On 1/12/26 16:31, [email protected] wrote:
Hi all,
I am looking to implement an OpenBSD server as a backup server.
Critically, it will provide backup to untrusted clients, so I need the setup to
be robust against an adversary in possession of the access codes.
as was already mentioned... define "untrusted" and "access codes".
If your backup server is run by trusted and capable administrators, you can
probably pretty safely login to the remote server, run rsync, and pull files
to the backup server. If the file is malicious, it's not an issue unless
someone on the backup server decides to execute it. This can be somewhat
deterred by having the backup server be a different OS or platform than the
target servers.
With rsync, you could access the remote server as root (to capture everything)
but write the files to the backup server as a non-root user, though you will
lose file ownership information, of course. If you want to access the remote
side as non-root, obviously, that will limit what ends up on the backup
server (which could be good or bad!)
Does anyone have recommendations for a solid setup?
My current plan is:
- create a restricted user that has ssh access to the machine
- use rrsync, lock down the shell of the restricted user following the
recommendation of rrsync
- use rsnapshot on top of this
For around 25 years, I've been using a home-rolled rsync --link-dest script.
A few years ago when between jobs, I finally rolled it into a published script.
Incremental Backup System
https://holland-consulting.net/scripts/ibs/
And if you are worried about untrusted systems, perhaps you should be looking
at what gets changed unexpectedly...by parsing the logs of IBS with the File
Alteration Reporting Tool:
https://holland-consulting.net/scripts/ibs/fart.html
Nick.
