Hello! I have two boxes and want to save a backup of each others on it. So far i have created a ssh key for both machines so i can make a ssh rsync to each other. But the terrible sideeffect is that IF one of those boxed get compromized the cracker will be root on both of them!!! My Backup script: #--- START --------------------------------------------------------------------- #!/bin/sh speed=500 verzeichnisse="etc home root boot usr/local/bin/" for verzeichniss in $verzeichnisse do find /$verzeichniss -size +10200k | rsync -avvz --exclude-from=- --delete -e "ssh" /$verzeichniss bortal.de:/backup/sts/ done #--- END ------------------------------------------------------------------------- I need to save it on each other because both have a 100MBit Internet connection which makes a restoring backup easy! So a tape Backup is not really possible. :/ Any ideas/hints? Cheers, Mario -- +++ GMX - die erste Adresse für Mail, Message, More +++ Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net
My opinion is to create a single user(which is not in the root list!!!!) and use this user to copy the backup files. You can make an arhive with your files and send only that archive. You will have to create the public/private key for this user and to copy first the backups in his home directory. Then with local script (that can have root privileges) you can move that file wherever you want. Can use also multiple files. (I use SCP command for copy) I see this way more secure. Don't have to access with public root keys and if a machine becomes compromized on the other only THAT single user is accessible. Give to that user no other rights, just for that backup copy. I would like to see also other ideeas. Bers regards. Andy. PS: i'm not that good at linux... but learning... ----- Original Message ----- From: "Mario Ohnewald" <mario.Ohnewald@gmx.de> To: <suse-security@suse.com> Sent: Thursday, December 04, 2003 11:31 AM Subject: [suse-security] Secure Backup
also encountered this on freshmeat before: http://www.anarcat.ath.cx/software/bksh.en.html Haven't used it, but it is a limited shell especially for backups over ssh. -- Ronny Martin
Hi, so, why do you want to save the backup on the other Side with root-rights ? Do you _really_ need this for User Data? Check this out first. Maybe it is better Using some Kind of tar to save Data on the other Side. You could use some Kind of chroot, or userspace Linux as well. SuDO might help you too. I recomend the way, logging in unprivileged on the other Side, and save the Backup in a gzipped tar-File. Greetings Dirk Mario Ohnewald schrieb:
Mario Ohnewald <mario.Ohnewald@gmx.de> wrote:
[...]
Any ideas/hints?
As far as I understand, you need to - run rsync as root on the source machine (to access all files) - connect to the target machine non-interactive with ssh - run rsync as root on the target machine (to avoid loosing permissions) It should be possible to create a script running rsync as root on the source machine. rsync should connect via ssh to the target machine as an especially created user (on the target machine) using public key auth. On the target machine the special user should only be allowed to log-in with the designated ssh key (passwd -l et al.), should preferrably be chroot-ed and should have an ~/.ssh/authorized_keys file where the ssh command feature is used, i.e. connecting using the specified key will result in executing the specified command ... always. Other limitations for the key (from IP, no forwarding et al.) should be applied, too. Next, you need to find out which command is required by rsync on the receiving side (target host); $SSH_ORIGINAL_COMMAND might help here (google for it). So far, connecting to target host is only possible using the ssh key you created (without passphrase that is) and will always result in rsync doing it's target side magic. However, since rsync does not run as root on the target machine you will still loose permissions. To circumvent this, you could record all permissions to a file (best within your backup script) and sync this one along with all the other data. Of course you will have to create another script that will restore permissions in case that you use backed up files from the target machine on the source machine again. Alternativly, you could use sudo on the target machine to allow the special account to run rsync as root (and only that). However, chroot-ing the special account on the target machine is problematic then, since you need sudo inside your cage which is SUID 0. Note, that I haven't tested such a setup. Hope that helps, Ulf
participants (5)
-
Andrei Bintintan
-
Dirk Schreiner
-
Mario Ohnewald
-
Ronny Martin
-
Ulf Stegemann