Continuous backup of critical system files
Erik Norgaard
norgaard at locolomo.org
Mon Aug 24 18:06:41 UTC 2009
Maxim Khitrov wrote:
> I'm setting up a firewall using FreeBSD 7.2 and thought that it may
> not be a bad idea to have a continuous backup for important files like
> pf and dnsmasq configurations. By continuous I mean some script that
> would be triggered every few minutes from cron to automatically create
> a backup of any monitored file if it was modified.
...
> so the continuous backup would really be for times when someone makes
> a mistake editing one of the config files and needs to revert it to
> a previous state.
It appears to me that you review your procedures rather than deploying
such a backup solution. Critical files rarely change (or should rarely
be modified), there should be no need to backup every 10 minutes.
The more critical the file and the change applied the more testing
should be done beforehand and the more care should be taken during the
process to ensure that the original can easily be reinstated. You don't
want to spend time digging it up from some backup. If your files are
very critical then you should have a cvs repository in place as well as
a testing environment. I guess this is not the case.
If they are less critical then good practices are the way to go: Before
modifying anything create a backup in the same location, I add a serial
number rather than .bak, .old, .tmp, .new etc which is really confusing.
I use, .YYYYMMDDXX, and .orig for the original/default file. It's easy
to see when a file was modified and make diffs with the original and
also delete old backups this way, with ".old" you really have no
continuity, you can't name your next backup ".older".
Further, for small tweaks, I comment/uncomment parameters and apply
these for fast testing from another session, so I don't even exit the
editor. Certainly, I may save and test the file multiple times while
tweaking, but in the end, there are only two files worth keeping: the
last stable and the current.
Of course, I'm not saying it's a bad idea to keep backups, only that if
you find a need to continuously backup files as mentioned, then you
should review your procedures.
See also the current thread on "what should be backed up".
BR, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
More information about the freebsd-questions
mailing list