| 1 |
On 09/26/2010 03:13 PM, Grant wrote: |
| 2 |
> I'm using backupninja to backup data from my laptop, desktop, and |
| 3 |
> remote server onto a remote desktop system. backupninja is very |
| 4 |
> simple and is really just an interface to a few other programs |
| 5 |
> including rdiff-backup. I'm not worried about a good restore method |
| 6 |
> for now, I want to focus on keeping it simple and protecting my data. |
| 7 |
> This is the first time I've set up a real backup system and I'd love |
| 8 |
> to get some advice from you guys. I've got a few questions. |
| 9 |
> |
| 10 |
> 1. This is the first time I've used passwordless SSH keys. root on |
| 11 |
> each system being backed up logs into the remote desktop as a normal |
| 12 |
> user to store the backups. Is this pretty safe? I suppose if root is |
| 13 |
> compromised on any of the three systems being backed up (via physical |
| 14 |
> access or otherwise), the remote desktop will also be compromised as a |
| 15 |
> normal user. Maybe that normal user should be extraordinarily |
| 16 |
> unprivileged? |
| 17 |
|
| 18 |
You can limit SSH access to only certain commands. On the remote desktop |
| 19 |
machine, you probably had to add an entry to the SSH authorized_keys |
| 20 |
file. You can prefix that line with the command that the user is allowed |
| 21 |
to run. For example (I use rdiff-backup too): |
| 22 |
|
| 23 |
command="/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding |
| 24 |
ssh-rsa <big_ugly_key> |
| 25 |
|
| 26 |
My uneducated guess is that this is safe unless there's a bug in |
| 27 |
rdiff-backup or ssh. |
| 28 |
|
| 29 |
|
| 30 |
> 2. backupninja can email reports. This works on my remote server |
| 31 |
> which runs postfix, but my laptop and desktop don't run an MTA. Is |
| 32 |
> there a simple one that would be well-suited to a purpose like this, |
| 33 |
> or do I need full-blown postfix on my laptop and desktop? Whatever I |
| 34 |
> choose, I'd also like to use it to send PORTAGE_ELOG messages from |
| 35 |
> those systems. |
| 36 |
|
| 37 |
Both ssmtp and nbsmtp work great for getting mail off your machine and |
| 38 |
to a real MTA. Just configure them with your account details (gmail or |
| 39 |
whatever). Create new account if you don't want to put your real details |
| 40 |
in a text file on every machine. |
| 41 |
|
| 42 |
|
| 43 |
> 3. On each system I back up /etc, /home/user/backup, |
| 44 |
> /var/lib/portage/world, and /usr/src/linux/.config along with anything |
| 45 |
> special from that system. Would anyone recommend I back up anything |
| 46 |
> else? Some of the hidden directories in /home/user might come in |
| 47 |
> handy, but I think I can rebuild those without too much trouble. |
| 48 |
|
| 49 |
Some programs stick stuff in /var/lib. The two most important that I |
| 50 |
know of are MySQL and PostgreSQL. I also back up all of /home and /root. |
| 51 |
|
| 52 |
|
| 53 |
> 4. I have 600GB of music and photos that I'd like to back up somehow, |
| 54 |
> but that is too much data to send to my remote desktop over my 20KB/s |
| 55 |
> upload. How would you handle this? I was thinking maybe two external |
| 56 |
> USB drives that I switch back and forth between being connected to the |
| 57 |
> desktop system and being stored in a fireproof/waterproof container |
| 58 |
> and hidden somewhere in my apartment to hopefully protect against |
| 59 |
> fire, flood, and theft. |
| 60 |
|
| 61 |
How often do you add new photos/music? You could make an initial trip |
| 62 |
with a big hard drive and copy everything that way. Then, the subsequent |
| 63 |
syncs would require a lot less traffic. |
| 64 |
|
| 65 |
|
| 66 |
> 5. Do I have enough redundancy with backups only being stored on one system? |
| 67 |
|
| 68 |
Depends on how important your stuff is. Ideally, you should rotate the |
| 69 |
physical media on your remote server and keep some copies off-site. That |
| 70 |
adds cost obviously; only you know whether or not it's worth it. |
| 71 |
|
| 72 |
|
| 73 |
> 6. Any ideas for backing up the remote desktop which is the system |
| 74 |
> where all the backups are stored? I can't back it up to my desktop or |
| 75 |
> laptop because I'm behind some kind of a shared IP address. I also |
| 76 |
> don't want to back it up to the remote server because that would |
| 77 |
> require SSH keys on the remote server and if the remote desktop is |
| 78 |
> compromised I don't want the remote server compromised along with it. |
| 79 |
|
| 80 |
If you really want to do it right, my recommendation would be to set up |
| 81 |
a separate machine with a swappable 2TB drive -- and buy a spare. Back |
| 82 |
up every other machine to it, and rotate the drive once a week or so. |
| 83 |
Keep the out-of-rotation drive at your house, office, or other safe |
| 84 |
place so a tyrannosaurus attack can't destroy all of the backups at once. |
| 85 |
|
| 86 |
If you locate the new machine close to your desktop/laptop, you can |
| 87 |
easily backup the photos and music to it too. |
Archives