Postinstallation Security Tips for Backup and Recovery

Use only the fbackup and frecover commands to back up and recover files selectively. Only fbackup and frecover retain access control lists (ACLs). Use the -A option of these commands when backing up and recovering files for use on systems that do not implement ACLs. See fbackup(1M) and frecover(1M).

If you plan to recover the files to another system, be sure that the user's user name and group name on both systems are consistent.

Remember that the backup media is sensitive material. Allow access to the media only on the basis of proven need.

Label backup tapes and store them securely. Offsite storage provides maximum security. Keep archives for a minimum of 6 months, and then recycle the media.

Perform daily incremental and full weekly backups.

Synchronize the backup schedule with the information flow in your organization. For example, if a major database is updated every Friday, you might want to schedule the weekly backup on Friday evenings.

If you must back up all files on schedule, request that all users log off before performing the backup. The fbackup command warns you if a file is changing while the backup is being performed.

Examine the log file of latest backups to identify problems occurring during backup. Set restrictive permissions on the backup log file.

Be aware that the frecover command allows you to overwrite a file. However, the file retains the permissions and ACLs set when the file was backed up.

Test the recovery process beforehand to make sure you can fully recover data in the event of an emergency.

When recovering files from another machine, you might have to execute the chown command to set the user ID and group ID for the system on which they now reside, if the user and group do not exist on the new system. If files are recovered to a new system that does not have the specified group, the files will take on the group ownership of the person running the frecover command. If the owner and group names have different meanings on different systems, recovery results might be unexpected and not what you wanted.

Although a power failure should not cause file loss, if someone reports a lost file after a power failure, look for it in the /lost+found directory before restoring it from a backup tape.

To verify contents of the tape being recovered, use the -I option of the frecover command to preview the index of files on the tape. Existing permissions of a file system are kept intact by the backup. The frecover command prevents you from reading the file if the permissions on the file forbid it.

Never recover in place any critical files, such as /etc/passwd or those in /tcb/files. Instead, restore the file to a temporary directory (do not use /tmp), and give this directory permissions drwx------, preventing anyone else from using it. Compare the restored files with those to be replaced. Make any necessary changes.

Be sure to turn auditing on. Auditing is not enabled automatically when you have recovered the system.