- Home
- Skills
- Mikr13
- Secure Server Setup Skills
- Backup Strategy
backup-strategy_skill
- Shell
4
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill mikr13/secure-server-setup-skills --skill backup-strategy- SKILL.md12.1 KB
Overview
This skill automates a reliable backup strategy for VPS servers using scheduled snapshots, off-server storage, encryption, and retention policies. It provides scripts and procedures to create, verify, transfer, and restore backups so you can recover quickly from failures or compromises. The focus is on practical, repeatable steps that work with standard tooling (tar, rsync, mysqldump, pg_dump, AWS CLI, SCP, GPG).
How this skill works
The skill offers shell scripts and cron schedules to create compressed archives or incremental snapshots of critical directories, perform database dumps, encrypt results, and transfer backups off the VPS (S3 or remote host). It enforces retention using age-based pruning, verifies archive integrity, and supports alerting when backups are missing or fail. Restoration procedures and verification commands are included so restores can be executed and tested reliably.
When to use it
- Setting up backups for a new VPS
- Implementing a disaster recovery plan or business continuity process
- Protecting data against ransomware or accidental deletion
- Meeting data retention or compliance requirements
- Ensuring quick rebuilds after a compromise
Best practices
- Always send backups off-server (S3, remote host, NAS). Do not store primary backups on the same machine.
- Encrypt backups containing sensitive data and keep separate decryption keys.
- Keep a retention policy balanced between storage cost and recovery point needs (e.g., daily x30, weekly x12).
- Schedule verification runs and periodic test restores, not just backups.
- Restrict backup file permissions and avoid storing credentials on the backed-up server.
Example use cases
- Daily tar-based full backups of /etc, /home, /var/www with 30-day retention and S3 upload.
- Nightly MySQL or PostgreSQL dumps compressed and rotated weekly, then copied to remote backup host via SCP.
- Incremental rsync snapshots with hard-linking to save space and keep last 10 snapshots.
- GPG-encrypted backups for off-site storage when transporting via S3 or external provider.
- Cron job that emails admin on failure and a monitor that alerts if last backup is older than threshold.
FAQ
Scripts use standard POSIX and common Linux tools; adapt commands (tar, rsync, mysqldump, pg_dump, gpg) for other Unix-like systems or replace with provider-specific APIs.
How do I avoid backing up sensitive credentials?
Store backup credentials off the server (use IAM roles or vaults), avoid plain-text passwords in scripts, and limit access to backup files with strict permissions.