Gentoo Archives: gentoo-user

From: Grant <emailgrant@×××××.com>
To: Gentoo mailing list <gentoo-user@l.g.o>
Subject: [gentoo-user] {OT} backups... still backups....
Date: Sat, 29 Jun 2013 23:42:40
1 Remote, automated, secure backups is the most difficult and
2 time-consuming Gentoo project I've undertaken.
4 Right now I'm pushing data from each of my systems to a backup server
5 via rdiff-backup. The main problem with this is if a system is
6 compromised its backup is also vulnerable. Also, you can't restrict
7 rdiff-backup to a particular directory in authorized_keys like you can
8 with rsync, and rdiff-backup isn't very good over the internet (I've
9 had trouble on sub-optimal connections) and it's recommended on the
10 mailing list to use rdiff-backup either before or after rsync'ing over
11 the internet.
13 We've discussed this vulnerability here before and it was suggested
14 that I use hard links to version the rdiff-backup repository on the
15 backup server in case it's tampered with. I've been studying hard
16 links, cp -al, rsnapshot (which uses rsync and hard links), and rsync
17 --link-dest (which uses hard links) but I can't figure out how that
18 would work without the inevitable duplication of data on a large
19 scale.
21 Can anyone think of an automated method that remotely and securely
22 backs up data from one system to another, preserves permissions and
23 ownership, and keeps the backups safe even if the backed-up system is
24 compromised?
26 I did delve into bacula but decided it was overkill for just a few systems.
28 - Grant


Subject Author
Re: [gentoo-user] {OT} backups... still backups.... Neil Bothwick <neil@××××××××××.uk>
Re: [gentoo-user] {OT} backups... still backups.... "Stefan G. Weichinger" <lists@×××××.at>
Re: [gentoo-user] {OT} backups... still backups.... Joseph <syscon780@×××××.com>