Alvin Oga schrieb: > - fresh installs means you have to configure everything > again from nothing .. maybe 1hr ..maybe 1 day .. maybe 1 week
No, you don't; you can just review the configuration file(s) manually or check them against a known good backup. > always push backups, since remote machines should NEVER have access to > root-read-only files That is not a good idea in a typical hosting environment; if you push your backup and the machine to be backupped is compromised, the attacker has access to your backups too because the automatic backup process has to have the necessary credentials (unless you want to type in the credentials every hour/day/week by hand, which is not very feasible). Your backup host can and should be quite locked down so it should be much harder to attack - I would prefer to allow remote access to root-read-only files from a backup machine that is presumably safe to giving an attacker from the "front-end" machine access to the backups. If you'vo got enough spare space on the server to be backupped, you could backup everything to the local harddisk first and then pull it from there - so you don't have the credentials for the backup space on the compromised machine, but also don't need to allow a root login from outside. Or you can push the backup out and then secure it on the backup server, i.e. write protect it or copy it to another location where the "front-end" host to be backupped has no access. -thh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
