I plan to set up a Raspberry Pi to host some dockerized apps, for it to be accessible to the Internet through a remote proxy, and since I'm no sysadmin, I'm trying to come up with a suitable policy for security and backups.
Besides common security measures such keeping stuff up-to-date, using a firewall, SSH keys, I want to periodically check the system configuration to see whether any unwelcome guests tampered with the Pi, so I can reinstall everything and be up and running with minimum hassle.
For this, I have a backup of partitions of my base system (boot on MMC and root on an attached HDD), and then make periodic remote backups of the following:
1. all the Docker volume directories
2. MariaDB dumps for every database
3. All of `/etc`
4. the output of `apt list --installed`
5. the output of `export` for the root user
6. Some or all of `/var`, `/usr/, `/bin`, '/sbin` and `/boot`, not sure yet.
The first two are the actual backup, whereas 4-6 I intend to get check whether they have changed in unexpected ways that would justify a reinstall.
My questions are then:
1. Is there a better way to monitor my system for changes?
2. Which of item 6 make sense to monitor? Am I missing anything else?
Thanks in advance.
