burp-server.conf 6.6 KB
Newer Older
1
# This is an example config file for the burp server.
2
3
4

mode = server

5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# The default addresses to listen on depend upon compile time options.
# They may be overridden here.
# The port and address options have been removed in 2.2.10
# You must use listen instead
listen = 0.0.0.0:4971
max_children = 5
listen = 0.0.0.0:5971
max_children = 5

# Think carefully before changing the status port address, as it can be used
# to view the contents of backups.
# If you do not wish to run a status server at all, comment listen_status out.
# The status_port and status_address options have been removed in 2.2.10
# You must use listen_status instead
listen_status = 0.0.0.0:4972
max_status_children = 10

directory = /var/spool/burp
dedup_group = global
clientconfdir = /etc/burp/clientconfdir
# Choose the protocol to use.
# 0 to decide automatically, 1 to force protocol1 mode (file level granularity
# with a pseudo mirrored storage on the server and optional rsync). 2 forces
# protocol2 mode (inline deduplication with variable length blocks).
# Like many other settings, this can be set per client in the clientconfdir
# files.
# protocol = 0
pidfile = /run/burp/burp.server.pid
hardlinked_archive = 0
working_dir_recovery_method = delete
umask = 0022
syslog = 1
37
stdout = 1
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# The following options can restrict what the client can do.
# Restore clients can override all of these expect for force_backup.
client_can_delete = 1
# Set client_can_force_backup to 0 to only allow timed backups.
client_can_force_backup = 1
client_can_list = 1
# Set client_can_restore to 0 if you want restores to only be initialised by
# the server.
client_can_restore = 1
client_can_verify = 1
# Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
# ratelimit = 1.5
# Network timeout defaults to 7200 seconds (2 hours).
# network_timeout = 7200

# Server storage compression. Default is zlib9. Set to zlib0 to turn it off.
#compression = zlib9

# When the client version does not match the server version, log a warning.
# Set to 0 to turn it off.
version_warn = 1

# More configuration files can be read, using syntax like the following
# (without the leading '# ').
# . path/to/more/conf
# Location of autoupgrade files to serve to clients. Leave it commented out
# to not autoupgrade clients.
# autoupgrade_dir = /etc/burp/autoupgrade/server

# You can have as many 'keep' lines as you like.
# For example, if running backups daily, setting 7, 4, 6 will keep
# 7 daily backups, 4 weekly, and 6 four-weekly backups.
keep = 7
# keep = 4
# keep = 6

# Run as different user/group.
75
76
user = burp
group = burp
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178

# CA options.
# If you want your server to be a certificate authority and generate its own
# certificates, uncomment the following lines. If the directory specified in
# ca_conf does not exist, the server will create, populate it, and the paths
# indicated by ssl_cert_ca, ssl_cert, ssl_key and ssl_dhfile below will be
# overwritten. See docs/burp_ca.txt for more information.
ca_conf = /etc/burp/CA-2.1.cnf
ca_name = burpCA
ca_server_name = burpserver
ca_burp_ca = /usr/sbin/burp_ca

# Check for revoked certificates in the certificate revocation list.
# Turn this off if you use the old ssl_extra_checks_script server script.
ca_crl_check = 1

# SSL certificate authority - same file on both server and client
ssl_cert_ca = /var/lib/burp/ssl/server/ssl_cert_ca.pem

# Server SSL certificate
ssl_cert = /var/lib/burp/ssl/server/ssl_cert-server.pem

# Server SSL key
ssl_key = /var/lib/burp/ssl/server/ssl_cert-server.key

# Server SSL ciphers
#ssl_ciphers =

# Server SSL compression. Default is zlib5. Set to zlib0 to turn it off.
#ssl_compression = zlib5

# SSL key password, for loading a certificate with encryption.
#ssl_key_password = password

# Server DH file.
ssl_dhfile = /var/lib/burp/ssl/server/dhfile.pem

# The default timer_script treats the first timer_arg as the minimum interval
#timer_script = /usr/share/burp/scripts/timer_script
# Ensure that 20 hours elapse between backups
# Available units:
# s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months)
timer_arg = 20h
# Allow backups to start in the evenings and nights during weekdays
timer_arg = Mon,Tue,Wed,Thu,Fri,00,01,02,03,04,05,19,20,21,22,23
# Allow more hours at the weekend.
timer_arg = Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23
# Note that, if you specify no timebands, the default timer script will never
# allow backups.

# Uncomment the notify_success_* lines for email notifications of backups that
# succeeded.
# In the subject line, the following are substituted:
# %b - "backup"/"restore"/"verify"
# %c - client name
# %w - number of warnings, if any
#notify_success_script = /usr/share/burp/scripts/notify_script
#notify_success_arg = sendmail -t
#notify_success_arg = To: youremail@example.com
#notify_success_arg = From: burp
#notify_success_arg = Subject: %b succeeded: %c %w
# Uncomment the following to have success notifications only if there were
# warnings.
#notify_success_warnings_only = 1
# Uncomment the following to have success notifications only if there were
# new or changed files.
#notify_success_changes_only = 1

# Uncomment the following for email notifications of backups that failed.
#notify_failure_script = /usr/share/burp/scripts/notify_script
#notify_failure_arg = sendmail -t
#notify_failure_arg = To: youremail@example.com
#notify_failure_arg = From: burp
#notify_failure_arg = Subject: %b failed: %c %w

# The server can run scripts on each connection after authentication and before
# disconnecting.
#server_script_pre = /usr/share/burp/scripts/ssl_extra_checks_script
#server_script_pre_arg = /etc/burp/crl
#server_script_pre_arg = /etc/burp/burp-server.conf
#server_script_pre_arg = /usr/share/burp/scripts/server-pre-script.local
# Set server_script_pre_notify to 1 to have notifications on server_script_pre
# returning non-zero. Most people will want to leave this off - it could
# result in a lot of emails because clients normally connect once every 20
# minutes. Requires notify_failure_script to be set above.
#server_script_pre_notify = 0
#server_script_post =
#server_script_post_arg =
#server_script_post_arg =
#server_script_post_run_on_fail=0
# As for server_script_pre_notify, but for post.
#server_script_post_notify = 0

# Clients that are able to list and restore files belonging to any other
# client. If this is too permissive, you may set a restore_client for
# individual original clients in the individual clientconfdir files.
# restore_client = someclient
# restore_client = someotherclient

# Whether or not the server process should cache the tree when a monitor client
# is browsing a backup. Advantage: speed. Disadvantage: more memory is used.
#monitor_browse_cache = 1