[HowTo] make a crash-proof backup in Manjaro for your entire system

Difficulty: ★★☆☆☆

  • If you follow the tutorial completely, you will be able to create a backup of your entire system not only limited to Manjaro, but also including Windows, RHEL, Ubuntu, … and whatever else you might have installed on your system! :clap:
  • Even if you replace your HDD by an SSD, your HDD crashes, your entire system gets stolen, … you can always restore a Cold System backup to an identical system (You cannot restore E.G. a Dell XPS onto a Dell PowerEdge and then expect that to work without having to change anything, of course!)

A few things you need to know about backups:

  • One copy does not constitute a good backup!
  • Backing up is not about the backup itself, it’s all about the easy and fast restore!
  • Backup files should be stored on an external disk that gets connected to the system only during a backup or restore cycle so that RansomWare cannot encrypt your backup when it stumbles into your system through wine ¹
  • Alternatively, you can use a NAS directory that is protected by a password and that gets only mounted during a backup (or restore) cycle!
  • A Cold System Backup can also protect your dual/triple boot system (backing up all OSes including other Linux systems and even Windows)!
  • If you encrypt your backup in the backup program itself, use an algorithmic password depending on date and don’t forget the password!

How to make a Cold System Backup

Click the triangle to expand this section
  1. Download CloneZilla live

  2. Save the ISO in /opt/

  3. Edit the /etc/grub.d/40_custom file and add at the end:

    menuentry "CloneZilla ISO" {
      # The string between " and " below is the actual name of the ISO file you just downloaded
      # and copied to the /opt directory (where optional software resides) and is the current 
      # version as of the last edit to this [HowTo].
      set ISOFile="/opt/clonezilla-live-2.7.0-10-amd64.iso"
      loopback loop ($root)$ISOFile
      linux (loop)/live/vmlinuz boot=live components config findiso=$ISOFile ip=frommedia toram=filesystem.squashfs union=overlay
      initrd (loop)/live/initrd.img
    }
    
  4. Where clonezilla-live-2.7.0-10-amd64.iso is the exact file name of the version you downloaded. (E.G. If you downloaded clonezilla-live-20201102-groovy-amd64.iso, use that instead! :wink:

  5. If you want to show the GRUB menu, open these instructions
    • If you want to ensure GRUB shows a menu for 5 seconds so you don’t have to press Shift when booting, ensure the following lines are present:

      GRUB_TIMEOUT=5
      GRUB_TIMEOUT_STYLE=menu
      
    • If you want GRUB to remember the last choice you made from the menu, ensure these lines are present:

      GRUB_DEFAULT=saved
      GRUB_SAVEDEFAULT=true
      
  6. Execute update-grub .

  7. Reboot and choose CloneZilla ISO from the grub menu

  8. Follow the CloneZilla Disk to Image instructions

  9. If you insist on using a CloneZilla Partition to Image and you have more than one system partition in your set-up, please include all of them in your selection. I.E.

    • If you separate your Windows System in a C:-drive for the system, D:-drive for your Program Files and E:-drive for date, include both the C: and D: partitions.
    • If you separate your Linux system in /, /boot, /opt, /usr/, /usr/local, /var and /home include at least the /, /boot, /opt, /usr/, /usr/local, /var partitions.

This way:

  • You have CloneZilla installed in a fully bootable read-only environment on your local disk so you don’t have to go hunt around for your CloneZilla USB stick to boot from. :innocent:
  • The CloneZilla live environment gets loaded into RAM to ensure this backup solution doesn’t touch your existing Manjaro system (including other OSes in a multi-boot environment) as it will only read them… :wink:
  • If you ever need to do a Cold System Restore, it will be of a non-running system exactly as it was at the time of backup!
    (Remember: A backup system is all about the restore, not about the backup!) :wink:
  • You should connect/mount an external drive (or NAS mountpoint) during the backup / restore process but have it disconnected at any other time so even if anyone would ever design a RansomWare attack for Manjaro, your backup disk / NAS will not be available during the attack so your backup cannot be impacted.
  • Ensure big unimportant files:
    • are symlinked to a drive/partition that is not a part of the Cold System Backup so that you still back up your /home 's important configuration files and data files using CloneZilla. (or split / and /home and use CloneZilla only for / and a data backup program for /home)
    • Exclude unimportant files from your data backup too (See next section).
  • Using this methodology allows you to easily back up your entire dual/triple boot environment while backing up your Manjaro environment if you want to! (Yeah, that includes Windows!)

Make a data backup

Click the triangle to expand this section

On top of the Cold System Backup above you should still take a data backup every day / every couple of days because:

  • A Cold System Backup is only needed in case of your system breaking and is a one-stop shop: everything gets restored and you cannot restore individual files!

  • A Data backup can be made to only back up modified files, so is blindingly fast compared to a Cold System Backup that backs up everything all of the time whether it’s changed or not!

  • There are a lot of backup programs out there:

    Borg Backup Installation instructions
    • Install Borg:

      pamac install borg
      
    • Create your first backup:

      • If you do not want encryption, change the --encryption=repokey below to --encryption=none (where repokey is the password to your Borg repository)

      • In the below example we’ll back up the current user’s ~ (=home directory) to /media/backup.
        (If you want another mount point, just change that to whatever you like, just ensure it exists before you init your backup! :stuck_out_tongue_winking_eye: )

      • Ensure that this mount point does not automount! (We do not want RansomWare to be able to encrypt our backups!)

      • You can change the local repository to a remote server accessible by ssh by just replacing /media/backup with user@hostname:backup

      • --stats is optional as it just creates a statistics page so if you don’t like stats for everything, you can drop that.

        # Initialise repository
        borg init --encryption=repokey /media/backup/{user}
        # Change to home directory so we can use relative paths
        cd
        # create backup
        borg create --stats --progress --compression lzma,9 \
                    --exclude ".cache/" \
                    --exclude ".local/share/" \
                    --exclude ".config/borg/" \
                    --exclude "snap" \
                    --exclude "jimbo" \
                    --exclude "Examples" \
                    --exclude "Downloads" \
                    --exclude "Videos/*.avi" \
                    --exclude "Videos/*.mp4" \
                    --exclude "Videos/*.mkv" \
             /media/backup/{user}::{now:%Y-%m-%d} . 2>> /var/tmp/"$USER"-bck.log
        
      • The above will create a backup of all the important files in your home directory, store them under your user name in the repository with today’s date.
        The directory /media/backup/$USER must be created and your user must have rw access to this directory so you can easily replicate the same backup system to other computers in your network.

      • As it uses today’s date as the unique backup identifier, the maximum amount of backups you can take is one per day!

      • If you want to go up to the nanosecond :wink: change this: {now:%Y-%m-%d} to that: {now:%Y-%m-%dT%H:%M:%S.%f}

      • it will save your log file to /var/tmp/ which is an FHS standard permanent temporary directory. Choose your own log directory for this one.
        See the section “Full backup” below on why we exclude directories instead of including them.

  • If you want to do an efficient data backup and you’re not using Borg Backup you need to know about:

Full Backup

The very first time you take a backup, you’ll have to take a backup of all your files (for a reasonable definition of all :innocent: ) and in this tutorial we do that by taking one single user’s home directory, excluding the directories that are not critical to this example user!
(If you want to take a backup of all users on your computer, ignore ~ (=home directory) and use /home instead (=all of the user’s home directories).
Why use excludes instead of includes?
Well, you can easily:

  • Re-install snaps
  • Re-download anything in Downloads
  • Can always reconvert your DVD collection of Star Trek, Star Gate and Babylon 5 :wink: :grin: and even your audio CD collection again! (no data loss as you still have the DVDs/CD you legally bought anyway.)
  • but it would be much more work to get the subtitles back that you have been painstakingly editing after having them OCRed and it would be impossible to get your Documents / Pictures / … back.

so that’s why in the Borg example above we excluded snap , Downloads , Videos/*.mkv .
and if you would create an additional directory like “Public” in your home directory that you decide to publish using samba, it will be automatically included in your backup without having to do anything unless you also manually exclude it!

Incremental Backup

In the case of Borg, an incremental backup does not exist, as any backup (except your very first one) is always differential (see next section), but I’ve added it here for completeness for other backup programs.
An incremental backup only backs up the files that changed since the last backup so that’s blindingly fast ² so this is what most people do:

  • First Full backup
  • keep on making incremental backups

until the day arrives they need to do a restore and then they find out they need to restore all of their backups !!!

So if your backup program only allows Full and Incremental, dump it and take another backup program because backing up is all about the restore!

Differential Backup

The crucial difference between an incremental and differential backup is that a differential backup backs up all files since the last full backup .
So you only have to worry about the space or time your differential backup is taking: if it starts taking up too much space or taking too much time, just make another full backup and restart the differentials.
This is the default in Borg because it’s a de-duplicating backup system, so you should prune your backups once in a blue moon.

Backup schedules

The most important question you have to ask yourself is:
How much data can I afford to lose???
A day? A week?? A month???
Well that is your x : backup every x !!!

With other backup programs, a daily differential and a weekly full backup (or a weekly differential and a monthly full, again depending on your personal x ) will be fine.
Whenever you need to restore, just restore your last full backup and then restore your last differential.

With Borg this matters less: just backup every x days and just keep an eye on the total space it takes and do a:

borg prune --stats --keep-last 10 /media/backup/

every couple of months to keep the last 10 backups and a restore will still be a one-step process. You’ll see with Borg that the difference between keeping the last 10 and 20 is not that big, so I generally keep the last 30 backups (and I back up every couple of days or after I’ve made important changes or before I leave on travel! )

How to do a restore?

Click the triangle to expand this section

Remember to test your restore before you actually need it! This forum is full of people that did take backups but could never do a restore because they encrypted the backup and forgot their password, excluded the wrong directories, did not include their ~/.config , …

So if you do something:

  • stupid , like deleting a file and deleting it from the Wastebin : just restore that file from your data backup:

    # Restores entire archive and list files while processing
    $ borg extract --stats --list /media/Backup/{user}::{now:%Y-%m-%d}
    
  • really stupid , like breaking Manjaro: Just reboot, choose CloneZilla Live in your grub environment, restore the entire system from your last Cold System Backup (and restore the latest data backup if needed).

  • extraordinarily stupid , like screw up grub itself:

    • If you used the CloneZilla Tutorial instead of this one, you can skip this step:
      • Go to another machine and download CloneZilla live from there, burn it to a USB stick,
    • Go back to your sick computer, boot from your CloneZilla USB stick, and restore the entire system from there (and restore the latest data backup afterwards if needed)
  • And if you’re just unlucky :grin: and get the following error when restoring::

    Failed to create initrd in the restored os
    

    just:

    • switch to TTY2 by pressing Ctrl+Alt+F2

    • execute this:

      sudo mkinitcpio --preset $(awk -F . '{print "linux"$1$2}' <<< "$(uname -r)")
      

If you are using wine :wine_glass:

Click the triangle for some extra details on wine

make sure you setup a separate user account with minimal privileges and use this user just for running your wine applications. That way any Windows ransomware or other malicious software can only access the contents of that user’s home directory, and none of the other users.

Never run wine as your main user (or, heaven forbid, root).

Note 1: Original link not available any more. In a nutshell: if you install wine, you’re opening up your system to Windows malware that uses the Windows API only…
Note 2: For most people anyway and yes I know about large databases which do not fall into this category.

66 Likes

6 posts were split to a new topic: This Live System image failed to boot

The responses to improve this tutorial have been deleted to keep things neat for new users to this thread.

  • If you have an improvement to this tutorial, please post a response here.
  • If you have an issue implementing this tutorial, please post in #support:3rd-party-applications and link to this thread, please.

:+1:

I’m starting the process of replacing Windows (with Manjaro KDE) for my parents and my partner’s PC’s (x3 migrations)… I have a couple questions that may help flush out this tutorial. Apparently I missed adding the GRUB edits from the “How to make a Cold System Backup” section to my notes :man_shrugging:

  1. Step #5 's edits occur within the /etc/default/grub file, correct? i.e. $ sudo nano /etc/default/grub
  2. Just so I fully understand… is Step #6’s $ sudo update-grub required because of the changes made in Step #3 to /etc/grub.d/40_custom, Step #5 to /etc/default/grub, or would changes to either/both files require grub to be updated?

Yes.

Every single mentioned change would already require

sudo update-grub

once after all changes have been made.

2 Likes