Menü schliessen
Created: June 26th 2024
Last updated: June 26th 2025
Categories: Linux
Author: Marcus Fleuti

Ultimate Linux Full System Backup: Secure encrypted Live Image Backups with free OpenSource Software and Backup Monitoring

Tags:  backup automation,  backup compression,  backup restoration,  backup script,  Bash Scripting,  cloud backup integration,  cron jobs,  data encryption,  data protection,  disk imaging,  email notifications,  FSArchiver,  full system backup,  Linux administration,  Linux backup,  Linux security,  live image backup,  LVM backup,  multi-disk backup,  open-source backup,  performance tuning,  RAID backup,  server backup,  SSMTP,  system administration,  system image,  system recovery
Donation Section: Background
Monero Badge: QR-Code
Monero Badge: Logo Icon Donate with Monero Badge: Logo Text
82uymVXLkvVbB4c4JpTd1tYm1yj1cKPKR2wqmw3XF8YXKTmY7JrTriP4pVwp2EJYBnCFdXhLq4zfFA6ic7VAWCFX5wfQbCC

Secure Live Linux System backups without rebooting - Open Source Free Software - E-Mail Monitoring - Encrypted Backups

In the world of Linux system administration, ensuring data integrity and system availability is paramount. Our enhanced open-source backup script addresses these critical needs by offering a powerful combination of advanced features that set it apart from traditional backup methods. And it's all free! 😉

At the heart of this solution is the ability to create full partition backups of your Linux system while it's running, eliminating the need for disruptive reboots. This live backup capability ensures that your services remain available and productive, even during the backup process.

The latest version introduces intelligent multi-drive backup selection, automatically choosing the optimal backup destination from your configured local and network drives. This smart selection algorithm ensures balanced backup distribution and maximizes storage efficiency across your infrastructure.

Security is a top priority in our backup strategy. The script implements optional strong encryption for your backups, safeguarding your sensitive data from unauthorized access. This encryption, coupled with best practices for secure storage, provides a robust defense against data breaches and ensures the confidentiality of your backups.

To keep you informed about the status of your backups, we've integrated a comprehensive email monitoring system with automatic configuration validation. This feature provides real-time notifications about backup successes, failures, interruptions, and any potential issues that may require your attention. With this proactive monitoring, you can rest assured that your backup processes are functioning as expected and quickly address any problems that arise.

The script now features automatic versioning with timestamped backups and intelligent cleanup of old versions, ensuring you maintain optimal storage usage while retaining the necessary backup history. Each backup receives a unique timestamp, and the system automatically manages retention based on your configured preferences.

Furthermore, this script is capable of creating on-the-fly backups of LUKS (Linux Unified Key Setup) encrypted volumes, ensuring that even your most sensitive encrypted data can be backed up securely without compromising its protection.

One of the standout features of this backup tool is its ability to restore backups on volumes smaller than the original source volume. This flexibility allows for easier migration to smaller drives or partitions, making it an invaluable tool for system upgrades and storage management.

The enhanced version includes comprehensive signal handling and graceful interruption management, ensuring that incomplete backups are properly cleaned up and temporary mount points are automatically managed when the process is interrupted or terminated.

Best of all, this powerful backup solution is available as free, open-source software. This not only makes it accessible to all Linux users but also allows for community-driven improvements and customizations to meet specific backup needs.

Let's dive into the details of this robust, secure, and efficient Linux backup solution that keeps your systems protected without interrupting your operations.

For Linux system administrators and power users, finding a reliable and efficient full system backup solution can be challenging. Many seek a method to create complete system image backups while the system is running, avoiding the need for downtime or reboots. In this comprehensive guide, we'll explore our enhanced FSArchiver script that allows you to perform live full system backups on Linux with intelligent drive management and comprehensive automation.

Comparison with Other Backup Solutions

Feature This Script dd Clonezilla
Live Backup Yes Limited No
Intelligent Drive Selection Yes No No
Network Drive Support Yes No Limited
Automatic Versioning Yes No No
Compression Yes (ZSTD) No Yes
Encryption Yes No Yes
Email Notifications Yes No No
Signal Handling Yes No Limited
Selective Backup Yes No Yes
LUKS Volume Backup Yes Limited Yes
Restore to Smaller Volumes Yes No Limited

Overview: Key Features of the Enhanced FSArchiver Backup Script

  • Live system backups without rebooting
  • Intelligent multi-drive backup selection with automatic optimal drive selection
  • Network drive support for SMB/CIFS and NFS storage
  • Automatic versioning with timestamped backups and configurable retention
  • Full disk image creation while the computer is running
  • Comprehensive signal handling with graceful interruption management
  • Multi-layer error detection and validation
  • Open-source and free to use
  • Customizable for different partitions and drives
  • Enhanced email notifications for backup status, errors, and interruptions
  • Optional secure encrypted backups for enhanced security
  • SSMTP configuration validation with automatic setup verification
  • Extensive built-in path exclusions for optimal backup efficiency

Understanding the Enhanced FSArchiver Backup Script

Visit our GitHub repository for the latest version of the script:

Go to GitHub Repository

Key Components Explained

1. Root Privileges Check

The script ensures it's run with root privileges, which are necessary for accessing all system files and partitions.

2. Intelligent Drive Selection

The script automatically selects the best available backup drive from your configured list of local and network drives, choosing the drive with the oldest newest backup to distribute backup load efficiently.

3. Multi-Drive Configuration

An enhanced configuration system supports both local drives (UUID-based) and network drives (SMB/CIFS, NFS), allowing flexible backup target management.

4. Automatic Versioning System

Each backup receives a unique timestamp (YYYYMMDD-HHMMSS format), and the script automatically manages old backup cleanup based on your configured retention policy.

5. Signal Handling and Interruption Management

Comprehensive signal handling ensures graceful shutdown, cleanup of incomplete backups, termination of running processes, and removal of temporary mount points when interrupted.

6. Enhanced Email Notification System

The script provides three types of email notifications:

  • Success notifications with runtime statistics
  • Error alerts with detailed diagnostic information
  • Interruption notices when backups are manually stopped

7. SSMTP Configuration Validation

Automatic validation of SSMTP configuration ensures email notifications will work properly before starting the backup process.

8. Comprehensive Path Exclusions

Built-in extensive exclusion list covering cache directories, temporary files, log files, development directories, virtual filesystems, and container data.

9. Multi-Layer Error Detection

The script implements multiple validation layers:

  • FSArchiver process exit code monitoring
  • Log file analysis for error patterns
  • Backup file existence and size validation
  • Mount point cleanup verification

10. Network Drive Support

Native support for network storage solutions including SMB/CIFS shares and NFS mounts with automatic connectivity and permission validation.

Installing and Configuring SSMTP

To enable email notifications, you'll need to install and configure SSMTP. The script now automatically validates your SSMTP configuration:

1. Installation

sudo apt install ssmtp

2. Configuration

sudo nano /etc/ssmtp/ssmtp.conf

Add or modify the following lines:

mailhub=your-mailserver.tld:587
hostname=your-desired-hostname
FromLineOverride=YES
UseSTARTTLS=YES
UseTLS=NO
AuthUser=your-username@your-domain.tld
AuthPass=your-email-account-password

Note: If you're using SSL Port 465, you may need to use UseTLS=YES instead of UseSTARTTLS=YES. The script will automatically validate your configuration and provide specific error messages if settings are missing or incorrect.

Test the SSMTP configuration

Use this code to quickly and easily test your SSMTP configuration on the console. If it does not work, check out your syslog.

SSMTP Test Syntax

Copy/paste the following code on your terminal, change the MAIL_FROM and MAIL_TO e-mail addresses and execute it. SSMTP should send the e-mail:

MAIL_FROM="sender@example.com" MAIL_TO="recipient@example.com" && echo -e "From: $MAIL_FROM\nTo: $MAIL_TO\nSubject: SSMTP Test Email\n\nThis is a test email sent using ssmtp." | ssmtp -t

Monitor the Syslog

If you did not receive any e-mail, check the syslog. On most system it's either:

tail -F /var/log/syslog

or

tail -F /var/log/messages

Implementing the Enhanced Backup Script

  1. Option 1 - Clone from GitHub (Recommended):
    git clone https://github.com/lexo-ch/fsarchiver-encrypted-full-system-backup-script-with-email-monitoring.git
    cd fsarchiver-encrypted-full-system-backup-script-with-email-monitoring

    Option 2 - Manual Creation:
    Copy the entire script into a new file, e.g.: fsarchiver_backup.sh

  2. Make the script executable: chmod +x fsarchiver_backup.sh (or chmod +x backup_script.sh if using GitHub version)
  3. Configure the backup parameters in the script:
    • BACKUP_PARAMETERS: Define your backup sources and targets
    • BACKUP_DRIVE_UUIDS: Add UUIDs of local drives and network paths
    • VERSIONS_TO_KEEP: Set how many backup versions to retain
    • Email settings: Configure sender, recipient, and message templates
  4. For encrypted backups, create the password file: sudo nano /root/backup-password.txt and enter your desired encryption password (optional).
  5. Run the script as root: sudo ./fsarchiver_backup.sh

Multi-Drive Configuration

The enhanced script supports multiple backup drives with intelligent selection:

Local Drives (UUID-based)

BACKUP_DRIVE_UUIDS=(
    "12345678-1234-1234-1234-123456789abc"     # Your USB drive UUID
    "87654321-4321-4321-4321-cba987654321"     # Your external drive UUID
)

Network Drives

BACKUP_DRIVE_UUIDS=(
    "//your-server.local/backup"               # SMB/CIFS share
    "192.168.1.100:/mnt/backup"               # NFS mount
)

Mixed Configuration

BACKUP_DRIVE_UUIDS=(
    "12345678-1234-1234-1234-123456789abc"     # Local USB drive
    "//your-server.local/backup"               # SMB network drive
    "192.168.1.100:/mnt/backup"               # NFS network drive
)

The script automatically detects drive types and selects the optimal drive based on backup age analysis.

Scheduling Automated Backups

To schedule regular backups, you can use cron jobs. Here's how to set up a weekly backup:

  1. Open the crontab file for editing: sudo crontab -e
  2. Add the following line to run the backup every Sunday at 2 AM: 
    0 2 * * 0 /path/to/fsarchiver_backup.sh
  3. Save and exit the editor.

Script Dependencies

This backup script relies on several system utilities to function correctly. Key dependencies include:

  • fsarchiver: The core backup utility
  • findmnt: Used to determine device paths and filesystem information
  • ssmtp: For email notifications
  • standard utilities: df, lsblk, stat, etc.

The script now includes comprehensive dependency checking and will provide specific installation instructions if any required utilities are missing.

If you run the script and see an error message about findmnt not being found, you can install it using:

sudo apt update
sudo apt install util-linux

Handling Encrypted LUKS Volumes

Our enhanced backup script continues to work seamlessly with LUKS (Linux Unified Key Setup) encrypted volumes. The script can back up LUKS volumes without requiring any special configuration, as long as the volumes are properly mounted:

  1. LUKS Configuration: Ensure that your LUKS volumes are properly set up and mounted before running the backup script.
  2. Mount Point: Make note of the mount point where your LUKS volume is mounted.
  3. Backup Parameters: Add an entry to the BACKUP_PARAMETERS associative array for your LUKS volume: 
    BACKUP_PARAMETERS["LUKS_Volume"]="backup-luks:/media/username/VolumeName"

    The script will automatically create timestamped backup files and manage versioning.

The script will automatically determine the correct device path for your LUKS volume and create secure backups while maintaining encryption integrity.

Enhanced Troubleshooting

The script now provides comprehensive error reporting and troubleshooting:

  1. Permission Denied Errors: The script checks for root privileges on startup.
  2. Email Notifications Not Working: Automatic SSMTP configuration validation with specific error messages.
  3. Drive Selection Issues: Detailed drive detection information and availability reporting.
  4. Network Drive Problems: Automatic connectivity and permission testing for network drives.
  5. Backup Validation Failures: Multi-layer validation with detailed error reporting.
  6. Interruption Handling: Graceful cleanup with interruption notifications.
  7. Mount Point Issues: Automatic fsarchiver mount point detection and cleanup.

Performance Tuning

The script uses configurable ZSTD compression with intelligent defaults:

ZSTD_COMPRESSION_VALUE=5  # Default balanced setting

Compression Level Guidelines:

  • 0: No compression (fastest)
  • 1-4: Fast compression, lower ratios
  • 5-10: Balanced compression and speed (recommended)
  • 11-15: Higher compression, slower speed
  • 16-22: Ultra compression (very slow, use with caution)

Adjust the ZSTD_COMPRESSION_VALUE in the script configuration to balance between backup size and speed for your specific needs.

Cloud Integration

To integrate with cloud storage, you can use tools like rclone. The script's timestamped backups make cloud synchronization straightforward:

# Add to end of script or separate sync script
rclone copy /path/to/backup-drive remote:backup-folder --include "*.fsa"

FSArchiver Options Explained

  • -o: Overwrite the output file if it already exists
  • -v: Verbose mode, shows detailed progress
  • -A: Allow to save a filesystem which is mounted in read-write
  • -j$(nproc): Use multiple threads for compression (number of CPU cores)
  • -Z[level]: Set ZSTD compression level (0-22, configurable)
  • -c: Create an encrypted archive (optional)
  • --exclude: Exclude paths from backup (extensive built-in list)

Advanced Features

Automatic Version Management

The script creates timestamped backups and automatically manages versions:

backup-root-20250626-143022.fsa
backup-root-20250625-143015.fsa
backup-efi-20250626-143025.fsa

Drive Health Monitoring

The script analyzes backup ages across all configured drives and selects the drive that most needs updating, ensuring balanced usage and optimal backup freshness.

Comprehensive Path Exclusions

Built-in exclusion patterns cover:

  • Cache directories (all variants: cache, Cache, .cache, etc.)
  • Temporary files and directories
  • Log files and system logs
  • Development directories (node_modules, build, etc.)
  • Virtual filesystems (/proc, /sys, /dev, /run)
  • Container data directories
  • Application caches (Flatpak, Snap, browser caches)

Security Best Practices

  1. Encryption Key Management: Store password files on encrypted volumes with restricted permissions (600 or 400).
  2. Network Security: Use secure protocols (HTTPS, SSH) for network drive access.
  3. Access Control: Limit script execution to authorized users only.
  4. Backup Storage: Store backups in multiple secure locations with proper access controls.
  5. Regular Testing: Periodically test backup restoration procedures.
  6. Monitoring: Review backup logs and email notifications regularly.

Restoring from Backups

To restore a backup, use the following command:

sudo fsarchiver restfs /path/to/backup-root-20250626-143022.fsa id=0,dest=/dev/sdXY

Replace the backup file path with your specific timestamped backup and /dev/sdXY with the target partition.

For restoring the data, the fsarchiver team recommends using this rescue system:

https://www.system-rescue.org/

Disclaimer and Liability

Important: This script is provided as-is, without any warranty or guarantee. Users should understand that they are using this script at their own risk. LEXO does not take any responsibilities or liabilities for any data loss, system damage, or any other issues that may arise from the use of this script. It is strongly recommended to thoroughly test the script in a non-production environment before using it on critical systems. Always ensure you have multiple backups of your important data using various methods.

Conclusion

This enhanced FSArchiver-based backup script offers a powerful, intelligent, and flexible solution for Linux users seeking a reliable way to create full system backups without rebooting. The new features including intelligent drive selection, automatic versioning, comprehensive signal handling, and network drive support make it suitable for both single-machine and enterprise environments.

By leveraging open-source tools and advanced automation features, you can ensure your critical data is protected while maintaining system uptime and operational efficiency. The script's ability to handle multiple drives, network storage, and complex backup scenarios makes it an ideal foundation for comprehensive backup strategies.

Remember to regularly test your backups and restore processes to ensure the integrity of your data and the effectiveness of your backup solution. With proper implementation and maintenance, this enhanced script can significantly improve your Linux system's data protection capabilities while providing the flexibility and reliability needed for modern IT environments.

Further Resources

By following this guide and utilizing the enhanced script, you can implement a robust, automated, secure, and intelligent backup solution for your Linux systems. The script's advanced features ensure reliable data protection while minimizing administrative overhead and maximizing backup efficiency across your infrastructure.