Re: backing up a complete Debian GNU/Linux system

To: debian-user@lists.debian.org
Subject: Re: backing up a complete Debian GNU/Linux system
From: glhenni@cs.sandia.gov (Gary L. Hennigan)
Date: 04 Aug 1999 09:28:21 -0600
Message-id: <[🔎] sa7pv13mup6.fsf@chtorr.cs.sandia.gov>
In-reply-to: David Wright's message of "Wed, 4 Aug 1999 14:43:12 +0100"
References: <[🔎] Pine.LNX.3.96.990803163126.22740H-100000@calvin.captech.com> <[🔎] sa7so60ml38.fsf@chtorr.cs.sandia.gov> <19990804144311.E9263@tyne.>

David Wright <d.wright@open.ac.uk> writes:
> Quoting Gary L. Hennigan (glhenni@cs.sandia.gov):
> > I guess I don't see the logic here. If one of the binaries on your
> > backup has a Trojan that, presumably, means that before you did the
> > backup you were running a system that had a Trojan. I would assume at
> > that point the damage has already been done.
> 
> Logically, that doesn't follow. The trojan may not yet have been
> run.

You're going in circles here with maybe's and what ifs. I still
believe that the chances are so minimal of any Unix system getting a
Trojan that if you have the backup media it's easier to just restore
from a backup than to reinstall from scratch.

> > Besides, assuming someone 
> > slipped a Trojan onto your system in the first place, restoring all
> > your config files as they existed prior to the backup would allow them 
> > to just log in and introduce it again. 
> 
> Again, logically, that doesn't follow. The trojan may have been installed
> before the config files were altered. For example, one might have decided
> to tighten up security in the wake of a break-in (detected or undetected)
> or simply changed the passwords.

Or perhaps one decided to loosen security and it slipped in
afterward? It's just not worth the hassle. I've done several restores
from full backups and I've done reinstalls on a working system. Unless 
you're running a "high risk" system, which I'd classify as a loosely
adminstered system sitting on the open network, it's MUCH more work to 
reinstall than it is to just restore from a full backup.

> > The only chance I see of defeating a Trojan is detecting it and
> > defeating the method used to introduce it in the first place. Also,
> > the fact that such Trojans are so rare on Unix and Unix-like systems
> > would make it a minor concern for me.
> > 
> > Anyway, it's standard practice in large installations to back up
> > practically everything for a level 0 backup, excluding things like
> > /tmp, /dev (sometimes) and /proc.
> 
> There may be a historical reason for this. A large unix installation
> is likely to have gathered its software from all sorts of sources
> on all sorts of disparate media, and have put a lot of administrative
> sweat into compiling and installing it all. So it makes sense to
> backup the *result* of all that work.

You're talking to just about the definition of "historical". I've been
doing system admin for about 10 years now and I ALWAYS knew exactly
what was on the systems I administered (at least on the non-user
partitions). Oh, I couldn't say down to the file what was there, but I
could, without any hesitation, tell you which partitions held only
system files and which held files installed locally from a non-System
vendor. And generally, for at least the last 5 years or so, every
major Unix version has come with a package management system of some
sort.

Even so, I always did full system backups, including all the binaries
that were probably on installation media somewhere. I've been lucky
enough to be at organizations that didn't skimp on the backup media so
it was never an issue, and we ALWAYS backed up everything. Doing
restores of full backups doesn't involve checking lists to see what
needs to be reinstalled, worrying about a configuration file that've
changed, patches to the OS that have come along, etc. Believe me, in
general, it's easier to do a restore.

By the way, in all those 10 years I've seen exactly ONE system
intrusion. And it was under the circumstances I described above, a
loosely adminstered system sitting on the open network.

> OTOH every file on this system I'm typing on is sitting on one jaz
> drive. The binaries and kernel-images are all in their .deb files;
> the rescue/drivers disks are as disk images together with base*.tgz;
> then there are all the configured /etc and /var files in zipfiles
> for possible restoration, and copies of /etc and /var plus a non-root
> recursive snapshot of /proc/[a-z]* for perusal. /home is split by
> user as there are so few.

I'm not saying it's a requirement to back up you're entire system. I'm
happy that you have a scheme that you're comfortable with. I AM saying
that backing up an entire system is far from a worthless pursuit. If
you have the money for the backup device/media it's a time saver.

> The very idea of all one's system software in a set of homogeneous
> .deb files is probably foreign to most unix administrators.

Only those with "home brew" systems. In institutional settings it's
also a matter of wasted time. Why fight with a whole installation
procedure when you can simply do:

restore /dev/tape /

Certainly Debian, and most modern Unix systems, would be easier to
install from scratch, but not as easy as a one line command to restore 
from a backup.

Gary

Reply to:

Follow-Ups:
- Re: backing up a complete Debian GNU/Linux system
  - From: Peter S Galbraith <GalbraithP@dfo-mpo.gc.ca>

References:
- Re: backing up a complete Debian GNU/Linux system
  - From: George Bonser <grep@shorelink.com>
- Re: backing up a complete Debian GNU/Linux system
  - From: glhenni@cs.sandia.gov (Gary L. Hennigan)
- Re: backing up a complete Debian GNU/Linux system
  - From: David Wright <d.wright@open.ac.uk>

Prev by Date: SCSI cable question
Next by Date: Re: SCSI cable question
Previous by thread: Re: backing up a complete Debian GNU/Linux system
Next by thread: Re: backing up a complete Debian GNU/Linux system
Index(es):
- Date
- Thread