1 |
Remote, automated, secure backups is the most difficult and |
2 |
time-consuming Gentoo project I've undertaken. |
3 |
|
4 |
Right now I'm pushing data from each of my systems to a backup server |
5 |
via rdiff-backup. The main problem with this is if a system is |
6 |
compromised its backup is also vulnerable. Also, you can't restrict |
7 |
rdiff-backup to a particular directory in authorized_keys like you can |
8 |
with rsync, and rdiff-backup isn't very good over the internet (I've |
9 |
had trouble on sub-optimal connections) and it's recommended on the |
10 |
mailing list to use rdiff-backup either before or after rsync'ing over |
11 |
the internet. |
12 |
|
13 |
We've discussed this vulnerability here before and it was suggested |
14 |
that I use hard links to version the rdiff-backup repository on the |
15 |
backup server in case it's tampered with. I've been studying hard |
16 |
links, cp -al, rsnapshot (which uses rsync and hard links), and rsync |
17 |
--link-dest (which uses hard links) but I can't figure out how that |
18 |
would work without the inevitable duplication of data on a large |
19 |
scale. |
20 |
|
21 |
Can anyone think of an automated method that remotely and securely |
22 |
backs up data from one system to another, preserves permissions and |
23 |
ownership, and keeps the backups safe even if the backed-up system is |
24 |
compromised? |
25 |
|
26 |
I did delve into bacula but decided it was overkill for just a few systems. |
27 |
|
28 |
- Grant |