Continuous backup of critical system files
Modulok
modulok at gmail.com
Tue Aug 25 15:02:43 UTC 2009
> I'm setting up a firewall using FreeBSD 7.2 and thought that it may
> not be a bad idea to have a continuous backup for important files like
> pf and dnsmasq configurations. By continuous I mean some script that
> would be triggered every few minutes from cron to automatically create
> a backup of any monitored file if it was modified. I also have a full
> system backup in place that is executed daily (dump/restore to a
> compact flash card), so the continuous backup would really be for
> times when someone makes a mistake editing one of the config files and
> needs to revert it to a previous state.
>
> My initial thought was to create a mercurial repository at the file
> system root and exclude everything except for explicitly added files.
> I'd then run something like "hg commit -m `date`" from cron every 10
> minutes to record the changes automatically. Can anyone think of a
> better way to do this (existing port specifically for this purpose)?
> Obviously, I need a way to track the history of a file and revert to a
> previous state quickly. The storage of changes should be as
> size-efficient as possible.
>
Look into 'rsync', available in the ports collection.
Generally for a basic server, you make backup copies manually before
you edit something. It's a good habbit to get into:
# Make a quick backup:
cp rules.pf rules.pf.orig
# Then edit the original:
nano rules.pf
If you're doing some major messing around and don't like the manual
backup solution, look into 'subversion', in the ports collection. It
is a full-featured revision control system. It's used by most
developers (including the FreeBSD team.) You could setup a subversion
repository to store all of your config files. Make changes to them and
committ those changes back to the repository. Then if you make a bunch
of changes you don't like, simply checkout a previous revision. Its a
bit more work to setup, but if you're doing a lot of frequent
tinkering it might be worth it.
For general backups I use rsync on a dedicated backup server. This way
if I have to quickly restore something I can simply scp it back to the
production server in seconds. rsync is fast (after the initial backup)
as it only transvers the deltas (changes) in files. It automatically
sorts out who has changed and who needs backed up. You could configure
a cron job to run an rsync script every few minutes if you wanted.
That script could also contain a command to generate an incremental
copy of the entire backup directory using the -l (lowercase ell) flag.
This generates a hard-linked copy, which consumes no real additional
space. You can read all about it here:
http://www.sanitarium.net/golug/rsync_backups.html
Whatever you decide, best of luck!
-Modulok-
More information about the freebsd-questions
mailing list