Pull backups for paranoiacs
What motivated the writting of this article is this simple fact : when
the aliens seize your server, they have root access to it. They can
delete all your data if they want to. "No problem,"
will you say,
"I've got my remote backup."
Well, unless you desactivate your
backup cronjob (on the remote box) soon enough, they can
data, connect the box back to the net, and let your nice rsync cronjob
do its job i.e.... delete your remote backups!
The solution I'm using is to have three
remote backup servers :
- server 1 : updated daily
- server 2 : updated on thursdays
- server 3 : updated on sundays
This way, if the aliens are faster than you and destroy server 1's
backup and one of the two others, you still have 3 days to protect the
last one before it pulls empty directories
- rotation with at least 3 sets
- backup the backups on some box rsync can not touch
- rsync options
- rdiff-backup : it provides a delta backup, so you can recover older versions than the one you just had abducted by aliens
- 20 Jan 2005 : first version
- 20 Jan 2005 : added various alternatives suggested by others on IRC or on imc-tech