Re: Guide(s?) to backup philosophies
On Fri, Mar 17, 2017 at 4:31 AM, Dan Purgert <dan@djph.net> wrote:
> David Christensen wrote:
>> On 03/13/2017 05:38 AM, Dan Purgert wrote:
>>> Currently, the system here is
>>>
>>> - every PC has a cronjob backing up $HOME to a central "server" (read -
>>> repurposed PC with decent WD drives), just an rsync script that runs
>>> daily.
>>
>> Don't forget security:
>>
>> 1. With a "push" arrangement (e.g. each workstation backs up itself to
>> the server) -- if a workstation gets compromised, the backups are at risk.
>>
>> 2. With a "pull" arrangement (e.g. the server backs up all the
>> workstations) -- if a workstation gets compromised, the backups should
>> be safe (and might have clues about the intrusion). Additionally, the
>> backup server can be completely firewalled (e.g. no open ports).
>
> Since the PCs are laptops, they're not always here, so I was never able
> to figure out how to get pull to work with the condition that we were on
> vacation (or the laptops were otherwise "not home").
Amanda and tape, but hopefully useful with other programs
Amanda's hard core pull -- there's a server on the LAN that does all
the LAN and DMZ backing up. Part of Amanda's configuration is a list
of things around the network to back up. To deal with wandering
laptops, I have a shell script that looks around to find out what's
there and creates a modified version of that list just before Amanda
runs. Anything that doesn't respond to a ping doesn't get backed up.
--
Glenn English
Reply to: