[lug] Backup

Daniel Webb lists at danielwebb.us
Tue Dec 20 17:52:39 MST 2005 

On Tue, Dec 20, 2005 at 02:43:29PM -0700, Siegfried Heintze wrote:

> I would like to see of discussion of RAID for home office systems. After
> discussing my home office software consulting needs with some local
> retailers, they talked me out of RAID because RAID only protects against
> hardware failures and not hackers. I was hacked approx 18 months ago and it
> was mighty painful rebuilding my disk -- even with backups.

They are right: it only does one thing, and that's protect against a single
drive failing, and I don't know enough about it to know if it covers all
possible scenarios of a single drive failing (I doubt it).

However, in the 19 years I've been using PCs, I have been hacked once (that I
know about), and had probably a dozen hard drives fail.  Based on that I'd say
they gave you bad advice.

> So now I have two identical disks that could be joined as a RAID set but are
> not. Once a week or once a month (depending on how much I've used the
> system) I power down the system, connect the twin drive (which is normally
> powered down), boot up linux, type "telinit 1" and "cp /dev/sda1 /dev/sda2"
> (or something similar, I don't have my notes handy).

Ugh.  What a hassle.  Buy a USB drive enclosure for $40 and do what I describe
on my web page or something similar.  Find a friend or buy hosting and send
rdiff-backups off-site.

> (1) So if you are using RAID 1, can I infer that you believe the threat of
> hardware failure is greater than that of hackers or viruses or other
> destructive software (like accidentally typing fdisk)?

I guess it's user-dependent ;0

In my case, dumb things like 'rm -rf' from the wrong directory are 4x more
likely than getting hacked, but still less likely than drive failure.

> (2) I was told it is not effective to have half a RAID1 set powered down 99%
> of the time (which is what I wanted to do so no hacker could access my
> backup). Is this true?
 
My way of creating hacker-resistant backups:

I didn't specify this on my site, but an additional step I take is to softlink
to a separate partition, directories I have changed from the Debian install.
For example, /etc/exim4 is softlinked to /home/ha-dirs/exim4.  

Then I just need to backup the results of "dpkg --get-selections '*'" and the
/home/ha-partition.  This has two main benefits: it is much much smaller than
/, if I get hacked the recovery is less painful (just reinstall Debian,
manually verify that the /home/ha-dirs partition doesn't have nefarious things
on it, set that partition noexec, and go).  The downside is creating the
symlinks, I have that automated, but the scripts aren't fit for public
consumption.  I started doing this when I had a very small drbd network RAID
and didn't have enough room for /.  I liked it so much that I kept doing it
even after I switched to normal Linux RAID-1.

More information about the LUG mailing list