr1 /dev/sds1 /dev/sdt1 /dev/sdu1

This will take some time, which cat /proc/mdstat will tell you.

LVM Layout

Very basically an LVM consists of multiple drives, which make up a “Volume Group”. This Volume Group, can then be divided up into Logical Volumes, and expanded / contracted at will. Any Logical Volume can be larger than the physical size of any one disk, but the total size of all Logical Volumes, obviously, cannot exceed the total space your disks afford you.

Create GPT partition for LVM using parted tool:

Traditional MBR(MSDOS) disk label has limitation of 2^32 (2TiB) in capacity and 15 in partition numbers(including logical partitions), while GUID Partition Table (GPT) supports 2^64 KiB (2 ZiB) and 128 partitions by default.

Lets start by determining what disks are attached to our system:

fdisk -l

LVM Setup

Create LVM Group and Volumes:

Now we’ll put a LVM group and volumes on /dev/md1. I use vg- for volume group names and lv_ for the logical volumes in the volume groups. Using descriptive names, like lv_home, will save your sanity later when you’re creating filesystems and mountpoints. The -L option specifies the size of the volume:

pvcreate /dev/md1
vgcreate vg_server1 /dev/md1
lvcreate -L4g -nlv_home vg_server1
lvcreate -L2g -nlv_var vg_server1
lvcreate -L1g -nlv_tmp vg_server1

This creates a new partition assigned the whole drive capacity.

parted /dev/vg_server1/lv_home mklabel gpt (or msdos)
parted /dev/vg_server1/lv_home mkpart primary ext4 1 -1

You can use pvdisplay, vgdisplay and lvdisplay to see the fruits of your labors. Use vgdisplay to see how much space is left.

Create file system:

mkfs -t ext4 /dev/vg_server1/lv_home

Check disk free space:

df -h /dev/mapper/vg_server1-lv_home

Resize LVM root partition:

lvextend -L+1G /dev/mapper/vg1-lvRoot
resize2fs /dev/mapper/vg1-lvRoot

Expanding (virtual machine) partition

1) Resize virtual disk in VMware vSphere.
2) Boot GParted CD, resize extended partition, deactivate LV, resize LV, activate LV.
3) From GParted terminal extend LV: lvextend -L +12G /dev/vg01/root
4) From GParted terminal resize file system: resize2fs /dev/vg01/root

Detail on the fly resize guide you can find here:
http://theducks.org/2009/11/expanding-lvm-partitions-in-vmware-on-the-fly/

How do I upgrade from x86 to x64 without losing settings

http://askubuntu.com/questions/6176/how-do-i-upgrade-from-x86-to-x64-without-losing-settings

1) Backup your /etc and /home folders (I have /home as its own partition, you may need more folders if you have any custom folders… or /var/www if you have Apache, maybe backup databases if you had any). You may use for example fsarchiver.

2) Run dpkg --get-selections > installed-software to save the list of installed software, change content of exported package list, replace word “deinstall” to “installed“, backup the file “installed-software“.

3) Install the x64 version over existing system without formating volume, create the same users. Restore the /etc and /home folders and the “installed-software” file.

4) Run dpkg --set-selections < installed-software, then run apt-get dselect-upgrade to install the previously installed software.

How to setup OpenVPN with bridging on Ubuntu 12.04

https://help.ubuntu.com/12.04/serverguide/openvpn.html
http://ubuntuguide.org/wiki/OpenVPN_server

# Setup your router to forward port 1194 to OpenVPN server or place server in DMZ (all incoming traffic is forwaded to OpenVPN server)

# install OpenVPN and bridge utilities
apt-get -y install openvpn bridge-utils

# setup bridge br0 interface and modify primary interface eth0 (assign eth0 IP address to br0 interface)
/etc/network/interfaces

auto eth0
iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down

auto br0
iface br0 inet static
bridge_ports eth0 tap0
address 10.0.0.100
netmask 255.255.255.0
gateway 10.0.0.138
dns-nameservers 8.8.8.8 8.8.4.4

Restart networking:
service networking restart

# Allow NAT using ufw as firewall
http://blog.philippklaus.de/2010/09/openvpn/
/etc/default/ufw

DEFAULT_FORWARD_POLICY="ACCEPT"

In /etc/ufw/sysctl.conf uncomment

net.ipv4.ip_forward=1

Restart the firewall:
ufw disable && sudo ufw enable

# Create certificates

mkdir /etc/openvpn/easy-rsa/
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

/etc/openvpn/easy-rsa/vars

export KEY_COUNTRY="CZ"
export KEY_PROVINCE=""
export KEY_CITY="Praha"
export KEY_ORG="Company name"
export KEY_EMAIL="my@email.cz"
export KEY_CN=openvpn-server
export KEY_NAME="OpenVPN Seerver"
export KEY_OU=""
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"

# CA

cd /etc/openvpn/easy-rsa/

# whichopensslcnf was broken so I had to hard code:
# export KEY_CONFIG="$EASY_RSA/openssl-1.0.0.cnf"
# or cp openssl-1.0.0.cnf openssl.cnf
source vars
./clean-all
./build-ca

# server certs

./build-key-server server
./build-dh
cd keys/
cp server.crt server.key ca.crt dh1024.pem /etc/openvpn/

# client certs

cd /etc/openvpn/easy-rsa/
source vars
./build-key client1

# copy the following files to the client using a secure method:
/etc/openvpn/ca.crt
/etc/openvpn/easy-rsa/keys/client1.crt
/etc/openvpn/easy-rsa/keys/client1.key

# server config

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz

/etc/openvpn/server.conf
local 10.0.0.100
port 1194
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
# router ip, netmask, first assigned IP, last assigned IP to client
server-bridge 10.0.0.138 255.255.255.0 10.0.0.90 10.0.0.99
push "route 10.0.0.0 255.255.255.0"
up "/etc/openvpn/up.sh br0 eth0"
keepalive 10 120
comp-lzo
;user nobody
;group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log
verb 3
mute 20
script-security 2

/etc/openvpn/up.sh

#!/bin/sh

BR=$1
ETHDEV=$2
TAPDEV=$3

/sbin/ip link set "$TAPDEV" up
/sbin/ip link set "$ETHDEV" promisc on
/sbin/brctl addif $BR $TAPDEV

chmod 755 /etc/openvpn/up.sh

# client config
# install OpenVPN client on Linux/Windows/OSX
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /home/user/openvpn/client.conf
/home/user/openvpn/client.conf

client
dev tap
proto udp
remote YOUR.SERVER.IP 1194
# if needed, adjust path to following certificates
ca ca.crt
cert client1.crt
key client1.key
;tls-auth ta.key 1
resolv-retry infinite
nobind
;user nobody
;group nogroup
persist-key
persist-tun
;ns-cert-type server
comp-lzo
verb 3

# install and configure ufw

apt-get -y install ufw
ufw allow 1194

Don’t forget to allow ssh port 22 if you need it!

# start openvpn on the server
service openvpn start

# Check bridge status
Both interfaces eth0 and tap0 should be part of the br0.
brctl show

bridge name  bridge id    STP enabled  interfaces
br0    8000.000e2eac3d6a  no    eth0
              tap0

# install the client.conf and keys on the client, and connect!

Postfix SMTP Authentication

http://linux.about.com/od/ubusrv_doc/a/ubusg29t05.htm
http://www.jimmy.co.at/weblog/?p=52

apt-get install sasl2-bin libsasl2-2 libsasl2-modules

Configure Postfix to do SMTP AUTH using SASL (saslauthd):

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' > /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' > /etc/postfix/sasl/smtpd.conf

cd ~
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
mv smtpd.key /etc/ssl/private/
mv smtpd.crt /etc/ssl/certs/
mv cakey.pem /etc/ssl/private/
mv cacert.pem /etc/ssl/certs/

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

/etc/default/saslauthd

START=yes
MECHANISMS="pam"

/etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login

/etc/postfix/main.cf

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination

rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
adduser postfix sasl

/etc/init.d/postfix restart
/etc/init.d/saslauthd start

Finally we test it using telnet. We need perl to generate the string for the SASL authentication:
perl -MMIME::Base64 -e 'print encode_base64("username\0username\0password");'
e.g.
perl -MMIME::Base64 -e 'print encode_base64("jimmy\0jimmy\0real-secret");'
amltbXkAamltbXkAcmVhbC1zZWNyZXQ=

jimmy@reptile:~$ telnet jimmy.co.at 25
Trying 80.237.145.96...
Connected to jimmy.co.at.
Escape character is '^]'.
220 kitana.jimmy.co.at ESMTP Mailserver
ehlo reptile.g-tec.co.at
250-kitana.jimmy.co.at
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250 8BITMIME
AUTH PLAIN amltbXkAamltbXkAcmVhbC1zZWNyZXQ=
235 Authentication successful

Or you can test SASL authentication using this command:

testsaslauthd -u username -p password

Remove all unused kernels in debian based systems

http://www.unixmen.com/remove-all-unused-kernels-with-1-command-in-debian-based-systems/

sudo apt-get remove $(dpkg -l|egrep '^ii  linux-(im|he)'|awk '{print $2}'|grep -v `uname -r`)

If it doesn’t work, try this:

dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' | xargs sudo apt-get -y purge

http://www.commandlinefu.com/commands/view/10520/remove-all-unused-kernels-with-apt-get

OpenWRT Boot from USB device

http://www.nslu2-linux.org/wiki/OpenWRT/BootFromUsbDevice

This guide covers fast (12mbit/s) USB and ext2 filesystem only. Make sure you install package kmod-usb2 and load module ehci-hcd or your disk will be (very, hdparm -t < 12,5mbit/s) slow. This tutorial is for OpenWRT (kamikaze, backfire) with 2.6 kernel, but it will probably work for other devices too running OpenWRT on a 2.6 kernel. If you are unsure what kernel you have use: uname -a which will give you something like this:

Linux OpenWrt 2.6.21.6 #1 Fri Dec 28 11:04:49 UTC 2007 armv5teb unknown
First of all make sure you have all the modules required:
ipkg update
ipkg install kmod-usb-core kmod-usb-uhci kmod-scsi-core kmod-usb-storage kmod-fs-ext2 kmod-fs-ext3
Then load these modules:
insmod ext2
insmod jbd
insmod ext3
Install e2fsprogs and fdisk: ipkg install e2fsprogs fdisk Partition your disk. I have a 1GB Verbatim and used 700 MB for ext2 and 300 MB for swap. fdisk /dev/sdX <- change this to your device Then format your partition: mke2fs /dev/sdX1 <- change this to your device Mount it and copy the filesystem to your USB-device:
mount -t ext2 /dev/sda1 /mnt
mkdir /tmp/root
mount -o bind /rom /tmp/root
cp /tmp/root/* /mnt -a
umount /tmp/root
umount /mnt
vi /etc/init.d/pivotroot
copy and paste this into /etc/init.d/pivotroot
#!/bin/sh
# change this to your boot device
boot_dev="/dev/sda1"
/sbin/hotplug2 --override --persistent --max-children 1 --no-coldplug &
for module in usbcore uhci scsi_mod sd_mod usb-storage jbd ext2 ext3 ; do {
        insmod $module
        }; done

        # this may need to be higher if your disk is slow to initialize
        sleep 30s
        # mount the usb stick
        mount "$boot_dev" /mnt
        # if everything looks ok, do the pivot root
killall hotplug2
        [ -x /mnt/sbin/init ] && {
                mount -o move /proc /mnt/proc && \
                pivot_root /mnt /mnt/mnt && {
                mount -o move /mnt/dev /dev
                mount -o move /mnt/tmp /tmp
                mount -o move /mnt/jffs2 /jffs2 2>&-
                mount -o move /mnt/sys /sys 2>&-
          }
}
Then make it executable: chmod a+x /etc/init.d/pivotroot Now, make the symlink so it will start at boot time: ln -s /etc/init.d/pivotroot /etc/rc.d/S10pivotroot replace everything in /etc/init.d/rcS with this vi /etc/init.d/rcS
#!/bin/sh
# Copyright (C) 2006 OpenWrt.org
if test $2 == "boot" ; then
/etc/init.d/pivotroot
fi
{
 for i in /etc/rc.d/$1*; do
 $i $2 2>&1
 done
} | logger -s -p 6 -t '' &

Now reboot and telnet to your slug

Use 'passwd' to set your new root password

exit
Log in with ssh. To make sure it works type df -h. Which will give you something like this

Filesystem                Size      Used Available Use% Mounted on
/dev/sda1                 1.0M      1.0M         0 100% /mnt/rom
/dev/mtdblock5            5.4M    752.0k      4.6M  14% /mnt/jffs
mini_fo:/jffs             1.0M      1.0M         0 100% /mnt
/dev/sda1               656.1M     19.0M    603.7M   3% /
Fixup resolv.conf symlink:
rm /etc/resolv.conf
ln -s /tmp/resolv.conf.auto /etc/resolv.conf
If you created a swap partition you may want to use it:
ipkg update
ipkg install swap-utils
mkswap /dev/sda2
swapon /dev/sda2
Make it start at boot time:
echo "#!/bin/sh" >> /etc/init.d/swapspace
echo "swapon /dev/sda2" >> /etc/init.d/swapspace
chmod a+x /etc/init.d/swapspace
ln -s /etc/init.d/swapspace /etc/rc.d/S99swapspace
Use free to see if it worked: free
              total         used         free       shared      buffers
  Mem:        30472        11628        18844            0          960
 Swap:       297192            0       297192
Total:       327664        11628       316036
OpenWRT full backup
tar cv /bin /etc /home /lib /root /sbin /tmp /usr /www > openwrt.tar
scp openwrt.tar user@backup-serve:/backup