backupduplicity

How to protect Duplicity backups


I use Duplicity for backing up my hosting account to remote server using WebDav. Schedule is daily incremental, monthly full.

I want to also protect backups against hosting hack, so I have to be sure that server (where is Duplicity) can not destrol backups on remote server.

Is there recommended solution for protecting backups?

If not I thinked up about to make script on remote server, what will make backups read-only after they were uploaded. (And eventually it also delete backups older than x months.)

I can make this script, but I am not sure what files can be protected safely. If I chmod o-w all files periodically, will backups continue next day? Or Duplicity needs to write to yet uploaded files? How to determine what files will Duplicity need to change and what not?

How can I delete old backups and not break something?


Solution

  • I use Duplicity for backing up my hosting account to remote server using WebDav. Schedule is daily incremental, monthly full.

    I want to also protect backups against hosting hack, so I have to be sure that server (where is Duplicity) can not destrol backups on remote server.

    That is not what duplicity is designed for. Its key feature is encryption to protect your backups on possibly insecure backends.

    If you machine is hacked, your main problem is probably not backup destruction but silently backing up malicious code uploaded by the attacker.

    Is there recommended solution for protecting backups?

    Not to my knowledge. A second repository where you rsync to using --link-dest or dirvish to achieve a snapshot style backup of your backups. This way an attacker could modify/corrupt your old backups but you'd still have the proper files. But the issue then would still be to find out from which point in time your backups start to be soiled.

    If not I thinked up about to make script on remote server, what will make backups read-only after they were uploaded. (And eventually it also delete backups older than x months.)

    should work as long as the last duplicity run was successful. the only time duplicity overwrites something on the backend is when it resumes an interrupted backup.

    I can make this script, but I am not sure what files can be protected safely. If I chmod o-w all files periodically, will backups continue next day? Or Duplicity needs to write to yet uploaded files? How to determine what files will Duplicity need to change and what not?

    See my previous answer.

    How can I delete old backups and not break something?

    Use duplicity's purge commands. You could run it on your webdav machine as a user that still has write access to the repo.

    Have fun.. ede/duply.net