Hi there, On Fri, 13 Aug 2021, Rob Morin wrote:
WHat I was thinking was simply moving/renaming the current backup set and making the dir immutable to prevent ransomware from getting to it.
I suspect that your idea won't work. How do you propose to make the directory immutable? If it's by means of some utility like 'chattr' then what's to stop the ransomware from using the same techniques to remove the immutable flag? The best way to avoid malicious access to the backup is to have it on a separate machine which can't be accessed from the network. It can use firewall techniques to drop all attempts to connect *from* remote machines, yet still be able to connect *to* the same remote machines to run the backups. Of course this assumes that you trust the network stacks, the implementation of the firewall etc., but those things are usually fairly trustworthy - and of course since you're paranoid they are all kept up to date with security patches. If you're really paranoid (not unreasonable in many situations), then switch the backup machine off while it isn't doing backups. I'm a big fan of having more than one backup; a second backup could be another BackupPC machine, but I'm also a fan of using more than one method of backing up; if it's something you do only every few months, you could use something like tar and a USB stick. -- 73, Ged. _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
