How to make a crash-proof backup for Manjaro

A few things you need to know about backups:

  • One copy does not constitute a good backup!
  • The most important to a good backup solution is an easy and fast restore!
  • Backup files should be stored on an external disk that gets connected to the system only during a backup or restore cycle so that RansomWare cannot encrypt your backup when it stumbles into your system through wine!
  • Alternatively, you can use a NAS directory that is protected by a password and that gets only mounted during a backup!
  • A Cold System Backup can also protect your dual/triple boot system (backing up all OSes including other Linux systems and Windows)!
  • If you encrypt your backup in the backup program itself, use an algorithmic password depending on date or just don't forget the password!

Therefore:

Make a Cold System Backup
  1. Download CloneZilla live

  2. Save the ISO in /opt/

  3. Edit etc/grub.d/40_custom file and add at the end:

    menuentry "CloneZilla ISO" {
      # The string between " and " below is the actual name of the ISO file you just downloaded
      # and copied to the /opt directory (where optional software resides)
      set ISOFile="/opt/clonezilla-live-20190707-disco-amd64.iso"
      loopback loop ($root)$ISOFile
      linux (loop)/live/vmlinuz boot=live components config findiso=$ISOFile ip=frommedia toram=filesystem.squashfs union=overlay
      initrd (loop)/live/initrd.img
    }
    
  4. Execute update-grub.

  5. Reboot and choose CloneZilla ISO from the grub menu

  6. Follow the CloneZilla Disk to image instructions

This way:

  • You have CloneZilla installed in a fully bootable environment on your local disk so you don't have to go hunt around for your CloneZilla USB stick to boot from. :innocent:
  • The CloneZilla live environment gets loaded into RAM and the backup solution doesn't interfere with your existing Manjaro system
  • If you ever need to do a Cold System Restore, it will be of a non-running system exactly as it was at the time of backup!
    (Remember: A backup system is all about the restore, not about the backup!) :wink:
  • You should attach an external drive during the backup / restore process but have it disconnected at any other time so even if anyone would ever design a RansomWare attack for Manjaro, the disk would not be there during the attack and your backup will still be intact.
  • Ensure big unimportant files:
    • are symlinked to a drive/partition that does not get backed up so that you still back up your /home's important configuration files and data files using CloneZilla.
    • Exclude unimportant files from your data backup too (See next section).
  • Using this system you can even back up your dual/triple boot environment together with your Manjaro environment if you want to! (Yeah, that includes Windows!)
Make a data backup

On top of the Cold System backup above you should still take a data backup every day / every couple of days because:

  • A Cold System backup is only needed in case of your system breaking and is a one-stop shop: everything gets restored and you cannot restore individual files!

  • A Data backup can be made to only back up modified files, so is blindingly fast compared to a Cold System Backup that backs up everything all of the time whether it's changed or not!

  • There are a lot of backup programs out there:

    • TimeShift package and TimeShift Manual
    • BackInTime Package and BackInTime Manual
    • But I like Borg Backup best because Borg Backup is a de-duplicating, compressing, encrypting backup program
      E.G. If you would have the same document stored in 2 directories, (E.G. a copy of a picture) it will only be backed up once (deduplication), and still get compressed (and encrypted) afterwards, resulting in much smaller backups that are much faster to take!
      Borg Backup Installation instructions
      • You need to have the AUR activated in pamac

      • Install Borg:

        pamac install borg
        
      • Create your first backup:

        • If you do not want encryption, change the --encryption=repokey where repokey is the password to your Borg repository to --encryption=none
        • In the below example we'll back up to /media/backup.
          If you want another mount point, just change that to whatever you like, just ensure it exists before you init your backup!
          Ensure that this mount point does not automount! (We do not want RansomWare to be able to encrypt our backups!)
          You can change the local repository to a remote Borg server accessible by ssh by just replacing /media/backup with user@hostname:backup
        • --stats is optional as it just creates a statistics page so if you don't like stats for everything, you can drop that.
          # Initialise repository
          borg init --stats --encryption=repokey /media/backup/
          # Change to home directory so we can use relative paths
          cd
          # create backup
          borg create --stats --progress --compression lzma,9 \
                      --exclude ".cache/" \
                      --exclude ".local/share/" \
                      --exclude ".config/borg/" \
                      --exclude "snap" \
                      --exclude "jimbo" \
                      --exclude "Examples" \
                      --exclude "Downloads" \
                      --exclude "Videos/*.avi" \
                      --exclude "Videos/*.mp4" \
                      --exclude "Videos/*.mkv" \
               /media/backup/{user}::{now:%Y-%m-%d} . 2>> /temp/"$USER"-bck.log
          
        • The above will create a backup of all the important files in your home directory, store them under your user name in the repository with today's date.
        • As it uses today's date as the unique backup identifier, the maximum amount of backups you can take is one per day!
        • If you want to go up to the nanosecond :wink: use this instead: {now:%Y-%m-%dT%H:%M:%S.%f}
        • See the section "Full backup" below on why we exclude directories instead of includeing them.
  • If you want to do an efficient data backup and you're not using Borg Backup you need to know about:

    Full Backup

    The very first time you take a backup, you'll have to take a backup of all your files (for a reasonable definition of all :innocent: ) and you do that by taking your entire home directory, excluding the directories that are not critical to you!
    Why use excludes instead of includes?
    Well, you can easily:

    • Re-install snaps
    • Re-download anything in Downloads
    • Can always reconvert your DVD collection of Star Trek, Star Gate and Babylon 5 :wink: :grin: and even your CD collection again! (no data loss as you still have the DVDs/CD you legally bought anyway.)
    • but it would be much more work to get your subtitles back that have been painstakingly edited after being OCRed and impossible to get your Documents / Pictures / ... back.

    so that's why in the Borg example above we excluded snap, Downloads, Videos/*.mkv.
    and if you would now create an additional directory like "Public" in your home directory that you publish using your personal samba share, it will be automatically included in your backup without having to do anything unless you also manually exclude it!

    Incremental Backup

    In the case of Borg, an incremental backup does not exist, as any backup is differential, but I've added it here for completeness for other backup programs.
    An incremental backup only backs up the files that changed since the last backup so that's blindingly fast (for most people, yes I know about DBs) so this is what most people do:

    • First Full backup
    • keep on making incremental backups

    until the day arrives they need to do a restore and then they find out they need to restore all of their backups!!!

    So if your backup program only allows Full and Incremental, dump it and take another backup program because it's all about the restore!

    Differential Backup

    This is the default in Borg because it's a de-duplicating backup system and the crucial difference between an incremental and differential backup is that a differential backup backs up all files since the last full backup.
    So you only have to worry about the space or time your differential backup is taking: if it starts taking up too much space or taking too much time, just make another full backup and restart the differentials.

    Backup schedules

    The most important question you have to ask yourself is:
    How much data can I afford to lose???
    A day? A week?? A month???
    Well that is your x: backup every x!!!

    With other backup programs, a daily differential and a weekly full backup (or a weekly differential and a monthly full, again depending on your personal x) will be fine.
    Whenever you need to restore, just restore your last full backup and then restore your last differential.

    With Borg this matters less: just backup every x days and just keep an eye on the total space it takes and do a:

    borg prune --stats --keep-last 10 /media/backup/
    

    every couple of months to keep the last 10 backups and a restore will still be a one-step process. You'll see with Borg that the difference between keeping the last 10 and 20 is not that big, so I generally keep the last 30 backups (and I back up every couple of days or after I've made important changes or before I leave on travel!)

How to do a restore?

Remember to test your restore before you actually need it! This forum is full of people that did take backups but could never do a restore because they encrypted the backup and forgot their password, excluded the wrong directories, did not include their ~/.config, ...

So if you do something:

  • stupid, like deleting a file and deleting it from the Wastebin: just restore that file from your data backup:
    # Restores entire archive and list files while processing
    $ borg extract --stats --list /media/Backup/{user}::{now:%Y-%m-%d}
    
  • really stupid, like breaking Manjaro: Just reboot, choose CloneZilla Live in your grub environment, restore the entire system from your last Cold System Backup (and restore the latest data backup if needed).
  • extraordinarily stupid, like screw up grub itself:
    • If you used the CloneZilla Tutorial instead of this one, you can skip this step:
      • Go to another machine and download CloneZilla live from there, burn it to a USB stick,
    • Go back to your sick computer, boot from the USB stick made above, and restore the entire system from there (and restore the latest data backup if needed)
If you are using wine,

make sure you setup a separate user account with minimal privileges and use this user just for running for wine applications. That way any ransomware or other malicious software can only access the contents of that user's home directory, and not of your main user. Never run wine as your main user (or, heaven forbid, root).

27 Likes
Newb: Does Timeshift + Deja Dup together back up my entire system?
Improving boot time.
HDD sentinel alternative for linux.
KDE restore desktop layout
Extending Manjaro
Super Newbie to Manjaro (assume I know nothing) Manjaro grub/boot seemingly intact, however system will not continue into my manjaro desktop
Timeshift delete when disk full
Can't update system
Manjaro et Bios corrompus (rien que ça!)
Has anyone used hardened malloc ? Pros and cons
HDMI port not working
HDD sentinel alternative for linux.
Can't change the default PDF reader app
Weird signs in the written words on files and folders after update
Dual Graphics ***AMD***& Nvidia best setup?
Optimus Switch
KDE Plasma Desktop crashes to black screen?
Wo ist die 2. Festplatte?
Installing Nvidia bumblebee on manjaro 18 kernel 5.4.6-2
New user, a bit overwhelmed, seeking advice
How do I copy my setup for when I install Manjaro again?
New user, a bit overwhelmed, seeking advice
Accidentally uninstalled everything, reinstalled it weirdly, now in a weird state
Error when trying to repair the grub
No internet connection after packages update.
No internet connection after packages update.
Idea: Recovery partition
Load kernel after update...
I cant print since 5.5.6 and expressvpn
Installing official-kde/gnome/xfce iso with systemd-boot?
Old Manjaro Partition not Accessible
Samsung Keyboard Backlight
Pas d'accès au BIOS depuis l'installation de Manjaro
Frozen Login screen
Pas d'accès au BIOS depuis l'installation de Manjaro
I can't use or uninstall snap applications
Black screen after login but with visible cursor and responsive desktop, help!
Cannot login because theme not found (unable to access fn keys MBP)
WiFi stopped working, suddenly
WiFi stopped working, suddenly
Installing ncurses5-compat-libs
[Stable-Update] 2020-04-08 - Kernels, Pamac, Plasma, Mesa, Nvidia, Firefox, Haskell, Python
[Stable-Update] 2020-04-08 - Kernels, Pamac, Plasma, Mesa, Nvidia, Firefox, Haskell, Python
Manjaro won't boot on text only console
Installing Manjaro over an existing encrypted Btrfs volume
Apps that "beautify" your desktop experience
UEFI not working after Manjaro installation (but booting works fine)
Vmetal
UEFI not working after Manjaro installation (but booting works fine)
Intel 8260 Wifi - No network connections after recent update
Dolphin manager decided to change to hebrew
How can I extend my Manjaro partition? (from Windows to Manjaro)
use nvidia on xps 7590 from fresh install
Kde freezing at login after sleep
unneeded Fonts installed
Boot Message after “RAID: Clean”-Message: “Failed to send exit request: Connection refused”
SSD problem (with kernel 5.6 maybe?)
Gnome doesn't snap windows
NTFS file recovery
KDE Plasma Desktop crashes to black screen?
Load kernel after update...
Samsung Keyboard Backlight
Affichage graphique décalé/strie
Bleachbit Not Opening
[Stable Update] 2020-05-31 - Kernels, Toolchain, KDE Apps, Gnome, Cinnamon, Deepin
Can't boot encrypted manjaro anymore
Lenovo R7000 external screen tearing on VESA driver
Lenovo R7000 external screen tearing on VESA driver
How to image / clone a Manjaro Kde partition? (Clonezilla and dd are too difficult for me)
Manjaro Install Forensics
Trouble with a partition
Resize w/o breaking the boot process
System boots into blackscreen with mouse pointer
justcloud
Hello install again Cpu ,Gpu Lenovo
No Booting (after program delete): Light Display Manager deleted through dependencies
Revert manjaro vanilla gnome session

moved to #technical-issues-and-assistance:tutorials

2 Likes

If you are using wine, make sure you setup a separate user account with minimal privileges and use this user just for running for wine applications. That way any ransomware or other malicious software can only access the contents of that user's home directory, and not of your main user. Never run wine as your main user (or, heavens forbid, root).

https://wiki.archlinux.org/index.php/Wine#Running_Wine_under_a_separate_user_account

2 Likes

Thank you! Edit it into the original!

:innocent:

Forum kindly sponsored by