BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] File restore integrity

2010-06-18 03:25:20
Subject: Re: [BackupPC-users] File restore integrity
From: Jonathan Schaeffer <jonathan.schaeffer AT univ-brest DOT fr>
To: backuppc-users AT lists.sourceforge DOT net
Date: Fri, 18 Jun 2010 09:25:28 +0200 
Hi, thanks for your quick answers.

On 17/06/2010 17:55, Les Mikesell wrote:
> On 6/17/2010 9:29 AM, Jonathan Schaeffer wrote:
>>
>> I'm administrating a BackupPC server and I'm concerned about the security of 
>> the
>> whole system.
>
> It is based on controlling access to root and the backuppc user on the
> server.  I don't see a way around that.
Sure, my point is to limit the risks of intrusion on the clients when the 
server 
is compromised. But the first thing to do is obviously to protect the server.

>> And then, when the client restores the file, it gets an empty file.
>>
>> Is there a checking mechanism to ensure the integrity of the restored files ?
>> i.e. the server can check that the files he is about to restore is the same 
>> as
>> the one he stored previously ?
>
> If you are going to corrupt something intentionally and you have root
> access, you would also be able to replace/bypass any such check.  Don't
> give anyone you don't trust root access...
The problem is not who I give root access but who takes it in my back.

First, I will not connect the BackupPC host to the internet
Then, I'll use a file alteration monitor on the system to be aware of any 
modification in the backupPC core programs and in the data stored. iwatch looks 
like a good candidate.

Finaly, I'll keep in mind that anybody gaining root priviledges can basicaly do 
all imaginable stuff.

Still, would'nt it be a nice feature to check the file integrity before the 
restore ? Not only in case of evil intrusion but also in case of data 
corruption, preventing corrupted data to be restored.





------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] rsyncd, Parent read EOF from child, Alexander Moisseev
Next by Date:  Re: [BackupPC-users] File restore integrity, Jonathan Schaeffer
Previous by Thread:  Re: [BackupPC-users] File restore integrity, Les Mikesell
Next by Thread:  Re: [BackupPC-users] File restore integrity, Les Mikesell
Indexes:  [Date] [Thread] [Top] [All Lists]