Post History
I plan to set up a Raspberry Pi to host some dockerized apps, for it to be accessible to the Internet through a remote proxy, and since I'm no sysadmin, I'm trying to come up with a suitable policy...
#2: Post edited
by
Canina
·
2021-08-24T13:35:25Z (about 3 years ago)
Raspi home server backup strategy
- How to detect if a Linux Docker host has had unwelcome guests?
I plan to set up a Raspberry Pi to host some dockerized apps, for it to be accessible to the Internet through a remote proxy, and since I'm no sysadmin, I'm trying to come up with a suitable policy for security and backups. Besides common security measures such keeping stuff up-to-date, using a firewall, SSH keys, I want to periodically check the system configuration to see whether any unwelcome guests tampered with the Pi, so I can reinstall everything and be up and running with minimum hassle. For this, I have a backup of partitions of my base system (boot on MMC and root on an attached HDD), and then make periodic remote backups of the following: 1. all the Docker volume directories 2. MariaDB dumps for every database 3. All of `/etc` 4. the output of `apt list --installed` 5. the output of `export` for the root user 6. Some or all of `/var`, `/usr/, `/bin`, '/sbin` and `/boot`, not sure yet. The first two are the actual backup, whereas 4-6 I intend to get check whether they have changed in unexpected ways that would justify a reinstall. My questions are then: 1. Is there a better way to monitor my system for changes? 2. Which of item 6 make sense to monitor? Am I missing anything else? Thanks in advance.
#1: Initial revision
by
nnlei
·
2021-08-24T04:38:54Z (about 3 years ago)
Raspi home server backup strategy
I plan to set up a Raspberry Pi to host some dockerized apps, for it to be accessible to the Internet through a remote proxy, and since I'm no sysadmin, I'm trying to come up with a suitable policy for security and backups. Besides common security measures such keeping stuff up-to-date, using a firewall, SSH keys, I want to periodically check the system configuration to see whether any unwelcome guests tampered with the Pi, so I can reinstall everything and be up and running with minimum hassle. For this, I have a backup of partitions of my base system (boot on MMC and root on an attached HDD), and then make periodic remote backups of the following: 1. all the Docker volume directories 2. MariaDB dumps for every database 3. All of `/etc` 4. the output of `apt list --installed` 5. the output of `export` for the root user 6. Some or all of `/var`, `/usr/, `/bin`, '/sbin` and `/boot`, not sure yet. The first two are the actual backup, whereas 4-6 I intend to get check whether they have changed in unexpected ways that would justify a reinstall. My questions are then: 1. Is there a better way to monitor my system for changes? 2. Which of item 6 make sense to monitor? Am I missing anything else? Thanks in advance.