On 11/13/11 13:03, Grant wrote: >>>> And if I pull, none of my backed-up systems are secure because anyone >>>> who breaks into the backup server has root read privileges on every >>>> backed-up system and will thereby "gain full root privileges quickly." >>> >>> IMO that depends on whether you also backup the authentication-related >>> files or not. Exclude them from backup, ensure different root passwords >>> for all boxes, and now you can limit the infiltration. >> >> If you're pulling to the backup server, that backup server has to be >> able to log in to and read all files on the other servers. Including >> e.g. your swap partition and device files. > > What if I have each system save a copy of everything to be backed up > from its own filesystem in a separate directory and change the > ownership of everything in that directory so it can be read by an > unprivileged backup user?
You've just reinvented the push backup =) If separate-directory is on the same server, an attacker can log in and overwrite all of your files with zeros. Those zeros will be pulled to the backup server, destroying your backups. If separate-directory is on the backup server...
