[pbs-devel] [PATCH proxmox-backup 1/2] docs: minor re-phrasing and spell checking clean up

Daniel Tschlatscher d.tschlatscher at proxmox.com
Mon Nov 28 15:52:49 CET 2022



On 11/28/22 15:34, Stefan Sterz wrote:
> Signed-off-by: Stefan Sterz <s.sterz at proxmox.com>
> ---
>  docs/storage.rst | 37 +++++++++++++++++++------------------
>  1 file changed, 19 insertions(+), 18 deletions(-)
> 
> diff --git a/docs/storage.rst b/docs/storage.rst
> index a773b666..5ba419cd 100644
> --- a/docs/storage.rst
> +++ b/docs/storage.rst
> @@ -383,7 +383,7 @@ Ransomware Protection & Recovery
>  `Ransomware <https://en.wikipedia.org/wiki/Ransomware>`_ is a type of malware
>  that encrypts files until a ransom is paid. Proxmox Backup Server includes
>  features that help mitigate and recover from ransomware attacks by offering
> -off-server and off-site synchronizations and easy restoration from backups.
> +off-server and off-site synchronization and easy restoration from backups.
>  
>  Built-in Protection
>  ~~~~~~~~~~~~~~~~~~~
> @@ -399,39 +399,40 @@ The 3-2-1 Rule with Proxmox Backup Server
>  
>  The `3-2-1 rule <https://en.wikipedia.org/wiki/Backup#Storage>`_ is simple but
>  effective in protecting important data from all sorts of threats, be it fires,
> -natural disasters or attacks on your infrastructure by adversaries .
> +natural disasters or attacks on your infrastructure by adversaries.
>  In short, the rule states that one should create *3* backups on at least *2*
>  different types of storage media, of which *1* copy is kept off-site.
>  
>  Proxmox Backup Server provides tools for storing extra copies of backups in
>  remote locations and on various types of media.
>  
> -By setting up a remote Proxmox Backup Server you can take advantage of the
> +By setting up a remote Proxmox Backup Server, you can take advantage of the
>  :ref:`remote sync jobs <backup_remote>` feature and easily create off-site
>  copies of your backups.
>  This is recommended, since off-site instances are less likely to be infected by
>  ransomware in your local network.
> -You can configure sync jobs to not removed snapshots if they vanished on the
> +You can configure sync jobs to not remove snapshots if they vanished on the
>  remote-source to avoid that an attacker that took over the source can cause
>  deletions of backups on the target hosts.
> -If the source-host became victim of a ransomware attack, there's a good chance
> -that sync jobs will fail triggering an :ref:`error notification
> +If the source-host became victim of a ransomware attack, there is a good chance
> +that sync jobs will fail, triggering an :ref:`error notification
>  <maintenance_notification>`.
>  
>  It is also possible to create :ref:`tape backups <tape_backup>` as a second
> -storage medium. This way you get an additional copy of your data on a
> -different, for long-term storage designed medium type which can easily be moved
> -around, be it to and off-site location or, for example into an on-site fire
Typo: "an" off-site location...

> -proof vault for quicker access.
> +storage medium. This way, you get an additional copy of your data on a
> +different storage medium designed for long-term storage. Additionally, it can
> +easily be moved around, be it to and off-site location or, for example, into an
> +on-site fireproof vault for quicker access.
>  
>  Restrictive User & Access Management
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>  
> -Proxmox Backup Server offers a comprehensive and fine grained :ref:`user and
> +Proxmox Backup Server offers a comprehensive and fine-grained :ref:`user and
>  access management <user_mgmt>` system. The `Datastore.Backup` privilege, for
>  example, allows only to create, but not to delete or alter existing backups.
>  
>  The best way to leverage this access control system is to:
> +
>  - Use separate API tokens for each host or Proxmox VE Cluster that should be
>    able to back data up to a Proxmox Backup Server.
>  - Configure only minimal permissions for such API tokens. They should only have
> @@ -443,8 +444,8 @@ The best way to leverage this access control system is to:
>     permissions, but to perform backup pruning directly on Proxmox Backup Server
>     using :ref:`prune jobs <maintenance_prune_jobs>`.
>  
> -Please note that same also applies for sync jobs. By limiting a sync user's or
> -an access token's right to only write backups, not delete them, compromised
> +Please note that the same also applies for sync jobs. By limiting a sync user's
> +or an access token's right to only write backups, not delete them, compromised
>  clients cannot delete existing backups.
>  
>  Ransomware Detection
> @@ -461,8 +462,8 @@ To detect ransomware inside a compromised guest, it is recommended to
>  frequently test restoring and booting backups. Make sure to restore to a new
>  guest and not to overwrite your current guest.
>  In the case of many backed-up guests, it is recommended to automate this
> -restore testing or, if this is not possible, to restore random samples from the
> -backups periodically (for example, once a week or month).
> +restore testing. If this is not possible, restoring random samples from the
> +backups periodically (for example, once a week or month), is advised'.
>  
>  In order to be able to react quickly in case of a ransomware attack, it is
>  recommended to regularly test restoring from your backups. Make sure to restore
> @@ -470,7 +471,7 @@ to a new guest and not to overwrite your current guest.
>  Restoring many guests at once can be cumbersome, which is why it is advisable
>  to automate this task and verify that your automated process works. If this is
>  not feasible, it is recommended to restore random samples from your backups.
> -While creating backups is important, verifying that the backups work is equally
> +While creating backups is important, verifying that they work is equally
>  important. This ensures that you are able to react quickly in case of an
>  emergency and keeps disruption of your services to a minimum.
>  
> @@ -489,13 +490,13 @@ limited to:
>  * Following safe and secure network practices, for example using logging and
>    monitoring tools and dividing your network so that infrastructure traffic and
>    user or even public traffic are separated, for example by setting up VLANs.
> -* Set up a long term retention. Since some ransomware might lay dormant a
> +* Set up a long-term retention. Since some ransomware might lay dormant a
>    couple of days or weeks before starting to encrypt data, it can be that
>    older, existing backups are compromised. Thus, it is important to keep at
>    least a few backups over longer periods of time.
>  
>  For more information on how to avoid ransomware attacks and what to do in case
> -of a ransomware infection, see official goverment recommendations like `CISA's
> +of a ransomware infection, see official government recommendations like `CISA's
>  (USA) guide <https://www.cisa.gov/stopransomware/ransomware-guide>`_ or EU
>  resources like ENSIA's `Threat Landscape for Ransomware Attacks
>  <https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-ransomware-attacks>`_





More information about the pbs-devel mailing list