1 |
On 06/29/13 16:42, Grant wrote: |
2 |
>Remote, automated, secure backups is the most difficult and |
3 |
>time-consuming Gentoo project I've undertaken. |
4 |
> |
5 |
>Right now I'm pushing data from each of my systems to a backup server |
6 |
>via rdiff-backup. The main problem with this is if a system is |
7 |
>compromised its backup is also vulnerable. Also, you can't restrict |
8 |
>rdiff-backup to a particular directory in authorized_keys like you can |
9 |
>with rsync, and rdiff-backup isn't very good over the internet (I've |
10 |
>had trouble on sub-optimal connections) and it's recommended on the |
11 |
>mailing list to use rdiff-backup either before or after rsync'ing over |
12 |
>the internet. |
13 |
> |
14 |
>We've discussed this vulnerability here before and it was suggested |
15 |
>that I use hard links to version the rdiff-backup repository on the |
16 |
>backup server in case it's tampered with. I've been studying hard |
17 |
>links, cp -al, rsnapshot (which uses rsync and hard links), and rsync |
18 |
>--link-dest (which uses hard links) but I can't figure out how that |
19 |
>would work without the inevitable duplication of data on a large |
20 |
>scale. |
21 |
> |
22 |
>Can anyone think of an automated method that remotely and securely |
23 |
>backs up data from one system to another, preserves permissions and |
24 |
>ownership, and keeps the backups safe even if the backed-up system is |
25 |
>compromised? |
26 |
> |
27 |
>I did delve into bacula but decided it was overkill for just a few systems. |
28 |
> |
29 |
>- Grant |
30 |
|
31 |
You did not tell us what are you trying to backup; entire system or just particular files. |
32 |
Are you afraid of updates or data loss? |
33 |
|
34 |
I have two machine in remote location as well. So I usually upgrade my local machine first, wait one week and if there are no surprises I upgrade remote main server |
35 |
first. If everything goes OK (no surprises and/or complains), I upgrade remote backup machine. |
36 |
|
37 |
I run "vpn" so I just use rsync over vpn to make an incremental backup daily (Mon. to Fri.). |
38 |
|
39 |
-- |
40 |
Joseph |