> We're using rsync to mirror a hot drive in our main server to a cold drive > (one that is only mounted when backing up, and is briefly mounted read only > for per file restoration).
...which reminds me of a related problem of mine. On my own system, I'm using a fixed spare IDE hard drive for backups. Every night, Backup2l automatically mounts it, makes an incremental backup and then unmount it again. While not a remote backup scheme, this protects the system from most common destructive mistakes and malfunctions like "sudo rm -rf * - whoops, What whas I thinking?!!" or software that goes wild and does similar things. But: all the backups can be erased with one simple line: "dd if=/dev/zero of=/dev/<backup-disk>". :( Does anyone know any way to make this more difficult without introducing a remote host? Are there, for example, any Linux kernel options for "device access passwords" or such? - Jarno
