Is a ransomware attack likely on ubuntu/linux? Assuming it is a possibility I've been looking at ways of securing myself on my stand-alone pc. I have a 'working' HD and a second HD I use for backup; and use rdiff-backup as my means of performing the actual backup. I have a custom icon that I use/click on when I want to shutdown the pc. This icon runs a script that runs rdiff-backup and then shuts down the pc when the backup is finished. Over the past months I've read, every now again, the model where a backup machine 'pulls' the data off a live machine using all sorts of tools including cron. This seems to me a very good model to protect against ransomware like attacks (the backup up device/machine is not connected to the live machine) but not that practical for a stand alone Desktop that is switched on and off at random times. In order to try and simulate the 'pull' model as closely as I can this is what I have done.
- Left my existing fstab 'as is' with the two HDs configured as normal
- Created a script that is run as part of the boot process (put an entry in Startup Applications - running Ubuntu Mate) that runs a command that unmounts the backup HD*
- Amended my rdiff-backup script so that the first thing it does is mount the backup HD and then runs the backup**
* when my Desktop boots the backup HD is unmounted but I've put a 3 secs delay before the umount script is run.
** Not sure whether this is necessary but the script runs the mount command, waits 3 secs, then runs the rdiff-backup command, then waits 2 secs to runs the shutdown command.
At the moment this model works but I'm not sure if it is the best way of achieving a Desktop/pull way of working. Also, for reasons I cannot explain I've put 3 sec and 2 sec delays between mount,rdiff-backup,shutdown in my script.
Bookmarks