On 21.09.21 19:15, Marco Möller wrote:
On 21.09.21 17:53, Tim Woodall wrote:
I would like to have some WORM memory for my backups. At the moment
they're copied to an archive machine using a chrooted unprivileged user
and then moved via a cron job so that that user cannot delete them
(other than during a short window).
My though was to use a raspberry-pi4 to provide a USB mass storage
device that is modified to not permit deleting. If the pi4 is not
accessible via the network then other than bugs in the mass storage API
it should be impossible to delete things without physical access to the
pi.
Before I start reinventing the wheel, does anyone know of anything
similar to this already in existence?
Things like chattr don't achieve what I want as root can still override
that. I'm looking for something that requires physical access to delete.
The backup tool borg, or borgbackup (this latter is also the package
name in the Debian repository), has an option to create backup archives
to which only data can be added but not deleted. If you can get it
managed, that only borgbackup has access through the network to the
backup system but no other user can access the backup system from the
network, then this might be want you want.
Borgbackup appears to be quite professionally designed. I have never had
bad experience for my usage scenario backing up several home and data
directories with it and restoring data from the archives - luckily
restoring data just for testing the archives but not for indeed having
needed data from a backup. My impression is, that this tool is also in
use by the big professionals, those who have to keep up and running a
real big business. Well, maybe someone of those borgbackup users with
the big business pressure and experience should comment on this and not
me. At least for me and my laboratory measurement data distributed on
still less than 10 computers and all together comprising still less than
10 TB data volume, it is the perfect tool. Your question sounds like it
could also fit your needs.
Best wishes,
Marco
I forgot to mention, that the documentation contains a guide on how to
set up the system, so that a backup will be run automatically upon a
certain external device becoming connected. You could thus make up a
scheme with having more than one external HDD, keeping some of them
offline, so that they could not be harmed by an ransomware attack (as
you mentioned this concern in another of your posts in this thread, and
placing the current backup to the HDD becoming connected temporarily for
running the current backup. Afterwards offline again you might want to
check from a not network connected, supposedly always clean system if
the backup archives are still healthy and maybe even how they compare to
old backups for detecting unusual and not expected changes. At least for
the normal archive health check there are already build in features for
this.
If not satisfied with the build in archive check features or in general
not wanting to include borgbackup into your tool chain, then you could
still consider to adopt such concept to your preferred tools:
- configure to get a script started when some hardware device becomes
connected, and run your backup and log the hashes of the files going
into the backup and of course also the hash(s) of the backup file(s)
- offline check from a secure system that newly calculated hashes of
your files in the backup and of course also of the backup file(s) still
coincide with the hashes in your log
- compare the hashes from the current log with hashes from old logs to
detect unusual changes
- rotate hardware for the next backup to a next external storage and
repeat; you like this should be able to always keep some older and still
not so old backups and a register of logs offline at a safe place and
note if a current backup indicates that unexpected things might have
happened to your current data and thus current backup;
Best wishes,
Marco.
