When it comes to backing up data you should be very paranoid. Most people think about data loss as a spontaneous random event. I like to approach backups thinking about someone intentionally trying to destroy all data on a server. There are a number of solutions you can employ and online backup services from 15 cents to $3 per gigabyte of storage.
# Most people should be able to select "Use SSE2-optimized code" portmaster --packages-build --delete-build-only --force-config sysutils/tarsnap
Now we need to generate a key. We'll set a passphrase, you don't have to but it adds some security in case the key file falls into the wrong hands.
tarsnap-keygen --keyfile /root/tarsnap.key --user me@example.com --machine mybox --passphrased
Now we want to create a restricted key file. This is the key file that will stay on the server and this key will only be allowed -r (list and extract archives) and -w (write archives). This ensures that if someone breaks into the server and gains root level access that they won't be able to delete your backups. We also won't passphrase this keyfile so that a backup script can be setup and daily scheduled backups can be run via cron.
tarsnap-keymgmt --outkeyfile tarsnap-readwrite.key -r -w /root/tarsnap.key
This is a modified script from http://www.bishnet.net/tim/tarsnap/run.sh by http://www.bishnet.net/tim/blog/2009/01/28/automating-tarsnap-backups/ . The original script would delete archives after a certain point. Although this is handy you do run the risk of someone deleting your backups if they gain access to your machine. Due to new backups not using much space I just manually go in and remove old archives every once in a while.
<box 100% round blue|tarsnap-backup.sh>
#!/bin/sh # Tarsnap backup script # Written by Tim Bishop, 2009. # Name of server SERVERNAME=EXAMPLE # Directories to backup DIRS="/home /etc /usr/local/etc" # Which day to do weekly backups on # 1-7, Monday = 1 WEEKLY_DAY=1 # Which day to do monthly backups on # 01-31 (leading 0 is important) MONTHLY_DAY=01 # Path to tarsnap TARSNAP="/usr/local/bin/tarsnap" # end of config # day of week: 1-7, monday = 1 DOW=`date +%u` # day of month: 01-31 DOM=`date +%d` # month of year: 01-12 MOY=`date +%m` # year YEAR=`date +%Y` # time TIME=`date +%H%M%S` # Backup name if [ X"$DOM" = X"$MONTHLY_DAY" ]; then # monthly backup BACKUP="$YEAR$MOY$DOM-$TIME-monthly" elif [ X"$DOW" = X"$WEEKLY_DAY" ]; then # weekly backup BACKUP="$YEAR$MOY$DOM-$TIME-weekly" else # daily backup BACKUP="$YEAR$MOY$DOM-$TIME-daily" fi # Do backups echo "==> create $BACKUP-$SERVERNAME" $TARSNAP $EXTRA_FLAGS -c -f $BACKUP-$SERVERNAME $DIRS
</box>
PATH=/usr/local/bin:/etc:/bin:/sbin:/usr/bin:/usr/sbin # Tarsnap Daily Backup 30 2 * * * /bin/sh /root/tarsnap-backup.sh
/usr/local/etc/tarsnap.conf
humanize-numbers