The next step in this process is to back up multiple versions of your files using incremental snapshots, which is also pretty easy with rsync. The key is using cp -al (copy and make hard links) to prepare the latest version of the backup files, and then rsync into that directory. This way, files which have not been changed will only be stored once on the disk.
Once that's working, you can add the --delete option to rsync (removing individual files that have been deleted). You can also set up a process to remove older snapshots as needed. This is the kind of scheme I usually set up for my clients.
I have to disagree with the --delete option in this particular use case.
It defeats the purpose of the article.
Ransomware will delete your files replacing them with their crypted version.
Then your backup process with --delete, will ... delete your sane files ...
I don't think it is what you want for your backup process to prevent ransomware ...
Same stuff for you snapshots. Sane backup could vanish ..
In ransomware case, a good indicator can be the percentage variation of changes in files.
I think you misunderstood my comment: you only add --delete after you have snapshots working properly. Then the files only disappear from the latest backup, but they are still present in all previous snapshots.
If you set this up correctly - and you understand what it is doing, which is always important - then it is a good system with no risk for data loss.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
The next step in this process is to back up multiple versions of your files using incremental snapshots, which is also pretty easy with rsync. The key is using
cp -al
(copy and make hard links) to prepare the latest version of the backup files, and then rsync into that directory. This way, files which have not been changed will only be stored once on the disk.Once that's working, you can add the
--delete
option to rsync (removing individual files that have been deleted). You can also set up a process to remove older snapshots as needed. This is the kind of scheme I usually set up for my clients.More info about how and why this works: mikerubel.org/computers/rsync_snap...
Great info on rsync! Thanks for that and the link, James!
I have to disagree with the --delete option in this particular use case.
It defeats the purpose of the article.
Ransomware will delete your files replacing them with their crypted version.
Then your backup process with --delete, will ... delete your sane files ...
I don't think it is what you want for your backup process to prevent ransomware ...
Same stuff for you snapshots. Sane backup could vanish ..
In ransomware case, a good indicator can be the percentage variation of changes in files.
I think you misunderstood my comment: you only add
--delete
after you have snapshots working properly. Then the files only disappear from the latest backup, but they are still present in all previous snapshots.If you set this up correctly - and you understand what it is doing, which is always important - then it is a good system with no risk for data loss.