Backup server on what is better to organize windows or Linux (so that the encryptor does not work)?
Give advice on how to do better. We need a Backup server. There is a supermicro platform for 4 baskets, i5, 16 GB. 4 baskets with 6TB drives. which OS is better to use. What is your opinion on XPE?Linux Sawyer Cooke, Nov 11, 2020
Bareos on LinuxAnonymous
which OS is better to useIt doesn't matter, all the salt is in the settings, and which axis is unimportant, and is selected based on convenience and other factors. If configured correctly, the encryptor will not work.
What is your opinion on XPE?I have never heard of this.Anonymous
linux + zfs + urbackupZachary Harper
on linux. raise ftp or rsync. ransomware use smbAnonymous
ZFS + snapshots = profit. In fact, the easiest and most convenient way to organize backups, IMHO. ZFS takes a snapshot instantly. You can take a snapshot of the state at least every second, while the size of the snapshot does not take up the full volume of the backed up information, but the difference between the last snapshot and the new one. Disk space is used very conveniently and efficiently. You can poke a stick in NAS4Free, put FreeBSD into production (for which ZFS is a native system) or Linux + ZFS On Linux.Lily Rangel
For backup, it is better to use hardware and software complexes like EMC Data Domain a >.Anonymous
I recommend taking a look at https://www.urbackup.org - very handy for small installations. I didn’t use the big ones, but the big ones I put bareos (bakula).
It is installed under both Windows and Linux, both a server and clients.Anonymous
You can leave the usual samba or ftp.
Just set a task that runs through the backup directories and executes one command
chattr + i *
After this command, all files become readonly for everyone, even for root.
And the ransomware cannot do anything.
[[email protected] ~]# lsattr test-file.txt
[[email protected] ~]# chattr +i test-file.txt
[[email protected] ~]# lsattr test-file.txt
[[email protected] ~]# rm test-file.txt
rm: remove regular file ‘test-file.txt’? y
rm: cannot remove ‘test-file.txt’: Operation not permitted
Similarly, you can move files to another directory that is readonly or that is not available to clients at all.
The opposite command should be used to clean the backup directories.
chattr -i test-file.txt
But BareOS and other specialized products, as advised above, have not been canceled. :)Anonymous
So let's figure it out.
1. The distribution itself does not really matter, in fact, any * nix like this will do, preferably, of course, a stable centos debian branch (without fanaticism to mint ubuntu, this will bring the most unstable branches)
2. Stable ext4 filesystem - as an option, even ext2 is easier to work with.
3. Cloud backup of the server - perhaps more expensive but obviously more reliable than a self-propelled gun, here you can argue but it's a fact.
4. https://en.hetzner.com/hosting/storagebox/bx50 - cheap and angry, access via ftp webdov (partial ssh) - yes, and if you are a legal entity the price will be 13% lower (VAT refund)
In the last two cases, you take the service and not the server and its support in the future and therefore save your time.
In the first, you do everything yourself.Anonymous
I use Acronis because it is convenient and I can. I could not choose the axis on the server, but they gave me money for the backup program. Not complaining. The full archive can be opened with winrar, incremental-differential, everything is as expected. Cryptographers do not seem to know how yet, but just in case, only the acronis account has write access.Anonymous
If xpe is xpenology, then I myself use such a backup solution. The main thing is that the disk controller picks upAnonymous
You can back up by means of Windows itself to a separate RAID connected (only for backups), its Windows archiver itself can format and use only for backups. You can backup directories, databases, virtual machines. This is not an expensive option and is quite reliable. You only need discs for the right size.
I use a separate RAID for backups, without formatting with the Windows archiver. And additionally, I use a script to backup to WD MY CLOUD, which is on Linux.
It is important to know that if the ransomware was launched under a user who does not have permission to access the archive, then the ransomware will not encrypt anything. Therefore, we give access to the archive directories only to the Administrator (not even to the Administrators group). Well, we set the password stronger for the Admin.Luna Moyer
Linux + Rsnapshot (more advanced utility than rsync).
Server with its own username - password. He collects everything from other servers himself.
Last year I ran into a ransomware and came up with such a scheme.Anonymous
To place the code, please use CodePen or similar tool. Thanks you!