From owner-freebsd-questions@FreeBSD.ORG Mon Aug 24 18:06:41 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5FE55106568F for ; Mon, 24 Aug 2009 18:06:41 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from mail.locolomo.org (97.pool85-48-194.static.orange.es [85.48.194.97]) by mx1.freebsd.org (Postfix) with ESMTP id 706928FC14 for ; Mon, 24 Aug 2009 18:06:40 +0000 (UTC) Received: from beta.1-16-172-dyn.locolomo.org (beta.1-16-172-dyn.locolomo.org [172.16.1.127]) by mail.locolomo.org (Postfix) with ESMTPSA id D10E01C1A67; Mon, 24 Aug 2009 20:06:35 +0200 (CEST) Message-ID: <4A92D6AA.9090908@locolomo.org> Date: Mon, 24 Aug 2009 20:06:34 +0200 From: Erik Norgaard User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Maxim Khitrov References: <26ddd1750908240857gb2973b8h7bc06e0a92b82859@mail.gmail.com> In-Reply-To: <26ddd1750908240857gb2973b8h7bc06e0a92b82859@mail.gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: Free BSD Questions list Subject: Re: Continuous backup of critical system files X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2009 18:06:41 -0000 Maxim Khitrov wrote: > I'm setting up a firewall using FreeBSD 7.2 and thought that it may > not be a bad idea to have a continuous backup for important files like > pf and dnsmasq configurations. By continuous I mean some script that > would be triggered every few minutes from cron to automatically create > a backup of any monitored file if it was modified. ... > so the continuous backup would really be for times when someone makes > a mistake editing one of the config files and needs to revert it to > a previous state. It appears to me that you review your procedures rather than deploying such a backup solution. Critical files rarely change (or should rarely be modified), there should be no need to backup every 10 minutes. The more critical the file and the change applied the more testing should be done beforehand and the more care should be taken during the process to ensure that the original can easily be reinstated. You don't want to spend time digging it up from some backup. If your files are very critical then you should have a cvs repository in place as well as a testing environment. I guess this is not the case. If they are less critical then good practices are the way to go: Before modifying anything create a backup in the same location, I add a serial number rather than .bak, .old, .tmp, .new etc which is really confusing. I use, .YYYYMMDDXX, and .orig for the original/default file. It's easy to see when a file was modified and make diffs with the original and also delete old backups this way, with ".old" you really have no continuity, you can't name your next backup ".older". Further, for small tweaks, I comment/uncomment parameters and apply these for fast testing from another session, so I don't even exit the editor. Certainly, I may save and test the file multiple times while tweaking, but in the end, there are only two files worth keeping: the last stable and the current. Of course, I'm not saying it's a bad idea to keep backups, only that if you find a need to continuously backup files as mentioned, then you should review your procedures. See also the current thread on "what should be backed up". BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org