From owner-freebsd-questions@FreeBSD.ORG Tue Aug 25 15:02:43 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A1BD106568E for ; Tue, 25 Aug 2009 15:02:43 +0000 (UTC) (envelope-from modulok@gmail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.24]) by mx1.freebsd.org (Postfix) with ESMTP id 15F6F8FC22 for ; Tue, 25 Aug 2009 15:02:42 +0000 (UTC) Received: by ey-out-2122.google.com with SMTP id 4so699166eyf.9 for ; Tue, 25 Aug 2009 08:02:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=CdJEgG3Bvri2sOrE5rumpagA57msDfuwoZRKcscU50M=; b=U/k27Gng6qOG37npbn1GQKP31dnwS1JcpVPaEZsLVvTHQb7eVqPJJhSXnBBmnZOaY4 v+zKNRIE88/Pw1rZVA6FHZDvhYJYYaLTUfnZemNmRgOjnedalaAyfhed8CBrHvbgyNzx VswY4u7QGnp7rav+q7BYn4WFxEI+T4i2f1xg8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=sDDRt5KBM4Ev8QPJKOqC1FQHspdNCk2DDy031lh6P2xl2xYZ4wL6ITOEoxLmeCm1Ae zi5klF32CWdWq5Pju5ZDwjCXZn4aXxwokZGmigTmyXUsQEtdiFUzdC8j70iSdvZqA4e7 fdx5V+RplNEetbBxkRrsi7nwfGrQ2xY9QvvDg= MIME-Version: 1.0 Received: by 10.211.180.6 with SMTP id h6mr5871274ebp.39.1251212562214; Tue, 25 Aug 2009 08:02:42 -0700 (PDT) In-Reply-To: <26ddd1750908240857gb2973b8h7bc06e0a92b82859@mail.gmail.com> References: <26ddd1750908240857gb2973b8h7bc06e0a92b82859@mail.gmail.com> Date: Tue, 25 Aug 2009 09:02:41 -0600 Message-ID: <64c038660908250802h24561f8ena89c2c36c0c09a68@mail.gmail.com> From: Modulok To: Maxim Khitrov Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Free BSD Questions list Subject: Re: Continuous backup of critical system files X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2009 15:02:43 -0000 > I'm setting up a firewall using FreeBSD 7.2 and thought that it may > not be a bad idea to have a continuous backup for important files like > pf and dnsmasq configurations. By continuous I mean some script that > would be triggered every few minutes from cron to automatically create > a backup of any monitored file if it was modified. I also have a full > system backup in place that is executed daily (dump/restore to a > compact flash card), so the continuous backup would really be for > times when someone makes a mistake editing one of the config files and > needs to revert it to a previous state. > > My initial thought was to create a mercurial repository at the file > system root and exclude everything except for explicitly added files. > I'd then run something like "hg commit -m `date`" from cron every 10 > minutes to record the changes automatically. Can anyone think of a > better way to do this (existing port specifically for this purpose)? > Obviously, I need a way to track the history of a file and revert to a > previous state quickly. The storage of changes should be as > size-efficient as possible. > Look into 'rsync', available in the ports collection. Generally for a basic server, you make backup copies manually before you edit something. It's a good habbit to get into: # Make a quick backup: cp rules.pf rules.pf.orig # Then edit the original: nano rules.pf If you're doing some major messing around and don't like the manual backup solution, look into 'subversion', in the ports collection. It is a full-featured revision control system. It's used by most developers (including the FreeBSD team.) You could setup a subversion repository to store all of your config files. Make changes to them and committ those changes back to the repository. Then if you make a bunch of changes you don't like, simply checkout a previous revision. Its a bit more work to setup, but if you're doing a lot of frequent tinkering it might be worth it. For general backups I use rsync on a dedicated backup server. This way if I have to quickly restore something I can simply scp it back to the production server in seconds. rsync is fast (after the initial backup) as it only transvers the deltas (changes) in files. It automatically sorts out who has changed and who needs backed up. You could configure a cron job to run an rsync script every few minutes if you wanted. That script could also contain a command to generate an incremental copy of the entire backup directory using the -l (lowercase ell) flag. This generates a hard-linked copy, which consumes no real additional space. You can read all about it here: http://www.sanitarium.net/golug/rsync_backups.html Whatever you decide, best of luck! -Modulok-