An attacker could mess up the original file that is pulled by the backup servers, but I'm not too worried about that happening. Old backups can be stored for at least a week or two.
Yes, but it is also easy to do automatic MD5/SHA1/SHA256 signing of every file. So this is a non-issue really.
Just add 5 more lines to backup script.
The server now makes daily backups automatically, but doesn't rsync them yet. Bzipped size about 50 MB.
Awesome. I can create a backup site myself easily.
Also, here is the examplary RSYNC command to backup a folder of one server to another:
# rsync -rltgoDvzx firstname.lastname@example.org:/remote/backup/folder/path /path/to/local/backup/folder --inplace
If you want to check what will the command do, without actually executing it, add "-n" parameter, which will do a so-called DRY RUN:
# rsync -rltgoDvzx -n email@example.com:/remote/backup/folder/path /path/to/local/backup/folder --inplace
If the remote sever is on a different port than standard 22, then use this:
# rsync -rltgoDvzx -n firstname.lastname@example.org:/remote/backup/folder/path /path/to/local/backup/folder --inplace -e 'ssh -ax -c blowfish -p 40022'
This is also a dry run, no files will be transferred. 40022 is naturally the port number and blowfish is type of encryption used for connection (it's the fastest one for transferring files).
" parameters will make rsync transfer entire directory recursively with all possible subdirectories, without files/dirs from other mounted volumes
in the path.
Try # man rsync
to see what all the options mean.