txt.si/blog

My simple backup solution

Content on this page is probably outdated and represents my personal knowledge, feelings and understading of things at that time .

Recently I had to rethink my backup strategy for my servers. This is what I came up with:
- Duplicity for the actual backup
- mysqldump for dumping the databases
- ProFTPD on the other side for receiving the updates
- cron to glue this together
- cronic for useful/meaningful mailings

The backup solution is quite simple, but I think it’s enough for me. Basicly the script for backing up consists of:
1. mysqldump command, that uses a read only user for dumping all the databases
2. duplicity that generates the incremental updates of:
* /etc
* /var/www
* /usr/src/linux/.config
3. uploads that updates to a ProFTPD setup that limits the user to only adding files (that user cannot create directories, overwrite files or delete them). This protects us in case of a malicious attack on one of our boxes.
ProFTPD config for that part looks like:


<Directory /our/backup/directory>
AllowOverwrite off
<Limit MKD XMKD RNFR RNTO DELE RMD XRMD>
DenyAll
</Limit>
</Directory>

This script is ran every night and wrapped in cronic script for more meaningful mailings.