How to Create Bullet Proof Ubuntu Install

Learn how to protect your data in Ubuntu and restore to a working system should the unthinkable happen.
Posted November 21, 2016
By

Matt Hartley


Installing Ubuntu is an extremely simple process. If you can "read and click next," setting up a new Ubuntu installation is quite easy. But once the distro is installed, how do you keep the data safe? Clearly, you need to create a bullet proof Ubuntu installation. This article will share my approach to protecting your data while allowing you to restore to a working system should the unthinkable happen.

Dedicated home partition Ubuntu installation

Many people believe that installing Ubuntu with a dedicated home partition is always the best way to go. But this isn't always the case, as there are strong arguments for not doing so. I've found a dedicated home makes sense if you're not a distro hopper. This allows you you keep your user specific docs, images and so forth with you even if you perform a clean installation again later.

There are two important considerations to remember here, however. First off, a dedicated home partition is not a backup. A backup is two or more copies of your data, not one on a dedicated partition. Second, switching to other desktop environments can leave behind extra files that might not be needed by the new desktop environment. Files for KDE left behind in your ~/.config for example aren't going to be of much value to a MATE user.

A dedicated home partition is not a backup and shouldn't be considered a part of your bullet proof Ubuntu installation. Instead, it's merely a convenience and a time saver for semi-frequent fresh installations of the same distro.

Using rsync for your bullet proof Ubuntu installation

To get started with a truly bullet proof Ubuntu installation, one must have a clear method to make sure their user data is protected. This means backing up critical docs, pictures, and configuration files onto another machine or hard drive. Even better is to automate this process.

The approach I like to take is to utilize two separate cron jobs that sync my critical user data to a separate location, usually to another machine. Once it's on the second machine (a Pi 2), I have two other cron jobs that run on a weekly schedule.

The first set of cron jobs sends my less critical data to cloud storage. This data is the kind that could be pasted to a postcard for the world to see. In short, this type doesn't contain personal data. The second cron job does contain my personal data and it's setup to rsync to another drive that is then rotated with another drive off site. What this means is if there is a fire, my personal data is both off-site and not hosted in the cloud. Also rotating these drives means I both have a drive off-site and one that's always here at the house to be used. It may seem complex, but this is a system that translates into no issues with user data loss due to a PC crash or something happening to my house.

So how do I separate one rsync as cloud-safe and the other to be kept off site (and offline)? Simple, I use two separate cron jobs and two exclusion lists.

Both rsync commands look something like this:

rsync -Parz --delete --exclude-from 'rsync-exclude.txt' ~/source-inside-of-home /destination-directory

and:

rsync -Parz --delete --exclude-from 'rsync-exclude-personal.txt' ~/source-inside-of-home /destination-directory-2

The secret to making this work is that I can use the same ~/home directory as the source for both cron jobs, but rely on two separate exclusion lists. One exclusion list blocks all private files/directories while the other one blocks everything EXCEPT the private files/directories I want to backup. I also use something similar on the PI 2 that takes the data and moves it to the appropriate destinations (cloud or removable drive).

This process becomes part of the bullet proof Ubuntu experience once you automate it with cron. Simply add each backup to a crontab and you're good to go. Remember though, you must fstab mount your network share that you're backing up to. Otherwise you're going to be rsyncing data into network shares that don't exist.

rclone your data for your bullet proof Ubuntu installation

As I explained previously, the first half of my transferred user data is copied over to a removable drive to be swapped out with the one off site. However, the trusted user data I feel comfortable moving into the cloud is copied over the Internet using a tool called rclone. At its core, rclone is basically a rsync-like tool to copy data over to various cloud based destinations. I'm happy to report that rclone supports all the big players like Google, Dropbox, AWS, etc.

My rclone script looks something like this:

/usr/sbin/rclone copy -u -specific_cloud_service-chunk-size=128M --stats=10s --transfers=2 /source_directory Dropbox:Destination_directory/sub_directory_optional

Note that I'm using rclone in the /usr/sbin/ directory. This is because it's not an available Ubuntu package -- instead it needs to be downloaded from Github, extracted and moved over to /usr/sbin/ so it can be run outside of your user's home directory.

Utilizing rsync, rclone and removable/transportable hard drives together allow you to keep your data backed up safely and securely. This keeps your Ubuntu userland data safe and bullet proof, but what about your system data?

Restore your drive for your bullet proof Ubuntu installation

We've pretty much covered how I recommend backing up your userland data. But what about minimizing your system down time should something crash? I've found there are basically three different approaches to avoiding significant down time.

Option 1 - Re-install your distro while keeping the dedicated home partition intact. This is by far, the most bullet proof approach as you don't have to restore your user data. Yes, it's backed up elsewhere…however if it's only the system data that needs to be reinstalled, leaving your home partition alone is the fastest approach.

Option 2 - If you don't have a dedicated partition in place or it was messed up somehow, then you can install a fresh installation and restore your user data from your backups. It's not as fast as option 1, but it's better than nothing.

Option 3 - If you have the time and you're willing to accept the disk image backup for what it is, you can utilize a program called Clonezilla. I personally don't like disk imaging as a backup tool. It's slow to restore and can present headaches if something doesn't restore correctly. However, if you have system level configuration that you spent a lot of time on, it's a good way to get your PC back up and running without having to reconfigure non-userland settings pretty easily.

To make the most of Clonezilla, you must first clone your drive. Once this is done, you need to keep the cloned drive somewhere safe so you can restore from it later if needed. To be clear – this is NOT nearly as good as backing up your user data separately. It's best suited as a tool to get your PC back up and running as it was from its last cloning session. Once restored, you can then restore your latest userland data from the rsync backups discussed previously.

Bullet proof Ubuntu installation the easy way

The tips and techniques I described above are nowhere near as simple as running Deja-Dup set to backup to a flash drive. This is absolutely true and you could take the simplified route instead. The reason I don't is very simple – I want more from my personal backup than an "all or nothing" approach.

And finally, this brings us to the overall concept of a bullet proof Ubuntu installation. Is there such a thing? In my mind, a bullet proof install is one where no matter what happens (fire, flood, life event) my data is easily restorable as if nothing happened. Bundle these tips with my Ubuntu network security advice and you will have a fantastic Linux experience.

What say you? Disagree with me? Perhaps instead, you feel like one only need to dd their drive and call it a day? Whatever your approach to data backup happens to be, hit the Comments below and tell me about it.




Tags: Linux, Ubuntu, Security Concerns


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.