>>>>> On Sat, 29 Jun 2013 07:24:36 -0700, Grant said: > > I'm currently pushing backups from each system to a central backup > server via rdiff-backup. However, I realized that push backups are > not safe because if one of the systems is compromised, the infiltrator > could delete all of that system's backups with a command like this: > > rdiff-backup --remove-older-than 1s backup@12.34.56.78::/path/to/backup
The Bacula client can't delete its own backups, so it is safe against that problem. > Pull backups don't seem secure because if the central server is > compromised, the infiltrator would have root read privileges on every > backed-up system and would thereby be able to gain root access to > those systems. Bacula does have root read (and write) privileges on every backed-up system, but you can encrypt the backups before sending them to the central server. Bacula can also sign the backups, so the client can verify that a restore doesn't contain modified data. You still have to keep the encryption/signing keys secure of course. __Martin ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
