Complete server backup
I've got a Server running on Linux and I make a complete backup of it on my local machine each night (with rsync -av --delete). Can a complete upload of my backup resolve any kind of problems? (like a new user added by a hacker, or .conf files modified...) In case of .conf files modified will I have to restart the service using it?
P.S. Hope my english is not too bad...
an rsync simply overwrite any existing data on your "backup" server. Lets say a backdoor is added at 5pm, and rsync is executed at ... erm 12am, but you discovered the break-in on the next day, 8am. That means, your backup is corrupted as well...
a "complete upload of your backup" is only useful when your user request for a restoration or something, or your main server is out of business. Hackers will do anything you can never imagine if they manage to break into your server. Keep your server updated with the latest patch as closely as possible, or firewall it properly if it's a real-time production server, and safe-guard it against physical access to unauthorized personnel.
hmm.... my english....
When you create the server, do an image on it. That way it's much easier to restore after a catastrophic failure. Each major upgrade would be imaged as well.
As for your regular backups, I'd most likely do data backups. Frequency is up to you, but daily is my preference on a production box. Once a week, I tend to do another full image as well.
Now, being the paranoid #@$)(*& that I tend to be with production boxes, I keep at least 2 months of backups and images. That way if something DOES go wrong, and a complete restore is needed, I have a choice of images to use. And if it's a case of the box being compromised, and if it can be determined when the compromise happened, you select the image created prior to the incident. Otherwise you select the original image created when you first brought the box on line and start all over. :)
When I do a backup of the server, I use the -b and --backupdir=.... options, so if I backuped a corrupted image, I can restore the previous one... no? Also I planned to use Tripwire to monitor changes on my server. If a change occured in my "sensible" paths, I can tell rsync not to backup...
Anyway, thanks for your responses!