UNIX Computing Security/Data security

From Wikibooks, open books for an open world
Jump to navigation Jump to search

Suggested topics: backups to media, recovery, encryption and disaster recovery.

Backup is very essential in an environment where your data is precious, and that to a subset of data for almost any computer user, when planning for a backup system, there are some questions you need to answer:

  • What do i want to back up?
  • How often do I want to back up?
  • Where to save the backup?
  • How long do I need the backup?
  • How long does it take to get the backup to replace a damaged system after a disaster?
  • What's the format I want my backup to be in?
  • How to back up?
  • How to minimize backup time when doing frequent backups?
  • How to verify the integrity and accuracy of my backups?

If you are designing your system in a way to make it easy to back up, you could take in consideration selecting a filing system that supports useful features, such as snapshots, XFS support, and ufs2 for (free?) BSD, LVM on Linux has nice snapshot features too.

backup tools[edit | edit source]

backup tools can be devided according to what they backup, file/directory backup tools, disk backup tools and data backup tools (database dumps for example)

UNIX systems provide many tools that help in backing up files, most commonly known is the tar command which allows creating archives and preserver ownership/time-date/permessions on the files being archived. those tar archives can also easily be compressed, using gzip for example.

another tool to backup is "dump" and "restore", which dumps entire filing systems and treats it as a collection of disk blocks, can be configured in /etc/fstab

  • cpio
  • tar(Guide_to_Unix/Commands/File_Compression#tar):
    • tar puts multiple files and directories in one archive, note that tar actually stands for Tape Archive, so it inherents a lot from the ar command (archive), tar can compress archives too, some of the options that can be passed to tar are:
      • c : create archive
      • x : extract archive
      • t : list
      • z : work with gz compression to create compressed archives or extract compressed archives or list the content.
      • v : operate verbosely (print out what files were progressed)
      • f file: to specify the file name you are dealing with.
  • rdiff

remote backup[edit | edit source]

  • rsync
  • tar to remote machine:
    • tar czf uwe@remotehost:/path/remote localpath
  • tar over ssh tunneling
example
tar czf - someDir | ssh user@domain tar -C somDirToExtractTo xzf -

open source backup systems[edit | edit source]

disaster recovery tool[edit | edit source]

  • mondo

data base backup[edit | edit source]

A fine idea that can be used for database backup is based on a combination of volume snapshots and table locking, the idea is that to keep you database consistent and minimize the time you lock the tables, you can do the following:

  1. lock the tables
  2. take a volume snapshot (very short time)
  3. unlock the tables
  4. read the tables with an appropriate tool from the volume snapshot

Continuous Data Protection (CDP) and Near-CDP[edit | edit source]

  • Near CDP is basically snapshot and replication.
  • CDP is a little different, when RPO is very little, as little as few seconds, then CDP is needed.

hardware involved in backup solutions[edit | edit source]

  • NAS
  • SAN
  • Tape

further reading[edit | edit source]

external links[edit | edit source]