Guidelines for Trusted Backup and Recovery

Use only fbackup and frecover to back up and recover files selectively. Only fbackup and frecover retain access control lists (ACLs). Use the -A option of these commands when backing up and recovering files for use on systems that do not implement ACLs. For more information, see fbackup(1M) and frecover(1M).

If you plan to recover the files to another system, be sure that the user's user name and group name on both systems are consistent.

Remember that the backup media is sensitive material. Allow access to the media only on the basis of proven need.

Label backup tapes and store them securely. Offsite storage provides maximum security. Keep archives for a minimum of 6 months, then recycle the media.

Use appropriate procedures to clean magnetic media to remove data before reuse.

Perform daily incremental and full weekly backups.

Synchronize the backup schedule with the information flow in the organization. For example, if a major database is updated every Friday, you might want to schedule the weekly backup on Friday evenings.

If all files must be backed up on schedule, request that all users log off before you perform the backup. However, fbackup warns you if a file is changing while the backup is being performed.

Examine the log file of latest backups to identify problems occurring during backup. Set restrictive permissions for the backup log file.

The frecover command allows you to overwrite a file. However, the file retains the permissions and ACLs set when the file was backed up.

You must test the recovery process beforehand to make sure you can fully recover data in the event of an emergency.

When recovering files from another machine, you might have to execute the chown command to set the user ID and group ID for the system on which they now reside, if the user and group do not exist on the new system. If files are recovered to a new system that does not have the specified group, the files will take on the group ownership of the person running frecover. If owner and group names have different meanings on different systems, recovery results might be unexpected.

Power failure should not cause file loss. However, if someone reports a lost file after a power failure, look for it in /lost+found before restoring it from a backup tape.

To verify contents of the tape being recovered, use the -I option of frecover to preview the index of files on the tape. Note, however, that existing permissions of a file system are kept intact by the backup; frecover prevents you from reading the file if the permissions on the file forbid it.

Never recover in place any critical files such as /etc/passwd or the files in /tcb/files. Instead, restore the file to a temporary directory (do not use /tmp) and give this directory permissions drwx------, preventing anyone else from using it. Compare the restored files with those to be replaced. Make any necessary changes.

Auditing is not enabled automatically when you have recovered the system. Be sure to turn auditing on with the audsys command.