UNIX Computing Security/Data security

From Wikibooks, open books for an open world
< UNIX Computing Security
Jump to: navigation, search

Suggested topics: backups to media, recovery, encryption and disaster recovery.

Backup is very essential in an environment where your data is precious, and that to a subset of data for almost any computer user, when planning for a backup system, there are some questions you need to answer:

  • What do i want to backup?
  • How often do i want to backup?
  • Where to save the backup?
  • How long do i need the backup?
  • How long does it take to get the backup replace a damaged system after a disaster?
  • Whats the format i want to my backup to be in?
  • How to backup ?
  • How to minimize backup time when doing frequent backups?
  • How to verify the integrity and accuracy of my backups?

if you are desinging your system in a way to make it easy to backup, you could take in consideration selecting a filing system that supports usefull features, such as snapshots, XFS support, and ufs2 for (free?)bsd, LVM on linux has nice snapshot features too.

backup tools[edit]

backup tools can be devided according to what they backup, file/directory backup tools, disk backup tools and data backup tools (database dumps for example)

UNIX systems provide many tools that help in backing up files, most commonly known is the tar command which allows creating archives and preserver ownership/time-date/permessions on the files being archived. those tar archives can also easily be compressed, using gzip for example.

another tool to backup is "dump" and "restore", which dumps entire filing systems and treats it as a collection of disk blocks, can be configured in /etc/fstab

  • cpio
  • tar(Guide_to_Unix/Commands/File_Compression#tar):
    • tar puts multiple files and directories in one archive, note that tar actually stands for Tape Archive, so it inherents a lot from the ar command (archive), tar can compress archives too, some of the options that can be passed to tar are:
      • c : create archive
      • x : extract archive
      • t : list
      • z : work with gz compression to create compressed archives or extract compressed archives or list the content.
      • v : operate verbosily (print out what files were progressed)
      • f file: to specify the file name you are dealing with.
  • rdiff

remote backup[edit]

  • rsync
  • tar to remote machine:
    • tar czf uwe@remotehost:/path/remote localpath
  • tar over ssh tunneling
example
tar czf - someDir | ssh user@domain tar -C somDirToExtractTo xzf -

open source backup systems[edit]

disaster recovery tool[edit]

  • mondo

data base backup[edit]

A fine idea that can be used for database backup is based on a combination of volume snapshots and table locking, the idea is that to keep you database consistent and minimize the time you lock the tables, you can do the following:

  1. lock the tables
  2. take a volume snapshot (very short time)
  3. unlock the tables
  4. read the tables with an appropriate tool from the volume snapshot

Continuous Data Protection (CDP) and Near-CDP[edit]

  • Near CDP is basically snapshot and replication.
  • CDP is a little diffrent, when RPO is very little, as little as few seconds, then CDP is needed.

hardware involved in backup solutions[edit]

  • NAS
  • SAN
  • Tape

further reading[edit]

external links[edit]