Post-Mortem: Automated Backups Fail, SII Breathing Down Your Neck

Post-Mortem: Automated Backups Fail, SII Breathing Down Your Neck

A 45KB backup file exposed 6 months of SII-compliant data loss in a Chilean SME. Automated backups failed to validate integrity, triggering a ransomware crisis.

Why This Matters

The technical reality of backup systems often diverges from ideal models. Automated backups without validation can silently store corrupted or incomplete data, leading to catastrophic failures. In this case, 6 months of tax records were lost due to a script that never tested restore viability, resulting in potential SII penalties and operational paralysis. The cost of manual data reconstruction far exceeds preventive measures.

Key Insights

• “45KB backup file, 2025”: A single corrupted backup file erased 6 months of critical tax data.
• “Validation over automation for SII compliance”: Scripts must verify backup integrity, not just run.
• “Backup script used by Chilean SMEs”: A production-grade bash script with restore testing was implemented post-crisis.

Working Example

#!/bin/bash
# AUTOR: Tu SysAdmin de Confianza
# DESCRIPCIÓN: Backup MySQL con verificación de integridad y subida a Nube (S3/MinIO)
DB_USER="root"
DB_PASS="TuPasswordSuperSegura123"
DB_NAME="facturacion_prod"
BACKUP_DIR="/mnt/backups/mysql"
DATE=$(date +%Y-%m-%d_%H%M)
FILENAME="backup_${DB_NAME}_${DATE}.sql.gz"
LOG_FILE="/var/log/db_backup.log"
SLACK_WEBHOOK="https://hooks.slack.com/services/T000/B000/XXXX"

log_message() {
  echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" >> $LOG_FILE
}

log_message "INICIO: Comenzando backup de ${DB_NAME}"

mysqldump -u $DB_USER -p$DB_PASS --single-transaction --quick --lock-tables=false $DB_NAME | gzip > $BACKUP_DIR/$FILENAME

if [ ${PIPESTATUS[0]} -ne 0 ]; then
  log_message "ERROR CRÍTICO: Falló el mysqldump. Abortando."
  curl -X POST -H 'Content-type: application/json' --data '{"text":"🚨 FALLÓ BACKUP DB: Error en mysqldump"}' $SLACK_WEBHOOK
  exit 1
fi

FILESIZE=$(stat -c%s "$BACKUP_DIR/$FILENAME")
MINSIZE=1048576 # 1MB en bytes
if [ $FILESIZE -lt $MINSIZE ]; then
  log_message "ERROR: El backup pesa menos de 1MB ($FILESIZE bytes). Sospechoso."
  curl -X POST -H 'Content-type: application/json' --data '{"text":"⚠️ ALERTA: Backup generado es sospechosamente pequeño."}' $SLACK_WEBHOOK
else
  log_message "ÉXITO: Backup generado. Tamaño: $(($FILESIZE / 1024 / 1024)) MB"
fi

TEST_DB="test_restore_db"
mysql -u $DB_USER -p$DB_PASS -e "DROP DATABASE IF EXISTS $TEST_DB; CREATE DATABASE $TEST_DB;"
zcat $BACKUP_DIR/$FILENAME | mysql -u $DB_USER -p$DB_PASS $TEST_DB

if [ $? -eq 0 ]; then
  log_message "VERIFICACIÓN: Restauración en DB de prueba exitosa."
  mysql -u $DB_USER -p$DB_PASS -e "DROP DATABASE $TEST_DB;"
else
  log_message "ERROR FATAL: El backup no se pudo restaurar."
  curl -X POST -H 'Content-type: application/json' --data '{"text":"🔥 ERROR CRÍTICO: El backup está corrupto, no pasa el restore test."}' $SLACK_WEBHOOK
  exit 1
fi

# aws s3 cp $BACKUP_DIR/$FILENAME s3://mi-bucket-backups/
# log_message "Subido a S3"
exit 0

Practical Applications

• Use Case: Chilean SMEs using SII-compliant backup scripts with restore testing.
• Pitfall: Relying on automated backups without validation leads to silent data loss and regulatory penalties.

References:

• https://dev.to/leover22/post-mortem-cuando-los-backups-automatizados-fallan-y-el-sii-te-respira-en-la-nuca-guia-de-214c

---