Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A script to prevent damage from rm -rf malware' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A script to prevent damage from rm -rf malware
Authored by: merlyn on May 18, '04 11:14:25AM
You don't need that script. You can do it with the built-in rsync command rather easily:

rsync -a --delete --link-dest=$HOME $HOME /backup/path/for/home
This creates a hard-link tree under /backup/path/for/home pointing at $HOME, just as the overly-complicated Perl script also accomplishes, presuming that /backup/path/for/home and $HOME are on the same disk.

[ Reply to This | # ]
Better than mere rsync...
Authored by: greebly on May 18, '04 12:45:43PM

If you're a die-hard UNIX head, there's a fantastic bit of python scriptwork called rdiff-backup. Why do I make the "die-hard UNIX head" proviso? There's a bit of console work and compiling to do if you want to install this. Adventurous non-UNIX people are welcome to try it out (learn something new)! I'd be happy to help, if you're interested. Once's it's installed it's easier than easy to use:

$ rdiff-backup /Users /Path/to/other/directory/Users

Typing this at a command prompt as root (or putting sudo in front) will backup and mirror /Users to the destination folder. Running it again in say 24 hours will bring the mirror up-to-date with any changes, and it will move changed files to an increment directory.

It's like rsync in that it keeps a mirror of whatever directory you tell it to backup, but it also keeps "diffs" of the changes, like an incremental backup. I have an NFS server in my basement, and I have a cron job backing up the /Users folder every night, for each of my Macs. I can also have it remove the incrementals older than 21 days (any time amount is possible).

It has backup and restore capabilities. I used to back up to an old tape drive, but with disk space so cheap, it's easier and cheaper to just use disks. I can restore to an earlier version of a file if something happens.

I haven't tried to mirror a whole disk, so I don't know if such a thing were bootable, but I imagine it wouldn't be hard to make it so.

Long story short, the only sure way to protect against file deletions is to keep backups. I have a .Mac account, but find that Apple's Backup utility doesn't do it for me. I like having incremental backups and a live mirror on a hard disk, networked or otherwise.

Note: (It's necessary for the destination folder to exist before running the script and it's useful to have the same name and permissions as the source, eg. /Users permissions are drwxrwxr-t (1775 in Octal), so you would want /Path/to/other/directory/Users [just the Users folder] to have the same permissions. This would make a full restore as easy as just clicking and dragging or a cp -Rp).

2nd Note: If anyone is interested in helping me, I think it would be rather easy to make an AppleScript wrapper for this, where backups and restores and such would become more accessible to Joe User. Let me know.

---
--++-- Aaron Mildenstein --++--

Do not meddle in the affairs of Dragons,
for you are crunchy, and taste good with ketchup.

[ Reply to This | # ]

A script to prevent damage from rm -rf malware
Authored by: PurpleHaze on May 18, '04 01:08:10PM

Wouldn't you need the -R flag to preserve structure ? or is that implied in -a (archive mode) ?



[ Reply to This | # ]
rsync doesn't work that way.
Authored by: jk806 on May 18, '04 06:30:06PM

Hi,

As the author of that overly complicated perl script, I'd like to point out that the command you provide does _not_ actually work. Believe me, I'm much too sensible (read: lazy) to write complicated perl scripts when a one-line shell command will do it. I tried it with rsync before I wrote the thing.

Incidentally I also used cpio, which will create the hard link tree as well, but the perl script runs faster after the first run, as CPIO completely rewrites all the links every time, whereas the perl script only makes updates to things that have changed.

Go ahead and try the rsync on a small directory, and check the inodes and your disk space. You'll notice that what you actually get is a _real_ backup of your files, not a hard-link tree. Still, I'm not immune to mistakes... so just to make sure I didn't miss something the first time round... I used your command on just the Pictures folder within my home directory...

I did my ~/Pictures folder to ~/t1/

Results: (ls -i1 on files in both locations)

Computer [205]~>ls -i1 t1/Pictures/Finder*
1771681 t1/Pictures/Finder4.jpg
1771682 t1/Pictures/Finder5.jpg

Computer [206]~>ls -i1 Pictures/Finder*
1439742 Pictures/Finder4.jpg
1439743 Pictures/Finder5.jpg

Note the inodes are different. My disk space decreased, coincidentally, by the size of my pictures folder.

If you can find a way to make rsync actually do it, please post it.

jk806



[ Reply to This | # ]
A script to prevent damage from rm -rf malware
Authored by: Fil Machi on May 18, '04 10:06:45PM

The example rsync command line by merlin contains an error. Try this:

rsync -a --delete --link-dest=$HOME $HOME/ /backup/path/for/home

Note the trailing slash '/' on $HOME/. Without it rsync creates /backup/path/for/home/X/*, where X is the name of your home directory, and rsync then can not match up paths correctly between the backup directory and the link-dest directory.

With the trailing slash rsync creates /backup/path/for/home/* and --link-dest works as expected.

Also, the stock rsync that comes with OS X does not copy the resource fork of HFS+ files. So backups of HFS+ directories created using it can not really be called backups. Install and use the resource fork aware version of rsync, aka rsyncx from versiontracker (http://www.versiontracker.com/dyn/moreinfo/macosx/16814).



[ Reply to This | # ]
rsync still doesn't work
Authored by: jk806 on May 18, '04 11:45:45PM

I did as you mentioned, adding the /, same result. New inodes. It makes a backup just fine, but not using links.

As I mentioned, I tried using rsync several times using link-dest, and could not get it to create the tree using links no matter which way I ran it.

I like rsync and use it regularly, but for this purpose, it doesn't seem to work.

In any case, shadowmirror does what's needed, on a stock OS X system (or any other unix system) without additional software. It does just as well at syncing as rsync for these purposes, and does it faster than rsync. Over 7x faster consistently in my tests, most likely due to the fact that rsync does more tests than simple inode comparisons and, of course, creating links is a lot faster than copying data.

For me, I'll use shadowmirror since I know it works, and don't want to spend any more time trying to figure out why rsync won't.



[ Reply to This | # ]
sweet.
Authored by: DanPritchard on May 19, '04 02:04:02PM

I think that is a very cool script. Nice job. Very elegant--exploiting the fact that deleting a file doesn't really delete the file. I love it.



[ Reply to This | # ]