[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Backup soution to another server



On Sun, 2004-05-09 at 16:05 -0300, Julian Monteiro wrote:
> Hello,
> 
> Some weeks ago I've found this project:
> http://www.miek.nl/projects/hdup/hdup.shtml
> Is very simple (compared to Amanda and others), and support encryption and remote backup.
> 
> Or look at this site:
> http://www.linux-backup.net/App/
> 


I agree, hdup is very nice. I started using it when mcrypt was a pain to
track down and install. These days you can use gpg, which is a standard
package and works even better. It can use ssh to transport it across the
network securely and gpg to encrypt it for storage on disk without
worries someone will break into the backup server and have access to all
the data.

One thing I figured out is if someone breaks into the server that is
doing the backup they can also login via ssh(dsa key auth) and delete
the backup files. So it is best to make the files immutable. Another
option might be to change the ownership of the files then set the sticky
bit on the directory so the user can't overwrite the ownership of the
file by owning the directory.

If using mcrypt, be sure to backup your encryption keys.

If using gpg, don't create the keys on the server. Create them on
another machine and transport in the public key only. That way if
someone breaks into the machine they can't go to the backup server and
read the backups by decrypting. Plus there is no way to recover the
secret keys from disk if they were never there.


/etc/crontab:

# Backup mass chattr +i
0 9 1-31 * * root /usr/local/sbin/bchattr /home nc


/usr/local/sbin/bchattr:

#!/bin/bash
 
/usr/bin/find $1 -type f -name "*.$2" | /usr/bin/xargs
-i /usr/bin/chattr +i {}



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]