Backup and Failsafe System
Go to file
DarkFeather 125177f35f
Not using aether as install user
2023-12-07 12:43:37 -06:00
examples Restructured to better break up backups and add user control 2017-11-16 17:51:14 -06:00
tests Moving install to root for privileged scripts rather than the user; hooks cleanup; changing test strategey to helptext for now 2023-12-07 12:28:55 -06:00
.gitignore Moving install to root for privileged scripts rather than the user; hooks cleanup; changing test strategey to helptext for now 2023-12-07 12:28:55 -06:00
LICENSE Standardizing round 1 2020-02-08 13:34:58 -06:00
Makefile Not using aether as install user 2023-12-07 12:43:37 -06:00
PKGBUILD Updating to include systemd timers 2023-07-15 22:34:00 -05:00
README.md Moving install to root for privileged scripts rather than the user; hooks cleanup; changing test strategey to helptext for now 2023-12-07 12:28:55 -06:00
aether-gen.bash Headers & Usage 2023-12-07 12:37:40 -06:00
aether-gen.service Updating to include systemd timers 2023-07-15 22:34:00 -05:00
aether-gen.timer Updating to include systemd timers 2023-07-15 22:34:00 -05:00
aether.bash Headers & Usage 2023-12-07 12:37:40 -06:00
aether.service Updating to include systemd timers 2023-07-15 22:34:00 -05:00
aether.timer Updating to include systemd timers 2023-07-15 22:34:00 -05:00
installscript Hardening permissions and adding existential check for aether user 2023-10-10 13:04:45 -05:00
make-user.bash Converting to Git 2016-08-04 11:15:34 -05:00
remote-backup Updating to include systemd timers 2023-07-15 22:34:00 -05:00

README.md

The Aether project is a way to back up server configuration, source code, and file lists to remote locations. These remote locations should be securely controlled by the same administrative staff as the server owner.

Etymology

The Aether project is the AniNIX's implementation of the "cloud." While its admins consider the computing cloud to be Computers Living On Unknown Datacenters, aka. with unknown controls and thereby insecure, distributing backups to many locations makes the AniNIX more resilient.

Dictionary.com translates Aether as the Greek personification of the clear sky, and this project lives a wide array of locations across the nebulous Internet, giving it no physical form to hold onto.

Installing

You have two options to install this project:

  • Arch Linux and related distributions: Install with makepkg or from AniNIX/Maat
  • Other operating systems: Run make install

Initial setup

To create the aether and aether.pub files, run "make keys". This should not be repeated.

Adding backup configurations

Individual projects wanting to be backed up by the Aether system should add a file to their package into /usr/local/etc/Aether/backups/.

Tracking Nodes

A SIEM filter should be set up to search for successful logins of the aether user.

Relevant Files and Software

Aether installs a script for rsync-based remote backups. We implement this policy through the two 8TB hard-drives, at least one of which is always off-site, that can be plugged into a hot-swap bay of a hypervisor along with a virtual machine that mounts the ArchLinux iso and the drive. Admins use the included ssh daemon in the iso to present the drive as a backup target, or the backup drive can be mounted directly onto Core via a SATA cage

An additional backup is the generated /home/aether/aether.enc file. This is a more targeted backup of databases and file indexes.

Keep in mind that all of AniNIX/Foundation is naturally a backup solution -- so long as anyone has a clone of the repo, the data survives. Aether should only be used to back up databases, such as the following:

  • Anope DB
  • PostgreSQL
  • Elasticsearch

One should have significant care before using the aether.enc solution for tools like AniNIX/Yggdrasil or AniNIX/Foundation.

Available Clients

The only client is direct server access on one of the client nodes.

Equivalents or Competition

Equivalent services are DropBox, Google Drive, iCloud, or OneDrive.

Notes

Those deploying Aether should track the /home/aether/.ssh/authorized_keys file strongly on the generating server, so that all keys are specifically tracked for their origin & who handles them.