On 09/26/2010 03:13 PM, Grant wrote: > I'm using backupninja to backup data from my laptop, desktop, and > remote server onto a remote desktop system. backupninja is very > simple and is really just an interface to a few other programs > including rdiff-backup. I'm not worried about a good restore method > for now, I want to focus on keeping it simple and protecting my data. > This is the first time I've set up a real backup system and I'd love > to get some advice from you guys. I've got a few questions. > > 1. This is the first time I've used passwordless SSH keys. root on > each system being backed up logs into the remote desktop as a normal > user to store the backups. Is this pretty safe? I suppose if root is > compromised on any of the three systems being backed up (via physical > access or otherwise), the remote desktop will also be compromised as a > normal user. Maybe that normal user should be extraordinarily > unprivileged?
You can limit SSH access to only certain commands. On the remote desktop machine, you probably had to add an entry to the SSH authorized_keys file. You can prefix that line with the command that the user is allowed to run. For example (I use rdiff-backup too): command="/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding ssh-rsa <big_ugly_key> My uneducated guess is that this is safe unless there's a bug in rdiff-backup or ssh. > 2. backupninja can email reports. This works on my remote server > which runs postfix, but my laptop and desktop don't run an MTA. Is > there a simple one that would be well-suited to a purpose like this, > or do I need full-blown postfix on my laptop and desktop? Whatever I > choose, I'd also like to use it to send PORTAGE_ELOG messages from > those systems. Both ssmtp and nbsmtp work great for getting mail off your machine and to a real MTA. Just configure them with your account details (gmail or whatever). Create new account if you don't want to put your real details in a text file on every machine. > 3. On each system I back up /etc, /home/user/backup, > /var/lib/portage/world, and /usr/src/linux/.config along with anything > special from that system. Would anyone recommend I back up anything > else? Some of the hidden directories in /home/user might come in > handy, but I think I can rebuild those without too much trouble. Some programs stick stuff in /var/lib. The two most important that I know of are MySQL and PostgreSQL. I also back up all of /home and /root. > 4. I have 600GB of music and photos that I'd like to back up somehow, > but that is too much data to send to my remote desktop over my 20KB/s > upload. How would you handle this? I was thinking maybe two external > USB drives that I switch back and forth between being connected to the > desktop system and being stored in a fireproof/waterproof container > and hidden somewhere in my apartment to hopefully protect against > fire, flood, and theft. How often do you add new photos/music? You could make an initial trip with a big hard drive and copy everything that way. Then, the subsequent syncs would require a lot less traffic. > 5. Do I have enough redundancy with backups only being stored on one system? Depends on how important your stuff is. Ideally, you should rotate the physical media on your remote server and keep some copies off-site. That adds cost obviously; only you know whether or not it's worth it. > 6. Any ideas for backing up the remote desktop which is the system > where all the backups are stored? I can't back it up to my desktop or > laptop because I'm behind some kind of a shared IP address. I also > don't want to back it up to the remote server because that would > require SSH keys on the remote server and if the remote desktop is > compromised I don't want the remote server compromised along with it. If you really want to do it right, my recommendation would be to set up a separate machine with a swappable 2TB drive -- and buy a spare. Back up every other machine to it, and rotate the drive once a week or so. Keep the out-of-rotation drive at your house, office, or other safe place so a tyrannosaurus attack can't destroy all of the backups at once. If you locate the new machine close to your desktop/laptop, you can easily backup the photos and music to it too.
