backup-strategy
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseBackup Strategy Skill
备份策略技能
Implement automated backup solutions for VPS servers to ensure quick recovery from security incidents or system failures.
为VPS服务器实施自动备份解决方案,确保可从安全事件或系统故障中快速恢复。
What This Skill Does
该技能的作用
This skill helps AI agents configure automated backup systems on VPS servers. Security isn't just prevention - it's recovery. If your server gets compromised, you need to rebuild quickly. Regular, off-server backups are essential for business continuity and disaster recovery.
Key capabilities:
- Create automated backup scripts
- Schedule regular backups with cron
- Implement retention policies (keep N days of backups)
- Compress and encrypt backup archives
- Store backups off-server (S3, remote server, etc.)
- Verify backup integrity
- Document restoration procedures
该技能可帮助AI Agent在VPS服务器上配置自动备份系统。安全不只是预防,还包含恢复能力。如果你的服务器被入侵,你需要快速重建。定期的离线备份对于业务连续性和灾难恢复至关重要。
核心功能:
- 编写自动备份脚本
- 使用cron安排定期备份
- 实施留存政策(保留N天的备份)
- 压缩并加密备份归档
- 将备份存储在服务器外部(S3、远程服务器等)
- 验证备份完整性
- 编写恢复流程文档
When to Use
使用场景
Use this skill when you need to:
- Set up new server with backup strategy
- Implement disaster recovery plan
- Comply with data retention requirements
- Protect against ransomware and data loss
- Enable quick server rebuilds
- Meet business continuity requirements
Critical understanding: The backup must NOT be on the same server. If the server is compromised, local backups can be deleted or encrypted by attackers.
当你需要完成以下操作时可使用该技能:
- 为新服务器配置备份策略
- 落地灾难恢复方案
- 符合数据留存合规要求
- 防范勒索软件和数据丢失
- 支持快速重建服务器
- 满足业务连续性要求
重要注意事项: 备份绝对不能存储在同一台服务器上。如果服务器被入侵,本地备份可能会被攻击者删除或加密。
Prerequisites
前置要求
- Root or sudo access to the server
- Sufficient disk space for temporary backups
- Off-server storage solution (S3, remote server, NAS, etc.)
- Understanding of what needs to be backed up
- Credentials for remote storage (if applicable)
- 服务器的Root或sudo权限
- 足够的磁盘空间存放临时备份
- 离线存储解决方案(S3、远程服务器、NAS等)
- 明确需要备份的内容
- 远程存储的访问凭证(如适用)
What to Back Up
需要备份的内容
Critical Directories
关键目录
bash
/home # User home directories
/etc # System and application configuration
/var/www # Web server content
/var/lib/mysql # MySQL databases (if using file-based)
/root # Root user home (if used)
/opt # Optional software installations
/usr/local # Locally installed softwarebash
/home # User home directories
/etc # System and application configuration
/var/www # Web server content
/var/lib/mysql # MySQL databases (if using file-based)
/root # Root user home (if used)
/opt # Optional software installations
/usr/local # Locally installed softwareWhat NOT to Back Up
不需要备份的内容
bash
/tmp # Temporary files
/var/tmp # Temporary files
/proc # Virtual filesystem
/sys # Virtual filesystem
/dev # Device files
/run # Runtime data
/var/cache # Cache filesbash
/tmp # Temporary files
/var/tmp # Temporary files
/proc # Virtual filesystem
/sys # Virtual filesystem
/dev # Device files
/run # Runtime data
/var/cache # Cache filesBasic Backup Script
基础备份脚本
Simple Tar-Based Backup
基于Tar的简单备份
Create :
/usr/local/bin/backup.shbash
#!/bin/bash
#创建:
/usr/local/bin/backup.shbash
#!/bin/bash
#Simple backup script using tar and gzip
Simple backup script using tar and gzip
Configuration
Configuration
BACKUP_DIR="/backup"
DATE=$(date +%Y-%m-%d)
BACKUP_NAME="backup-$DATE.tar.gz"
RETENTION_DAYS=7
BACKUP_DIR="/backup"
DATE=$(date +%Y-%m-%d)
BACKUP_NAME="backup-$DATE.tar.gz"
RETENTION_DAYS=7
Create backup directory
Create backup directory
mkdir -p "$BACKUP_DIR"
mkdir -p "$BACKUP_DIR"
Create compressed archive
Create compressed archive
echo "Creating backup: $BACKUP_NAME"
tar -czf "$BACKUP_DIR/$BACKUP_NAME"
--exclude='/backup'
--exclude='/proc'
--exclude='/sys'
--exclude='/dev'
--exclude='/run'
--exclude='/tmp'
--exclude='/var/tmp'
--exclude='/var/cache'
/home
/etc
/var/www
/root
2>/var/log/backup-error.log
--exclude='/backup'
--exclude='/proc'
--exclude='/sys'
--exclude='/dev'
--exclude='/run'
--exclude='/tmp'
--exclude='/var/tmp'
--exclude='/var/cache'
/home
/etc
/var/www
/root
2>/var/log/backup-error.log
echo "Creating backup: $BACKUP_NAME"
tar -czf "$BACKUP_DIR/$BACKUP_NAME"
--exclude='/backup'
--exclude='/proc'
--exclude='/sys'
--exclude='/dev'
--exclude='/run'
--exclude='/tmp'
--exclude='/var/tmp'
--exclude='/var/cache'
/home
/etc
/var/www
/root
2>/var/log/backup-error.log
--exclude='/backup'
--exclude='/proc'
--exclude='/sys'
--exclude='/dev'
--exclude='/run'
--exclude='/tmp'
--exclude='/var/tmp'
--exclude='/var/cache'
/home
/etc
/var/www
/root
2>/var/log/backup-error.log
Check if backup was successful
Check if backup was successful
if [ $? -eq 0 ]; then
echo "Backup completed successfully"
echo "Backup saved to: $BACKUP_DIR/$BACKUP_NAME"
else
echo "Backup failed! Check /var/log/backup-error.log"
exit 1
fi
if [ $? -eq 0 ]; then
echo "Backup completed successfully"
echo "Backup saved to: $BACKUP_DIR/$BACKUP_NAME"
else
echo "Backup failed! Check /var/log/backup-error.log"
exit 1
fi
Delete old backups (keep last N days)
Delete old backups (keep last N days)
echo "Cleaning up old backups (keeping last $RETENTION_DAYS days)..."
find "$BACKUP_DIR" -name "backup-*.tar.gz" -mtime +$RETENTION_DAYS -delete
echo "Backup process complete"
Make it executable:
```bash
sudo chmod +x /usr/local/bin/backup.shecho "Cleaning up old backups (keeping last $RETENTION_DAYS days)..."
find "$BACKUP_DIR" -name "backup-*.tar.gz" -mtime +$RETENTION_DAYS -delete
echo "Backup process complete"
赋予其可执行权限:
```bash
sudo chmod +x /usr/local/bin/backup.shAdvanced Backup Strategies
高级备份策略
Database Backups
数据库备份
MySQL/MariaDB:
bash
#!/bin/bashMySQL/MariaDB:
bash
#!/bin/bashMySQL backup script
MySQL backup script
DB_USER="root"
DB_PASS="your_password"
BACKUP_DIR="/backup/mysql"
DATE=$(date +%Y-%m-%d)
mkdir -p "$BACKUP_DIR"
DB_USER="root"
DB_PASS="your_password"
BACKUP_DIR="/backup/mysql"
DATE=$(date +%Y-%m-%d)
mkdir -p "$BACKUP_DIR"
Backup all databases
Backup all databases
mysqldump -u"$DB_USER" -p"$DB_PASS" --all-databases
--single-transaction
--quick
--lock-tables=false
> "$BACKUP_DIR/all-databases-$DATE.sql"
--single-transaction
--quick
--lock-tables=false
> "$BACKUP_DIR/all-databases-$DATE.sql"
mysqldump -u"$DB_USER" -p"$DB_PASS" --all-databases
--single-transaction
--quick
--lock-tables=false
> "$BACKUP_DIR/all-databases-$DATE.sql"
--single-transaction
--quick
--lock-tables=false
> "$BACKUP_DIR/all-databases-$DATE.sql"
Compress
Compress
gzip "$BACKUP_DIR/all-databases-$DATE.sql"
gzip "$BACKUP_DIR/all-databases-$DATE.sql"
Delete old backups
Delete old backups
find "$BACKUP_DIR" -name "all-databases-*.sql.gz" -mtime +7 -delete
**PostgreSQL:**
```bash
#!/bin/bashfind "$BACKUP_DIR" -name "all-databases-*.sql.gz" -mtime +7 -delete
**PostgreSQL:**
```bash
#!/bin/bashPostgreSQL backup script
PostgreSQL backup script
BACKUP_DIR="/backup/postgresql"
DATE=$(date +%Y-%m-%d)
mkdir -p "$BACKUP_DIR"
BACKUP_DIR="/backup/postgresql"
DATE=$(date +%Y-%m-%d)
mkdir -p "$BACKUP_DIR"
Backup all databases
Backup all databases
sudo -u postgres pg_dumpall > "$BACKUP_DIR/pg-backup-$DATE.sql"
sudo -u postgres pg_dumpall > "$BACKUP_DIR/pg-backup-$DATE.sql"
Compress
Compress
gzip "$BACKUP_DIR/pg-backup-$DATE.sql"
gzip "$BACKUP_DIR/pg-backup-$DATE.sql"
Delete old backups
Delete old backups
find "$BACKUP_DIR" -name "pg-backup-*.sql.gz" -mtime +7 -delete
undefinedfind "$BACKUP_DIR" -name "pg-backup-*.sql.gz" -mtime +7 -delete
undefinedIncremental Backups with rsync
使用rsync实现增量备份
bash
#!/bin/bashbash
#!/bin/bashIncremental backup using rsync
Incremental backup using rsync
BACKUP_DIR="/backup/incremental"
CURRENT="$BACKUP_DIR/current"
DATE=$(date +%Y-%m-%d-%H%M%S)
SNAPSHOT="$BACKUP_DIR/$DATE"
BACKUP_DIR="/backup/incremental"
CURRENT="$BACKUP_DIR/current"
DATE=$(date +%Y-%m-%d-%H%M%S)
SNAPSHOT="$BACKUP_DIR/$DATE"
Create backup directory
Create backup directory
mkdir -p "$BACKUP_DIR"
mkdir -p "$BACKUP_DIR"
Perform incremental backup
Perform incremental backup
rsync -av --delete
--link-dest="$CURRENT"
--exclude='/backup'
--exclude='/proc'
--exclude='/sys'
/home
/etc
/var/www
"$SNAPSHOT"
--link-dest="$CURRENT"
--exclude='/backup'
--exclude='/proc'
--exclude='/sys'
/home
/etc
/var/www
"$SNAPSHOT"
rsync -av --delete
--link-dest="$CURRENT"
--exclude='/backup'
--exclude='/proc'
--exclude='/sys'
/home
/etc
/var/www
"$SNAPSHOT"
--link-dest="$CURRENT"
--exclude='/backup'
--exclude='/proc'
--exclude='/sys'
/home
/etc
/var/www
"$SNAPSHOT"
Update current symlink
Update current symlink
rm -f "$CURRENT"
ln -s "$SNAPSHOT" "$CURRENT"
rm -f "$CURRENT"
ln -s "$SNAPSHOT" "$CURRENT"
Keep only last 10 snapshots
Keep only last 10 snapshots
ls -1dt "$BACKUP_DIR"/2* | tail -n +11 | xargs rm -rf
undefinedls -1dt "$BACKUP_DIR"/2* | tail -n +11 | xargs rm -rf
undefinedOff-Server Storage
离线存储
AWS S3 Backup
AWS S3备份
bash
#!/bin/bashbash
#!/bin/bashBackup to AWS S3
Backup to AWS S3
BACKUP_DIR="/backup"
S3_BUCKET="s3://my-backups/server-name"
DATE=$(date +%Y-%m-%d)
BACKUP_FILE="backup-$DATE.tar.gz"
BACKUP_DIR="/backup"
S3_BUCKET="s3://my-backups/server-name"
DATE=$(date +%Y-%m-%d)
BACKUP_FILE="backup-$DATE.tar.gz"
Create backup
Create backup
tar -czf "$BACKUP_DIR/$BACKUP_FILE" /home /etc /var/www
tar -czf "$BACKUP_DIR/$BACKUP_FILE" /home /etc /var/www
Upload to S3
Upload to S3
aws s3 cp "$BACKUP_DIR/$BACKUP_FILE" "$S3_BUCKET/"
aws s3 cp "$BACKUP_DIR/$BACKUP_FILE" "$S3_BUCKET/"
Verify upload
Verify upload
if [ $? -eq 0 ]; then
echo "Backup uploaded to S3 successfully"
# Remove local copy after successful upload
rm "$BACKUP_DIR/$BACKUP_FILE"
else
echo "S3 upload failed!"
exit 1
fi
if [ $? -eq 0 ]; then
echo "Backup uploaded to S3 successfully"
# Remove local copy after successful upload
rm "$BACKUP_DIR/$BACKUP_FILE"
else
echo "S3 upload failed!"
exit 1
fi
S3 lifecycle policy handles retention
S3 lifecycle policy handles retention
undefinedundefinedSCP to Remote Server
通过SCP传输到远程服务器
bash
#!/bin/bashbash
#!/bin/bashBackup to remote server via SCP
Backup to remote server via SCP
BACKUP_DIR="/backup"
REMOTE_USER="backup"
REMOTE_HOST="backup-server.example.com"
REMOTE_DIR="/backups/webserver"
DATE=$(date +%Y-%m-%d)
BACKUP_FILE="backup-$DATE.tar.gz"
BACKUP_DIR="/backup"
REMOTE_USER="backup"
REMOTE_HOST="backup-server.example.com"
REMOTE_DIR="/backups/webserver"
DATE=$(date +%Y-%m-%d)
BACKUP_FILE="backup-$DATE.tar.gz"
Create backup
Create backup
tar -czf "$BACKUP_DIR/$BACKUP_FILE" /home /etc /var/www
tar -czf "$BACKUP_DIR/$BACKUP_FILE" /home /etc /var/www
Upload via SCP (requires SSH key authentication)
Upload via SCP (requires SSH key authentication)
scp "$BACKUP_DIR/$BACKUP_FILE" "$REMOTE_USER@$REMOTE_HOST:$REMOTE_DIR/"
scp "$BACKUP_DIR/$BACKUP_FILE" "$REMOTE_USER@$REMOTE_HOST:$REMOTE_DIR/"
Verify upload
Verify upload
if [ $? -eq 0 ]; then
echo "Backup transferred successfully"
rm "$BACKUP_DIR/$BACKUP_FILE"
else
echo "Transfer failed!"
exit 1
fi
undefinedif [ $? -eq 0 ]; then
echo "Backup transferred successfully"
rm "$BACKUP_DIR/$BACKUP_FILE"
else
echo "Transfer failed!"
exit 1
fi
undefinedEncrypted Backups
加密备份
bash
#!/bin/bashbash
#!/bin/bashCreate encrypted backup
Create encrypted backup
BACKUP_DIR="/backup"
DATE=$(date +%Y-%m-%d)
BACKUP_FILE="backup-$DATE.tar.gz"
ENCRYPTED_FILE="backup-$DATE.tar.gz.gpg"
GPG_RECIPIENT="admin@example.com"
BACKUP_DIR="/backup"
DATE=$(date +%Y-%m-%d)
BACKUP_FILE="backup-$DATE.tar.gz"
ENCRYPTED_FILE="backup-$DATE.tar.gz.gpg"
GPG_RECIPIENT="admin@example.com"
Create compressed backup
Create compressed backup
tar -czf "$BACKUP_DIR/$BACKUP_FILE" /home /etc /var/www
tar -czf "$BACKUP_DIR/$BACKUP_FILE" /home /etc /var/www
Encrypt with GPG
Encrypt with GPG
gpg --encrypt --recipient "$GPG_RECIPIENT"
--output "$BACKUP_DIR/$ENCRYPTED_FILE"
"$BACKUP_DIR/$BACKUP_FILE"
--output "$BACKUP_DIR/$ENCRYPTED_FILE"
"$BACKUP_DIR/$BACKUP_FILE"
gpg --encrypt --recipient "$GPG_RECIPIENT"
--output "$BACKUP_DIR/$ENCRYPTED_FILE"
"$BACKUP_DIR/$BACKUP_FILE"
--output "$BACKUP_DIR/$ENCRYPTED_FILE"
"$BACKUP_DIR/$BACKUP_FILE"
Remove unencrypted version
Remove unencrypted version
rm "$BACKUP_DIR/$BACKUP_FILE"
rm "$BACKUP_DIR/$BACKUP_FILE"
Upload encrypted backup (S3, SCP, etc.)
Upload encrypted backup (S3, SCP, etc.)
...
...
echo "Encrypted backup created: $ENCRYPTED_FILE"
undefinedecho "Encrypted backup created: $ENCRYPTED_FILE"
undefinedScheduling Backups with Cron
使用Cron调度备份
Edit Crontab
编辑Crontab
bash
sudo crontab -ebash
sudo crontab -eCommon Schedules
常用调度配置
bash
undefinedbash
undefinedDaily at 2 AM
Daily at 2 AM
0 2 * * * /usr/local/bin/backup.sh >> /var/log/backup.log 2>&1
0 2 * * * /usr/local/bin/backup.sh >> /var/log/backup.log 2>&1
Weekly on Sunday at 3 AM
Weekly on Sunday at 3 AM
0 3 * * 0 /usr/local/bin/backup.sh
0 3 * * 0 /usr/local/bin/backup.sh
Daily at 2 AM, keep 30 days
Daily at 2 AM, keep 30 days
0 2 * * * /usr/local/bin/backup.sh && find /backup -name "backup-*.tar.gz" -mtime +30 -delete
0 2 * * * /usr/local/bin/backup.sh && find /backup -name "backup-*.tar.gz" -mtime +30 -delete
Every 6 hours
Every 6 hours
0 */6 * * * /usr/local/bin/backup.sh
0 */6 * * * /usr/local/bin/backup.sh
Monthly on the 1st at midnight
Monthly on the 1st at midnight
0 0 1 * * /usr/local/bin/backup.sh
undefined0 0 1 * * /usr/local/bin/backup.sh
undefinedCron with Logging
带日志的Cron配置
bash
undefinedbash
undefinedDaily backup with logging and email on failure
Daily backup with logging and email on failure
0 2 * * * /usr/local/bin/backup.sh > /var/log/backup-$(date +%Y%m%d).log 2>&1 || mail -s "Backup Failed" admin@example.com < /var/log/backup-$(date +%Y%m%d).log
undefined0 2 * * * /usr/local/bin/backup.sh > /var/log/backup-$(date +%Y%m%d).log 2>&1 || mail -s "Backup Failed" admin@example.com < /var/log/backup-$(date +%Y%m%d).log
undefinedBackup Verification
备份验证
Check Backup Integrity
检查备份完整性
bash
#!/bin/bashbash
#!/bin/bashVerify backup archive integrity
Verify backup archive integrity
BACKUP_FILE="/backup/backup-2024-01-31.tar.gz"
BACKUP_FILE="/backup/backup-2024-01-31.tar.gz"
Test gzip integrity
Test gzip integrity
gzip -t "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "Backup archive is valid"
else
echo "Backup archive is corrupted!"
exit 1
fi
gzip -t "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "Backup archive is valid"
else
echo "Backup archive is corrupted!"
exit 1
fi
Test tar contents
Test tar contents
tar -tzf "$BACKUP_FILE" > /dev/null
if [ $? -eq 0 ]; then
echo "Tar archive structure is valid"
else
echo "Tar archive has errors!"
exit 1
fi
undefinedtar -tzf "$BACKUP_FILE" > /dev/null
if [ $? -eq 0 ]; then
echo "Tar archive structure is valid"
else
echo "Tar archive has errors!"
exit 1
fi
undefinedList Backup Contents
列出备份内容
bash
undefinedbash
undefinedList files in backup
List files in backup
tar -tzf /backup/backup-2024-01-31.tar.gz | less
tar -tzf /backup/backup-2024-01-31.tar.gz | less
Search for specific file
Search for specific file
tar -tzf /backup/backup-2024-01-31.tar.gz | grep "config.php"
undefinedtar -tzf /backup/backup-2024-01-31.tar.gz | grep "config.php"
undefinedRestoration Procedures
恢复流程
Full System Restore
全系统恢复
bash
#!/bin/bashbash
#!/bin/bashRestore from backup
Restore from backup
BACKUP_FILE="/backup/backup-2024-01-31.tar.gz"
BACKUP_FILE="/backup/backup-2024-01-31.tar.gz"
WARNING: This will overwrite existing files!
WARNING: This will overwrite existing files!
echo "WARNING: This will restore files and may overwrite existing data!"
read -p "Continue? (yes/no): " CONFIRM
if [ "$CONFIRM" != "yes" ]; then
echo "Aborted"
exit 1
fi
echo "WARNING: This will restore files and may overwrite existing data!"
read -p "Continue? (yes/no): " CONFIRM
if [ "$CONFIRM" != "yes" ]; then
echo "Aborted"
exit 1
fi
Extract to root
Extract to root
cd /
tar -xzf "$BACKUP_FILE"
echo "Restore complete. Review extracted files and restart services."
undefinedcd /
tar -xzf "$BACKUP_FILE"
echo "Restore complete. Review extracted files and restart services."
undefinedRestore Specific Directory
恢复指定目录
bash
undefinedbash
undefinedRestore only /etc
Restore only /etc
tar -xzf /backup/backup-2024-01-31.tar.gz -C / etc/
tar -xzf /backup/backup-2024-01-31.tar.gz -C / etc/
Restore specific file
Restore specific file
tar -xzf /backup/backup-2024-01-31.tar.gz -C / etc/nginx/nginx.conf
undefinedtar -xzf /backup/backup-2024-01-31.tar.gz -C / etc/nginx/nginx.conf
undefinedRestore Database
恢复数据库
bash
undefinedbash
undefinedMySQL restore
MySQL restore
gunzip < /backup/mysql/all-databases-2024-01-31.sql.gz | mysql -uroot -p
gunzip < /backup/mysql/all-databases-2024-01-31.sql.gz | mysql -uroot -p
PostgreSQL restore
PostgreSQL restore
gunzip < /backup/postgresql/pg-backup-2024-01-31.sql.gz | sudo -u postgres psql
undefinedgunzip < /backup/postgresql/pg-backup-2024-01-31.sql.gz | sudo -u postgres psql
undefinedMonitoring and Alerting
监控与告警
Email Notifications
邮件通知
bash
#!/bin/bashbash
#!/bin/bashBackup with email notification
Backup with email notification
BACKUP_SCRIPT="/usr/local/bin/backup.sh"
ADMIN_EMAIL="admin@example.com"
BACKUP_SCRIPT="/usr/local/bin/backup.sh"
ADMIN_EMAIL="admin@example.com"
Run backup
Run backup
if $BACKUP_SCRIPT; then
echo "Backup completed successfully on $(date)" |
mail -s "Backup Success - $(hostname)" "$ADMIN_EMAIL" else echo "Backup failed on $(date)" |
mail -s "BACKUP FAILED - $(hostname)" "$ADMIN_EMAIL" fi
mail -s "Backup Success - $(hostname)" "$ADMIN_EMAIL" else echo "Backup failed on $(date)" |
mail -s "BACKUP FAILED - $(hostname)" "$ADMIN_EMAIL" fi
undefinedif $BACKUP_SCRIPT; then
echo "Backup completed successfully on $(date)" |
mail -s "Backup Success - $(hostname)" "$ADMIN_EMAIL" else echo "Backup failed on $(date)" |
mail -s "BACKUP FAILED - $(hostname)" "$ADMIN_EMAIL" fi
mail -s "Backup Success - $(hostname)" "$ADMIN_EMAIL" else echo "Backup failed on $(date)" |
mail -s "BACKUP FAILED - $(hostname)" "$ADMIN_EMAIL" fi
undefinedCheck Last Backup Age
检查最近备份的时间
bash
#!/bin/bashbash
#!/bin/bashAlert if backup is too old
Alert if backup is too old
BACKUP_DIR="/backup"
MAX_AGE_HOURS=26 # Alert if no backup in last 26 hours
LATEST_BACKUP=$(find "$BACKUP_DIR" -name "backup-*.tar.gz" -type f -printf '%T@ %p\n' | sort -n | tail -1 | cut -d' ' -f2-)
if [ -z "$LATEST_BACKUP" ]; then
echo "No backups found!" | mail -s "BACKUP ALERT" admin@example.com
exit 1
fi
AGE_SECONDS=$(($(date +%s) - $(stat -c %Y "$LATEST_BACKUP")))
AGE_HOURS=$((AGE_SECONDS / 3600))
if [ $AGE_HOURS -gt $MAX_AGE_HOURS ]; then
echo "Last backup is $AGE_HOURS hours old!" |
mail -s "BACKUP TOO OLD" admin@example.com fi
mail -s "BACKUP TOO OLD" admin@example.com fi
undefinedBACKUP_DIR="/backup"
MAX_AGE_HOURS=26 # Alert if no backup in last 26 hours
LATEST_BACKUP=$(find "$BACKUP_DIR" -name "backup-*.tar.gz" -type f -printf '%T@ %p\n' | sort -n | tail -1 | cut -d' ' -f2-)
if [ -z "$LATEST_BACKUP" ]; then
echo "No backups found!" | mail -s "BACKUP ALERT" admin@example.com
exit 1
fi
AGE_SECONDS=$(($(date +%s) - $(stat -c %Y "$LATEST_BACKUP")))
AGE_HOURS=$((AGE_SECONDS / 3600))
if [ $AGE_HOURS -gt $MAX_AGE_HOURS ]; then
echo "Last backup is $AGE_HOURS hours old!" |
mail -s "BACKUP TOO OLD" admin@example.com fi
mail -s "BACKUP TOO OLD" admin@example.com fi
undefinedSecurity Best Practices
安全最佳实践
- Off-server storage - Never rely solely on local backups
- Encryption - Encrypt sensitive backups, especially if storing remotely
- Access control - Restrict backup file permissions (600 or 640)
- Test restores - Regularly test that backups can be restored
- Monitor backup jobs - Alert on failures
- Retention policy - Balance storage costs with recovery needs
- Version backups - Keep multiple generations
- Document procedures - Maintain restoration runbooks
- Separate credentials - Don't store backup credentials on the server being backed up
- 离线存储 - 永远不要仅依赖本地备份
- 加密 - 对敏感备份进行加密,尤其是存储在远程位置时
- 访问控制 - 限制备份文件的权限(设置为600或640)
- 测试恢复 - 定期测试备份是否可以正常恢复
- 监控备份任务 - 任务失败时触发告警
- 留存政策 - 平衡存储成本与恢复需求
- 多版本备份 - 保留多代备份
- 流程文档化 - 维护恢复操作手册
- 凭证隔离 - 不要将备份凭证存储在被备份的服务器上
Common Mistakes to Avoid
需要避免的常见错误
- ❌ Only backing up to the same server (single point of failure)
- ❌ Not testing restore procedures
- ❌ Backing up cached/temporary files (waste of space)
- ❌ Not encrypting backups containing sensitive data
- ❌ Setting retention too short (can't recover from old issues)
- ❌ Not monitoring backup success/failure
- ❌ Including backup directory in backup (infinite loop!)
- ❌ Not documenting what's backed up and how to restore
- ❌ 仅备份到同一服务器(存在单点故障风险)
- ❌ 不测试恢复流程
- ❌ 备份缓存/临时文件(浪费存储空间)
- ❌ 未对包含敏感数据的备份进行加密
- ❌ 留存周期设置过短(无法从早期问题中恢复)
- ❌ 不监控备份的成功/失败状态
- ❌ 将备份目录纳入备份范围(会导致无限循环!)
- ❌ 未记录备份内容和恢复方法
Additional Resources
额外资源
See references/backup-locations.md for storage provider comparison.
See scripts/backup-full.sh for comprehensive backup script.
See scripts/backup-mysql.sh for database-specific backup.
参考references/backup-locations.md查看存储供应商对比。
参考scripts/backup-full.sh获取完整备份脚本。
参考scripts/backup-mysql.sh获取数据库专用备份脚本。
Related Skills
相关技能
- - Keep backup tools updated
auto-updates - - Secure SSH for remote backups
ssh-hardening - - Protect backup storage access
firewall-configuration
- - 保持备份工具更新
auto-updates - - 加固SSH以保障远程备份安全
ssh-hardening - - 配置防火墙保护备份存储访问
firewall-configuration