From: Pandu Poluan <pandu@poluan.info>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] {OT} Are "push" backups flawed?
Date: Sat, 12 Nov 2011 10:20:26 +0700 [thread overview]
Message-ID: <CAA2qdGXgR7wpYG-i41Byn9F+Q+-xAgZJc9gtdXchOwiybCH19A@mail.gmail.com> (raw)
In-Reply-To: <CAN0CFw25=nGgs1fMUaabu=y=HEPcQktMzhTR2pP9a8W4XtMFCw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2000 bytes --]
On Nov 12, 2011 9:29 AM, "Grant" <emailgrant@gmail.com> wrote:
>
> >> The problem with my current push-style layout is that if one of the 3
> >> machines is compromised, the attacker can delete or alter the backup
> >> of the compromised machine on the backup server. I can rsync the
> >> backups from the backup server to another machine, but if the backups
> >> are deleted or altered on the backup server, the rsync'ed copy on the
> >> next machine will also be deleted or altered.
> >>
> >> If I run a pull-style layout and the backup server is compromised, the
> >> attacker would have root read access to each of the 3 machines, but
> >> the attacker would already have access to backups from each of the 3
> >> machines stored on the backup server itself so that's not really an
> >> issue. I would also have the added inconvenience of using openvpn or
> >> ssh -R for my laptop so the backup server can pull from it through any
> >> router.
> >
> > If an attacker can read the entire filesystem, he'll gain full root
> > privileges quickly.
>
> So if I push, I don't really have backups because anyone who breaks
> into the backed-up system can delete all of its backups like this:
>
> rdiff-backup --remove-older-than 1s backup@12.34.56.78::/path/to/backup
>
Write a daemon that immediately create hardlinks of the backed-up files in
a separate folder. Thus, even if rdiff decides to unlink everything, your
data are safe thanks to the nature of hardlinks. Optionally, have the same
daemon tarball the files (via the hardlinks) if you deem the revision
'permanent'.
> And if I pull, none of my backed-up systems are secure because anyone
> who breaks into the backup server has root read privileges on every
> backed-up system and will thereby "gain full root privileges quickly."
IMO that depends on whether you also backup the authentication-related
files or not. Exclude them from backup, ensure different root passwords for
all boxes, and now you can limit the infiltration.
Rgds,
[-- Attachment #2: Type: text/html, Size: 2448 bytes --]
next prev parent reply other threads:[~2011-11-12 3:23 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-11 17:55 [gentoo-user] {OT} Are "push" backups flawed? Grant
2011-11-11 18:15 ` Michael Mol
2011-11-11 18:27 ` Grant
2011-11-11 18:33 ` Michael Mol
2011-11-11 18:25 ` Pandu Poluan
2011-11-11 18:34 ` Grant
2011-11-11 18:56 ` Pandu Poluan
2011-11-11 19:14 ` Florian Philipp
2011-11-12 3:22 ` Pandu Poluan
2011-11-12 1:11 ` Michael Orlitzky
2011-11-12 2:22 ` Grant
2011-11-12 3:20 ` Pandu Poluan [this message]
2011-11-12 4:16 ` Michael Orlitzky
2011-11-12 4:32 ` Pandu Poluan
2011-11-13 18:03 ` Grant
2011-11-13 19:44 ` Florian Philipp
2011-11-15 0:43 ` Grant
2011-11-15 1:04 ` Michael Mol
2011-11-15 1:19 ` Grant
2011-11-15 2:11 ` Michael Mol
2011-11-15 2:32 ` Grant
2011-11-15 2:37 ` Michael Mol
2011-11-15 2:47 ` Grant
2011-11-15 4:54 ` Pandu Poluan
2011-11-15 7:18 ` J. Roeleveld
2011-11-13 20:43 ` Michael Orlitzky
2011-11-15 0:46 ` Grant
2011-11-13 20:50 ` Michael Orlitzky
2011-11-15 1:54 ` Grant
2011-11-15 15:23 ` Michael Orlitzky
2011-11-12 4:10 ` Michael Orlitzky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAA2qdGXgR7wpYG-i41Byn9F+Q+-xAgZJc9gtdXchOwiybCH19A@mail.gmail.com \
--to=pandu@poluan.info \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox