| 1 |
On 06/29/13 16:42, Grant wrote: |
| 2 |
>Remote, automated, secure backups is the most difficult and |
| 3 |
>time-consuming Gentoo project I've undertaken. |
| 4 |
> |
| 5 |
>Right now I'm pushing data from each of my systems to a backup server |
| 6 |
>via rdiff-backup. The main problem with this is if a system is |
| 7 |
>compromised its backup is also vulnerable. Also, you can't restrict |
| 8 |
>rdiff-backup to a particular directory in authorized_keys like you can |
| 9 |
>with rsync, and rdiff-backup isn't very good over the internet (I've |
| 10 |
>had trouble on sub-optimal connections) and it's recommended on the |
| 11 |
>mailing list to use rdiff-backup either before or after rsync'ing over |
| 12 |
>the internet. |
| 13 |
> |
| 14 |
>We've discussed this vulnerability here before and it was suggested |
| 15 |
>that I use hard links to version the rdiff-backup repository on the |
| 16 |
>backup server in case it's tampered with. I've been studying hard |
| 17 |
>links, cp -al, rsnapshot (which uses rsync and hard links), and rsync |
| 18 |
>--link-dest (which uses hard links) but I can't figure out how that |
| 19 |
>would work without the inevitable duplication of data on a large |
| 20 |
>scale. |
| 21 |
> |
| 22 |
>Can anyone think of an automated method that remotely and securely |
| 23 |
>backs up data from one system to another, preserves permissions and |
| 24 |
>ownership, and keeps the backups safe even if the backed-up system is |
| 25 |
>compromised? |
| 26 |
> |
| 27 |
>I did delve into bacula but decided it was overkill for just a few systems. |
| 28 |
> |
| 29 |
>- Grant |
| 30 |
|
| 31 |
You did not tell us what are you trying to backup; entire system or just particular files. |
| 32 |
Are you afraid of updates or data loss? |
| 33 |
|
| 34 |
I have two machine in remote location as well. So I usually upgrade my local machine first, wait one week and if there are no surprises I upgrade remote main server |
| 35 |
first. If everything goes OK (no surprises and/or complains), I upgrade remote backup machine. |
| 36 |
|
| 37 |
I run "vpn" so I just use rsync over vpn to make an incremental backup daily (Mon. to Fri.). |
| 38 |
|
| 39 |
-- |
| 40 |
Joseph |
Archives