On Mon, 1 Jul 2013 01:39:56 -0700, Grant wrote: > > Yes, but with push you have to secure each machine whereas with pull > > backups it's only the server to secure. And you'd still need to grant > > access to the server from the clients, which could be escalated. With > > backuppc, the server does not need to be accessible from the Internet > > at all, all requests are outgoing. If the server machine serves other > > purposes and needs to be net-accessible, run the backup server in a > > chroot or VM. > > I'm planning to rsync --fake-super the important files from each > client to a particular folder on the backup server as an unprivileged > user and then have the backup server run rdiff-backup locally to > maintain a history of those files.
How does that work with files that aren't world-readable? > authorized_keys on the server > would restrict the clients to a particular rsync command in a > particular directory. That way if the backup server is infiltrated, > the clients aren't exposed in any way, and if a client is infiltrated, > the only extra exposure is the rsync'ed copy of the files on the > server which isn't a real vulnerability because of the rdiff-backup > history. I'd also like to have a secondary backup server pull those > same rsync'ed files from the primary backup server and run its own > rdiff-backup repository on them. That way all copies of any system's > backups are never made vulnerable by the break-in of a single system. > > Doesn't that compare favorably to a layout like backuppc's? It's a lot more work and doesn't cover everything. One of the advantages of a pull system like BackupPC is that the only work needed on the client is adding the backuppc user's key to authorized keys. Everything else is done by the server. If the server cannot contact the client, or the connection is broken mid-backup, it tries again. It also gives a single point of configuration. If you want to change the backup plan fr all machines, you make one change on one computer. It works well, save work and minimises disk space usage, especially with multiple similar clients. Preventing infiltration is simple as you don't need to open it to the Internet at all, the backup server can be completely stealthed and still do its job. -- Neil Bothwick Better to understand a little than to misunderstand a lot.
signature.asc
Description: PGP signature
