[sf-lug] Backups and such (was Re: South African Linux sites experiencing Ransomware attacks.)

Thu Sep 12 15:33:41 PDT 2019

Rick Moen writes:
[I'm skipping Rick's sensible comments on the ransomware article,
and moving on to other stuff in the message.]

> Quoting Steve Litt via Tech (tech at golug.org):
> Also, as a reminder, there are two maintained and quite-good existing
> tools to check for artefacts of security compromise, chkrootkit and
> rkhunter.  (A 'rootkit', whose artefacts the tools search for, is a

I run chkrootkit now and then, but have never run rkhunter. Is it
worth having and running rkhunter as well, or is either one sufficient?

> > I've been making off-system and offsite backups only twice a year,
> > clearly not enough. Most of the reason is that it's still murder to
> > burn data, especially encrypted data, to blu-ray.

Eek -- is blu-ray known to be longer lived than other optical media?
I lost a bunch of photos many years ago that I'd deleted from my
hard drive because I'd archived on multiple CDs, only to learn
that none of my less-than-three-years-old CD archives would read.
I no longer trust optical media for backups. Even aside from being
slow and a hassle to burn.

> One alternative is to do backup to a number of USB-connectable external
> hard drives, used in rotational fashion.

That's what I do.  Currently all spinning disks because they've been
so much cheaper, but SSD prices have come down a lot, and recent
research into drive longevity suggests that factors likely to cut
SSD longevity (like temperature) are different from those that can
cut spinning disk longevity (like magnetic fields), so I'm planning
to add at least one SSD to the rotation.

> > I think what I'll do is buy between 2 and 4 256GB thumb drives for
> > about $20/apiece. On each one,
> 
> My gut-reaction is that that's slow media compared to external hard
> drives, and much wwwwmore expensive per gig.

I don't use thumb drives for general backup, for the two reasons
Rick gave (plus I don't trust them to last as long as a "real"
drive; I have no data on thumb drive longevity but I've had lots of
SD cards fail, and aren't they the same technology?) But I recently
got a large thumb drive to take on trips as a backup for photos and
other files I don't want to be without, like presentations and websites.

> > These will be partial backups,  and won't contain my /boot tree, which
> > has millions of old kernels and initramfses. I'll use Kevin Korb's
> > methodologies with hardlinks to have the best of both worlds:
> > incremental without huge amounts of redundancy.

I just back up my homedir. For system files that are a pain to
regenerate but don't change often, like /etc/fstab or /etc/apache2,
I have a script that I run occasionally to back those up to a
directory under my homedir so they'll get backed up too. (Something
like etckeeper might be a similar but better solution.)

That means that if I lose a disk, I'll have the minor hassle of
doing a new Linux install and then installing all the additional
packages I use, but I'd probably want to do that on a new disk anyway.

> > The one thing I'm still missing is out-of-region backup.

I have a safe deposit box at my bank, and every few months I swap
my current backup drive for the one at the bank. You can fit quite
a few backup drives in the smallest size safe deposit box.
Admittedly it's not out-of-region, but at least it's offsite
and somewhat protected.

        ...Akkana