RE: [suse-security] Secure Backup

4 Dec 2003

      also encountered this on freshmeat before:

http://www.anarcat.ath.cx/software/bksh.en.html

Haven't used it, but it is a limited shell especially for backups over ssh.

--
Ronny Martin
...
-----Original Message-----
From: Andrei Bintintan [mailto:klodoma@ar-sd.net]
Sent: Thursday, December 04, 2003 10:45 AM
To: Mario Ohnewald; suse-security@suse.com
Subject: Re: [suse-security] Secure Backup
My opinion is to create a single user(which is not in the
root list!!!!) and
use this user to copy the backup files.
You can make an arhive with your files and send only that archive.
You will have to create the public/private key for this user
and to copy
first the backups in his home directory. Then with local
script (that can
have root privileges) you can move that file wherever you
want. Can use also
multiple files. (I use SCP command for copy)
I see this way more secure. Don't have to access with public
root keys and
if a machine becomes compromized on the other only THAT single user is
accessible. Give to that user no other rights, just for that
backup copy.
I would like to see also other ideeas.
Bers regards.
Andy.
PS: i'm not that good at linux... but learning...
----- Original Message -----
From: "Mario Ohnewald" 
To: 
Sent: Thursday, December 04, 2003 11:31 AM
Subject: [suse-security] Secure Backup
...
Hello!
I have two boxes and want to save a backup of each others on it.
So far i have created a ssh key for both machines so i can
make a ssh
rsync
to each other.
But the terrible sideeffect is that IF one of those boxed
get compromized
the cracker will be root on both of them!!!
My Backup script:
#--- START
---------------------------------------------------------------------
...
#!/bin/sh
speed=500
verzeichnisse="etc home root boot usr/local/bin/"
for verzeichniss in $verzeichnisse
do
        find /$verzeichniss -size +10200k | rsync -avvz
--exclude-from=-
--delete -e "ssh" /$verzeichniss bortal.de:/backup/sts/
done
#--- END
--------------------------------------------------------------
-----------
...
I need to save it on each other because both have a 100MBit Internet
connection which makes a restoring backup easy! So a tape
Backup is not
really
...
possible. :/
Any ideas/hints?
Cheers, Mario
--
+++ GMX - die erste Adresse für Mail, Message, More +++
Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here