You really want immutability on your offsite location. If you’re small (<a few hundred tb’s), a single Linux box with zfs and snapshots would suffice. Pull backups from your Amanda node, and disable outside access to the host. Disconnect ilo/idrac, disable ssh.
The plan reaches further than just where you store your files. Think of a worst case scenario where a hacker has had all your credentials for a few months, and also compromised the it team’s 2fa store on their mobiles. And now they’re ready to hit the delete button. ;) Angelo. On Fri, 27 Dec 2024 at 11:23, Charles Curley < [email protected]> wrote: > On Fri, 27 Dec 2024 20:03:31 +1100 > duluxoz <[email protected]> wrote: > > > Hi All, > > > > We're trying to follow backup best practice (ie the 3-2-1 Rule: 3 > > backups on 2 different media, 1 off-site). My question is: What's the > > best way to achieve this: > > > > 1. Run three identical backups to each of the three destinations > > 2. Run a single backup and use something like scp or rsync to copy > > the resulting backup files to the other two destinations > > 3. Or can Amanda backup to multiple destinations at once, and if so, > > how is this accomplished > > So far as I know, amanda does not do 3. I do a variant on 2. > https://charlescurley.com/blog/posts/2019/Nov/02/backups-on-linux/ > > -- > Does anybody read signatures any more? > > https://charlescurley.com > https://charlescurley.com/blog/ >
