[H-GEN] Fixes for excalibur's backup

Russell Stuart russell-humbug at stuart.id.au
Mon Jul 13 20:48:23 EDT 2009


On Mon, 2009-07-13 at 20:23 -0400, Robert Brockway wrote:
> So I think the best all round solution is to exclude /var/log from the 
> backups.  We can live with that if we ever need to do a DR.

Is there anyway to get to the VM if it has been compromised and we are
locked out?  (I have never used linode, so I don't know.) It is not like
we can toddle down into UQ's basement and get copy of the drive and do
forensics on it.  If we don't, the only way to look at the log files is
from the backups.  What you loose in that case is all history (apache,
sudo, etc).  If you are trying to prevent a similar exploit in the
future that information can be pretty useful.  Particularly so because
the backups will still be sent after the compromise has occurred.

> Here is a list of the directories I normally exclude from backups (whether 
> or not they are present or contain data):

Look in /etc/rdiff-image/rdiff-image.conf to see what is currently
excluded.




More information about the General mailing list