Continuous backup of critical system files

chris scott kraduk at googlemail.com
Mon Aug 24 16:25:36 UTC 2009 

2009/8/24 chris scott <kraduk at googlemail.com>

>
>
> 2009/8/24 Maxim Khitrov <mkhitrov at gmail.com>
>
> Hello all,
>>
>> I'm setting up a firewall using FreeBSD 7.2 and thought that it may
>> not be a bad idea to have a continuous backup for important files like
>> pf and dnsmasq configurations. By continuous I mean some script that
>> would be triggered every few minutes from cron to automatically create
>> a backup of any monitored file if it was modified. I also have a full
>> system backup in place that is executed daily (dump/restore to a
>> compact flash card), so the continuous backup would really be for
>> times when someone makes a mistake editing one of the config files and
>> needs to revert it to a previous state.
>>
>> My initial thought was to create a mercurial repository at the file
>> system root and exclude everything except for explicitly added files.
>> I'd then run something like "hg commit -m `date`" from cron every 10
>> minutes to record the changes automatically. Can anyone think of a
>> better way to do this (existing port specifically for this purpose)?
>> Obviously, I need a way to track the history of a file and revert to a
>> previous state quickly. The storage of changes should be as
>> size-efficient as possible.
>>
>> - Max
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>>
>
> I rsync all my system files to a filer running zfs. I have a separate zfs
> fs for every host and then I snapshot the fs after the rsync. We then keep
> 35 snapshots for retention as we do daily rsyncs.
>
>
> You might want more of a rolling snapshot policy. Keep on for every 10 mins
> of the last hour, then drop it to hourly for the next 6 hours, then daily,
> then weekly etc
>
> Works quite well. We have also found it  handy for forensics as well, when
> we have had a fault
>

i forgot to say it need not be a zfs backend just a fs that you can reliably
do snapshots

More information about the freebsd-questions mailing list