You are not logged in.

#1 2022-06-13 17:55:05

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

rsync system backup drive always mounted...

Hi!

I'd like to know if it is good practice to backup the system on a secondary internal hard drive that is always plugged in and that gets mounted on boot.

my system is in a 500gb SSD and the backup 2tb internal hdd will have 2 partition:  500gb for quick rsync backups and the remaining space for monthly clonezilla images.

Is it okay leave the backup drive plugged in and let the system mount the backup partitions on boot?

i would backup with rsync (incremental) before installing a new kernel. and once a month ill make a clone image of the ssd with clonezilla.


exit: asking because it may or may not be bad practice and internal hard drives are cheaper than external too

Last edited by XxTriviumxX (2022-06-13 17:58:23)

Offline

#2 2022-06-13 18:12:55

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,048
Website

Re: rsync system backup drive always mounted...

Well, it is better than nothing. But it depends on your risk profile. Single disk failure? All good. House fire? Nope.

There is no good practice, you need to work out what scenarios you're trying to mitigate and act accordingly.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2022-06-13 18:22:38

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

thanks!  i was asking if it is good practice.. as a security aspect. like, is it secure to to so? does it leave my system vulnerable? no added risk of privilege escalation attacks?

Last edited by XxTriviumxX (2022-06-13 18:23:08)

Offline

#4 2022-06-13 18:26:01

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,048
Website

Re: rsync system backup drive always mounted...

No. If your system is pwned, so is that drive.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#5 2022-06-13 18:29:49

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

if i understand correctly, an external hard drive will be more secure just because its not permanently plugged in?

Last edited by XxTriviumxX (2022-06-13 18:32:51)

Offline

#6 2022-06-13 18:33:14

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,048
Website

Re: rsync system backup drive always mounted...

Only if it is unplugged...


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#7 2022-06-13 18:35:26

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

i'll cough up a  lil more $$ for an external drive then! thanks big_smile

Last edited by XxTriviumxX (2022-06-13 18:38:36)

Offline

#8 2022-06-13 19:02:42

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,334

Re: rsync system backup drive always mounted...

A power supply failure could kill everything that's plugged into the machine
Theft could result in both the computer and the external drive being stolen.

You need to figure out what risks you are trying to protect yourself from before deciding on an appropriate solution.


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#9 2022-06-13 19:09:39

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

the main reason i wanna backup my system on a second internal drive is to quickly roll back after breaking my system with an update. the important data is already on a cloud storage.  I'm simply asking if a hacker could, let's say, hack my system more easily just because i have my backups (done with rsync and clonezilla) on my second drive (which would be always plugged in). is that setup adding a new attack vector?

Last edited by XxTriviumxX (2022-06-13 19:13:17)

Offline

#10 2022-06-13 19:28:42

ayekat
Member
Registered: 2011-01-17
Posts: 1,516
Website

Re: rsync system backup drive always mounted...

Not if you encrypt the external storage.


{,META,RE}PKGBUILDSpacman-hacks (includes makemetapkg and remakepkg) │ dotfiles

Offline

#11 2022-06-14 14:22:48

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

yes but the live system has unencrypted files ... and i dont think rsync would work well with encryption...
for clonezilla however, its pretty easy to encrypt.. but i dont really know what kind of encryption it uses.


edit: if you can use rsync as an incremental full system backup, but encrypted, i'd like to hear how... Should be very interesting!


edit2: i use rsync to quickly backup before a risky update (kernel, sometimes pipewire updates creates issues, virtualbox, etc.) and use it to quickly restore my backup. Every backup is at the same directory since its faster than making a new backup from scratch

Last edited by XxTriviumxX (2022-06-14 15:06:14)

Offline

#12 2022-06-14 15:47:23

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 26,865
Website

Re: rsync system backup drive always mounted...

XxTriviumxX wrote:

I'm simply asking if a hacker could, let's say, hack my system more easily just because i have my backups... is that setup adding a new attack vector?

No, definitely not.

If such an attacker gets access to your machine, they'll also have access to your backups.  So they could trash your backups just as readily as they could trash your main drive.  But this in no way makes it easier for an attacker to get access in the first place.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#13 2022-06-14 15:51:15

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

Trilby wrote:
XxTriviumxX wrote:

I'm simply asking if a hacker could, let's say, hack my system more easily just because i have my backups... is that setup adding a new attack vector?

No, definitely not.

If such an attacker gets access to your machine, they'll also have access to your backups.  So they could trash your backups just as readily as they could trash your main drive.  But this in no way makes it easier for an attacker to get access in the first place.

there ya go! thanks!


edit: what about privilege escalating issues? are there any risks because i rsync in an internal drive? any security risks because i clonezilla my drive in an internal drive?  as i said, what is very valuable to me is outsourced and very secure.


edit2: it feels like im repeating myself but, im on my way to obtain the OSCP cert and did 2 boxes that leveraged rsync. didnt found a clonezilla related box yet.

Last edited by XxTriviumxX (2022-06-14 16:17:17)

Offline

#14 2022-06-14 16:48:06

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 26,865
Website

Re: rsync system backup drive always mounted...

If rsync is running as root, and if there is a software security vulnerability within rsync's code, then that is what it is - but this has absolutely nothing to do with whether the target drive is internal, external, local, remote, or on the moon ... or even if the destination drive is different from the source.  Rsync is a well maintained and thoroughly reviewed bit of software - so I'd be as confident in it's security as is reasonably practical, but CVEs are found in well-maintained software.  But again, any rsync vulnerability - if it exists - would depend only on rsync running.  The location of the target devices would not be relevant.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#15 2022-06-14 20:18:23

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

That pretty much answer my question! thanks everybody!

Offline

#16 2022-06-14 22:02:47

ayekat
Member
Registered: 2011-01-17
Posts: 1,516
Website

Re: rsync system backup drive always mounted...

XxTriviumxX wrote:

edit: if you can use rsync as an incremental full system backup, but encrypted, i'd like to hear how... Should be very interesting!

You may want to read into https://wiki.archlinux.org/title/Dm-crypt (in this particular case, https://wiki.archlinux.org/title/Dm-cry … ile_system).

Encrypt your block device, set up maybe a partition inside, and then create a filesystem.
For the regular backup, mount that filesystem somewhere and use rsync as usual.

This is what I do for my backups, and it allows me to keep around 2 or 3 external disks that I place in some remote locations, as off-site backups.

Last edited by ayekat (2022-06-14 22:04:09)


{,META,RE}PKGBUILDSpacman-hacks (includes makemetapkg and remakepkg) │ dotfiles

Offline

#17 2022-06-14 22:12:49

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

Added to my notes! thank!

I've got one major confusion about the wiki's rsync entry.

https://wiki.archlinux.org/title/Rsync# … tem_backup

For a full system backup, I use the following command:

sudo rsync -aAXH --delete --info=progress2 --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found","/swapfile"} / /path/to/backup

but.. the confusion is where the wiki says:

https://wiki.archlinux.org/title/Rsync#Restore_a_backup

"If you wish to restore a backup, use the same rsync command that was executed but with the source and destination reversed. "

so if i have something broken because of an update, does this mean i can just open a terminal and execute this command to restore my backup?


sudo rsync -aAXH --delete --info=progress2 --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found","/swapfile"} /path/to/backup /

i know the backup works on a live system, but what about restoration on a live system?

Last edited by XxTriviumxX (2022-06-14 22:14:26)

Offline

#18 2022-06-14 23:04:03

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,334

Re: rsync system backup drive always mounted...

This is slightly off-topic but how often are updates breaking your system?

I've been using this same Arch install for 15 years now and I've never had an update that has required me to roll-back my entire system to get back to a usable state.


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#19 2022-06-14 23:09:03

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

let just say.... that  i regretted upgrading pipewire and pipewire-pulse while not backup up my system beforehand. now my speakers pop when starting certain videos, or randomly. i wish my backup was not a month ago, but 1 hour ago. i have 2 choices: restore the old backup, or keep talking to myself here: https://bbs.archlinux.org/viewtopic.php … 8#p2040748 until a kind soul helps me out lollll

also virtualbox break up often sometimes a kernel upgrade.

Last edited by XxTriviumxX (2022-06-14 23:10:08)

Offline

#20 2022-06-14 23:20:06

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 26,865
Website

Re: rsync system backup drive always mounted...

I agree with Slithery's post above - backups are like air bags in a vehicle: you want to have them, but you really shouldn't be relying on them being deployed regularly.

But to answer the direct question, that command to restore the backup should work, though you can drop the "excludes" as it is irrelevant (those directories don't exist in your backup).  More relevant though is that this would rollback everything under your home directory too.  If an update breaks something, you probably don't want to roll back your personal files / documents / etc, just the system files, so you'd likely want to exclude /home from such an restore operation.

However, the above point comes full circle to Slithery's question: how has an update really totally broken your system resulting in it being completely unusable and beyond repair?  Perhaps some software is problematic after an update, but your priorities in this situation should be A) troubleshoot and fix the new version, B) rollback just that package if possible using your package cache, or if not in your cache, then from the cache in your backup drive, or from the archlinux archive if needed, C) rollback all packages, as in 'B' to avoid a partial downgrade for if the problematic package is impractical to downgrade on its own (similarly using the above listed cache sources), D) rollback your root filesystem to your backup, E) rollback your entire drive to your backup.

So you are asking about doing option 'E'.  Exluding /home from the backup would be D which is itself alread a nuclear option (so what is E... Death-Star option?)  How / why would A-C be insuffient?

EDIT: the above was cross posted with your last post.  If you have a problem with an update of pipewire, and can't troubleshoot it, restoring a backup of your full system would be ridiculous, regardless of whether the backup was from 1 month ago or 1 hour ago.  Downgrade pipewire and it's associated packages.  This will also help you narrow down exactly which package and which version resulted in your problem (and this information will lead to others providing better help to actually solve the underlying problem).  This, in fact, should be part of your diagnostics / testing prior to even posting a thread.  If something goes wrong after an upgrade, it's reasonable to suspect the upgrade as a cause, but suspecting and concluding are two very different things: test the hypothesis by downgrading to confirm the problem goes away, and then upgrading again to confirm it comes back (it's not a bad idea to repeat this more than once to minimize the chance of any other coincidence).  This should be a given, especially for someone working toward a certification in any IT field.

Last edited by Trilby (2022-06-14 23:26:34)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#21 2022-06-14 23:28:52

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

A) still waiting on that to happen (see my speaker issues i mentioned above) B)  i wish i knew how to do that with pipewire-pulse C) that looks useful too, wish i knew how to do it   D) makes a lot of sense E) okay, its a lil too much


for the rollback, yes i already read this... https://wiki.archlinux.org/title/downgrading_packages

still have no clue how to rollback and ignore a package update...

Offline

#22 2022-06-14 23:32:38

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

Trilby wrote:

EDIT: the above was cross posted with your last post.  If you have a problem with an update of pipewire, and can't troubleshoot it, restoring a backup of your full system would be ridiculous, regardless of whether the backup was from 1 month ago or 1 hour ago.  Downgrade pipewire and it's associated packages.  This will also help you narrow down exactly which package and which version resulted in your problem (and this information will lead to others providing better help to actually solve the underlying problem).  This, in fact, should be part of your diagnostics / testing prior to even posting a thread.  If something goes wrong after an upgrade, it's reasonable to suspect the upgrade as a cause, but suspecting and concluding are two very different things: test the hypothesis by downgrading to confirm the problem goes away, and then upgrading again to confirm it comes back (it's not a bad idea to repeat this more than once to minimize the chance of any other coincidence).  This should be a given, especially for someone working toward a certification in any IT field.

im sorry if you're angry at me

Last edited by XxTriviumxX (2022-06-14 23:32:55)

Offline

#23 2022-06-14 23:33:50

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 26,865
Website

Re: rsync system backup drive always mounted...

C: how to do it

Ignore package: how to do it (see also, `man pacman`).

Truly no offense intended - but there simply is no way to sugar coat this: you said you were working toward an OSCP certification?  Do you think that's realistic if you need to be directed to the wiki and man page for these sorts of questions?

XxTriviumxX wrote:

im sorry if you're angry at me

I'm not.  Have you seen my post history, I'm not known for subtlty.  If there was any anger I'd either completely ignore you assuming you weren't worth the time in responding to (if I was calm and rational) or I'd be cussing you out and calling you horrible names (if less calm).  Here I am attempting to just highlight points of how you can improve your odds of getting support in a tech forum, or now improving your odds of earning an IT certification.

Last edited by Trilby (2022-06-14 23:38:01)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#24 2022-06-14 23:39:10

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

disregard this reply

Last edited by XxTriviumxX (2022-06-14 23:40:19)

Offline

#25 2022-06-15 00:18:37

XxTriviumxX
Member
Registered: 2022-03-21
Posts: 28

Re: rsync system backup drive always mounted...

The information you gave me was very valuable. It really did populate my notes in positive way! I now know that pipewire and pipewire-pulse was the culprit as the popping sound disappeared after rolling back. Currently writing up an issue on pipewire's gitlab repo. Thanks! smile

Offline

Board footer

Powered by FluxBB