Pull backups for paranoiacs

Why bother?

What motivated the writting of this article is this simple fact : when the aliens seize your server, they have root access to it. They can delete all your data if they want to. "No problem," will you say, "I've got my remote backup." Well, unless you desactivate your backup cronjob (on the remote box) soon enough, they can rm -rf your data, connect the box back to the net, and let your nice rsync cronjob do its job i.e.... delete your remote backups!

A solution

The solution I'm using is to have three remote backup servers :

• server 1 : updated daily
• server 2 : updated on thursdays
• server 3 : updated on sundays

This way, if the aliens are faster than you and destroy server 1's backup and one of the two others, you still have 3 days to protect the last one before it pulls empty directories

Alternatives

• rotation with at least 3 sets
• backup the backups on some box rsync can not touch
• rsync options --max-delete and/or --delete
• rdiff-backup : it provides a delta backup, so you can recover older versions than the one you just had abducted by aliens

See also

• MirrorHowTo - info on mirroring IMC sites
• BackupHowTo - info on backing up servers
• Debian push mirroring & chapter 8 of O'Reilly ssh book explains how to limit the commands that ssh can run buy setting the script in the ssh key
• Boum:TechStdOut/EncryptedBackupsForParanoiacs - encrypted backups with the above concerns in mind

---

-- IntRigeri - 20 Jan 2005 : first version

-- IntRigeri - 20 Jan 2005 : added various alternatives suggested by others on IRC or on imc-tech