Mailinglist Archive: opensuse-security (511 mails)
| < Previous | Next > |
Re: [suse-security] automatic backups over ssh/scp
- From: Rob Simmons <rsimmons@xxxxxxxx>
- Date: Fri, 31 Aug 2001 17:41:48 -0400 (EDT)
- Message-id: <20010831173759.D50234-100000@xxxxxxxxxxxxx>
Another thing that I've used for secure backups of small numbers of files
(config files usually):
cron a script that tar's up the files that you want to backup, then gpg
encrypts the tar file using your (or someone's public key), then emails
the gpg encrypted file to yourself.
Robert Simmons
Systems Administrator
http://www.wlcg.com/
On Fri, 31 Aug 2001, Kurt Seifried wrote:
> Depends on how complicated your backups are. For example the client box
> tarball's it all up, one file to move, things are suddenly a lot different
> then maintaining a multi gigabyte file tree. Let's assume for a moment we're
> talking file trees with lots of different owners and perms, and no tarballs.
> Yes rsync needs to run as root on the server, to set file perms/etc, this
> can be somewhat mitigated by chroot'ing it (probably will be ok, but chroot
> can be broken out of by root, so some buffer overflow in rsync with a
> hostile client might be bad news). Basically any backup software will have
> to run as root to set file perms, setuid/setgid bits, yadayada (kernel
> capabilities and whatnot aside). Hopefully that software was built with this
> in mind and supports some nice controls (like only write/read files in
> /foo/backups/*).
>
>
> Kurt
(config files usually):
cron a script that tar's up the files that you want to backup, then gpg
encrypts the tar file using your (or someone's public key), then emails
the gpg encrypted file to yourself.
Robert Simmons
Systems Administrator
http://www.wlcg.com/
On Fri, 31 Aug 2001, Kurt Seifried wrote:
> Depends on how complicated your backups are. For example the client box
> tarball's it all up, one file to move, things are suddenly a lot different
> then maintaining a multi gigabyte file tree. Let's assume for a moment we're
> talking file trees with lots of different owners and perms, and no tarballs.
> Yes rsync needs to run as root on the server, to set file perms/etc, this
> can be somewhat mitigated by chroot'ing it (probably will be ok, but chroot
> can be broken out of by root, so some buffer overflow in rsync with a
> hostile client might be bad news). Basically any backup software will have
> to run as root to set file perms, setuid/setgid bits, yadayada (kernel
> capabilities and whatnot aside). Hopefully that software was built with this
> in mind and supports some nice controls (like only write/read files in
> /foo/backups/*).
>
>
> Kurt
| < Previous | Next > |