Backup policies to recover from quiet/insidious changes by insiders

sunhux used Ask the Experts™
I'm exploring backup policies such that if there's insiders quietly
altering them, we can skip the 'bad' changes:

Day 1: the initial good build
Day 2: legit/good updates were made
Day 3: an insidious/malicious update were made
Day 4: good legit updates/changes were made

We want to restore till Day 2, skip Day 3, restore Day 4.
Was told a GFS scheme as above will help but I tend to think
a mix of incremental plus differential backups is needed.
Pls comment.

For DB, is it better to backup the OS files of the DB or take dumps & backup
the text dumps?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018
Q1) Likely better to trust your backups, rather than a GFS scheme.

Q2) Whether you backup raw files or dump individual databases... many considerations about which is best...

Consideration #1) To backup raw files which are consistent (no corruption), you must stop your database instance.

The way I do this (using MariaDB as an example), is to...

1) rsync -av /var/lib/mysql /var/lib/mysql-dump while mysqld is running.

2) Place all sites in maintenance mode, show they show a nice message, rather than database connection error...

3) service mysql stop

4) rsync -av /var/lib/mysql /var/lib/mysql-dump - this only picks up changes now, so this rsync runs very fast.

5) service mysql start

6) Take sites out of maintenance mode, back into production mode.

Consideration #2) Restores of raw files are blazing fast compared to dropping + restoring individual databases.

Consideration #3) When working with raw files, all sites revert to time of backup, rather than just one site for individual backups.

My tendency is to do both.

I run all sites in LXD containers, so I backup the entire bootable container + then also backup each individual database, so I can restore an entire container or just one database.
Top Expert 2016

AFAIK, you can't skip restoring a incremental backup when restoring to the latest backup.  You may be able to restore individual files using the full chain.


understand incremental wont help but I'm looking at a combination of incremental plus differential
Top Expert 2016
You know the difference between the two.  As I said previously restore to the day before the incident using base and differential of that date or base and incrementals to that date.
Now you can open the backups and restore FILES overwriting older files except the affected files.


> may be able to restore individual files using the full chain
Ok, missed the above line

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial