Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 Aug 2009 18:23:37 +0200
From:      Matthias Apitz <guru@unixarea.de>
To:        Maxim Khitrov <mkhitrov@gmail.com>
Cc:        Free BSD Questions list <freebsd-questions@freebsd.org>
Subject:   Re: Continuous backup of critical system files
Message-ID:  <20090824162337.GA1899@current.Sisis.de>
In-Reply-To: <26ddd1750908240857gb2973b8h7bc06e0a92b82859@mail.gmail.com>
References:  <26ddd1750908240857gb2973b8h7bc06e0a92b82859@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
El día Monday, August 24, 2009 a las 11:57:25AM -0400, Maxim Khitrov escribió:

> Hello all,
> 
> I'm setting up a firewall using FreeBSD 7.2 and thought that it may
> not be a bad idea to have a continuous backup for important files like
> pf and dnsmasq configurations. By continuous I mean some script that
> would be triggered every few minutes from cron to automatically create
> a backup of any monitored file if it was modified. I also have a full
> system backup in place that is executed daily (dump/restore to a
> compact flash card), so the continuous backup would really be for
> times when someone makes a mistake editing one of the config files and
> needs to revert it to a previous state.
> 
> My initial thought was to create a mercurial repository at the file
> system root and exclude everything except for explicitly added files.
> I'd then run something like "hg commit -m `date`" from cron every 10
> minutes to record the changes automatically. Can anyone think of a
> better way to do this (existing port specifically for this purpose)?
> Obviously, I need a way to track the history of a file and revert to a
> previous state quickly. The storage of changes should be as
> size-efficient as possible.

Hello,

We run in my company since many years a FreeBSD based firwall. All
modified config files like, rc.conf, ipf.rules, ... have always
been on some internal host in CVS, only modified there and SCP'ed to
the firewall to make the change there active. After some hardware fault
I was once able to do a bare metal restore of the firewall within an hour,
just installed the base system and copied over the config from CVS.

	matthias

-- 
Matthias Apitz
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <guru@unixarea.de> - w http://www.unixarea.de/
People who hate Microsoft Windows use Linux but people who love UNIX use FreeBSD.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090824162337.GA1899>