From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 4F456138200 for ; Mon, 1 Jul 2013 03:17:44 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 14E70E09FA; Mon, 1 Jul 2013 03:17:35 +0000 (UTC) Received: from mail129c7.megamailservers.com (mail129c7-2520.megamailservers.com [69.49.98.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DBEC0E08A6 for ; Mon, 1 Jul 2013 03:17:33 +0000 (UTC) X-POP-User: admin.sys-concept.com Received: from syscon7.localdomain (S01060050da7ae68c.ed.shawcable.net [68.149.90.13]) by mail129c7.megamailservers.com (8.13.6/8.13.1) with ESMTP id r613HV8E026526 for ; Sun, 30 Jun 2013 23:17:32 -0400 Received: by syscon7.localdomain (Postfix, from userid 1000) id 6DF2C203576; Sun, 30 Jun 2013 21:18:13 -0600 (MDT) Date: Sun, 30 Jun 2013 21:18:13 -0600 From: Joseph To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] {OT} backups... still backups.... Message-ID: <20130701031813.GA30820@syscon7.inet> References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-CSC: 0 X-CHA: v=1.1 cv=uQcXmEevW4+T8RV/mG2Zeqv+q6d5WB6M/PF32IqNazg= c=1 sm=1 a=wom5GMh1gUkA:10 a=qkuK28ohTWYA:10 a=nDghuxUhq_wA:10 a=8nJEP1OIZ-IA:10 a=C3ZDv51cNVt4vJz/79I2xQ==:17 a=RwHgofDKfD_yNekzzH8A:9 a=wPNLvfGTeEIA:10 a=C3ZDv51cNVt4vJz/79I2xQ==:117 X-CTCH-Spam: Unknown X-CTCH-RefID: str=0001.0A02020A.51D0F4CD.000E,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-Archives-Salt: 45ff7a15-7465-4b8b-a5c5-c586efe3f2bb X-Archives-Hash: 6a15a9878eaee7b0a73066fc6f039f8f On 06/29/13 16:42, Grant wrote: >Remote, automated, secure backups is the most difficult and >time-consuming Gentoo project I've undertaken. > >Right now I'm pushing data from each of my systems to a backup server >via rdiff-backup. The main problem with this is if a system is >compromised its backup is also vulnerable. Also, you can't restrict >rdiff-backup to a particular directory in authorized_keys like you can >with rsync, and rdiff-backup isn't very good over the internet (I've >had trouble on sub-optimal connections) and it's recommended on the >mailing list to use rdiff-backup either before or after rsync'ing over >the internet. > >We've discussed this vulnerability here before and it was suggested >that I use hard links to version the rdiff-backup repository on the >backup server in case it's tampered with. I've been studying hard >links, cp -al, rsnapshot (which uses rsync and hard links), and rsync >--link-dest (which uses hard links) but I can't figure out how that >would work without the inevitable duplication of data on a large >scale. > >Can anyone think of an automated method that remotely and securely >backs up data from one system to another, preserves permissions and >ownership, and keeps the backups safe even if the backed-up system is >compromised? > >I did delve into bacula but decided it was overkill for just a few systems. > >- Grant You did not tell us what are you trying to backup; entire system or just particular files. Are you afraid of updates or data loss? I have two machine in remote location as well. So I usually upgrade my local machine first, wait one week and if there are no surprises I upgrade remote main server first. If everything goes OK (no surprises and/or complains), I upgrade remote backup machine. I run "vpn" so I just use rsync over vpn to make an incremental backup daily (Mon. to Fri.). -- Joseph