Re: Amanda Security
2005-04-13 14:39:09
On Wed, Apr 13, 2005 at 08:54:35PM +0300, Toomas Aas wrote:
> Mike wrote:
>
> > Is there anything in amanda that would prevent a "unauthorized/unknown"
> > person from backing up to, or restoring data to, their personal machine
> > remotely.
>
> There is a file on each Amanda client called .amandahosts. This file
> lists the hosts and usernames from which amanda accepts connections.
I assume the problem is unauthorized recovery of not-my-data ?
...but if a random user has login access to the server and there are
default settings on the tape drive ?
You can code the crontab line that runs amdump to offline the tape
after amdump completes, then if the tape drive is in a protected
computer room you are all set. This has been documented in the
amanda-users list. Something like
amdump config && mt -f /dev/tape offline
Might be a little trickier with a jukebox or something that can load
a tape. Perhaps changing protections on the drive to 770 for either
the amanda user or whatever group its in.
As far as access to generic data online, its whatever your normal
access and protections are.
---
Brian R Cuttler brian.cuttler AT wadsworth DOT org
Computer Systems Support (v) 518 486-1697
Wadsworth Center (f) 518 473-6384
NYS Department of Health Help Desk 518 473-0773
|
|
|