[ale] Backup questions -- what to back up?

Alex Carver agcarver+ale at acarver.net
Mon Feb 29 15:49:49 EST 2016


On 2016-02-29 11:57, DJ-Pfulio wrote:
> For nominal, daily, automatic, backups, I do the selected areas and keep
> a list of packages (dumping any SQL DBs first).  In my testing of
> restores, servers are working again in less than 45min.  This is about
> the same amount of time having a bit-for-bit backup takes to restore for
> me, without the huge waste of storage.
> 
> There is an issue with this method - if the box was hacked, important
> information may not be included in the backups, so steps to mitigate the
> break-in may not be possible.  I've seen where /tmp/ was used for
> hacking scripts because the userid couldn't write anywhere else on the
> box.  I don't know anyone who backs up /tmp or /var/tmp.  Do you?  The
> scrips where after-the-break-in, but perhaps looking through them would
> have provided hints to the attacker?

I did run a backup on /tmp once for one system because it stored state
tables there for a running program.  The idea was to get back to the
same state if a restore had to happen or to revert a state if the
software went weird (it was control software for some lab hardware).

However, if it's info you need about hacking then remote logging should
be the first thing to get set up.  It's harder to wipe a log when it's
not located on the same machine.




More information about the Ale mailing list