[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Secure Backup



My opinion is to create a single user(which is not in the root list!!!!) and
use this user to copy the backup files.

You can make an arhive with your files and send only that archive.
You will have to create the public/private key for this user and to copy
first the backups in his home directory. Then with local script (that can
have root privileges) you can move that file wherever you want. Can use also
multiple files. (I use SCP command for copy)

I see this way more secure. Don't have to access with public root keys and
if a machine becomes compromized on the other only THAT single user is
accessible. Give to that user no other rights, just for that backup copy.

I would like to see also other ideeas.

Bers regards.
Andy.

PS: i'm not that good at linux... but learning...


----- Original Message -----
From: "Mario Ohnewald" <mario.Ohnewald@xxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Thursday, December 04, 2003 11:31 AM
Subject: [suse-security] Secure Backup


> Hello!
> I have two boxes and want to save a backup of each others on it.
> So far i have created a ssh key for both machines so i can make a ssh
rsync
> to each other.
> But the terrible sideeffect is that IF one of those boxed get compromized
> the cracker will be root on both of them!!!
>
> My Backup script:
> #--- START
> ---------------------------------------------------------------------
> #!/bin/sh
> speed=500
> verzeichnisse="etc home root boot usr/local/bin/"
>
> for verzeichniss in $verzeichnisse
> do
>         find /$verzeichniss -size +10200k | rsync -avvz --exclude-from=-
> --delete -e "ssh" /$verzeichniss bortal.de:/backup/sts/
> done
> #--- END
> -------------------------------------------------------------------------
>
>
> I need to save it on each other because both have a 100MBit Internet
> connection which makes a restoring backup easy! So a tape Backup is not
really
> possible. :/
>
> Any ideas/hints?
>
>
> Cheers, Mario
>
> --
> +++ GMX - die erste Adresse für Mail, Message, More +++
> Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net
>
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here