|
[Veritas-bu] Netbackup / Port security.
2000-12-20 17:45:52
|
Subject: |
[Veritas-bu] Netbackup / Port security. |
|
From: |
fx [François-Xavier Peretmere] fx AT Veritas DOT com |
|
Date: |
Wed, 20 Dec 2000 23:45:52 +0100 |
> From: Sixbury, Dan [mailto:dsixbury AT saint-lukes DOT org]
> Sent: Friday 15 December, 2000 16:15
> I have some clients that the admins decided to lock security
> down on, and now I am under the impression that the security is
> locking out Netbackup from performing backups. I have both NT and
> Unix clients.
>
> 1. Does telnet have to be enabled?
hopefully not.
> 2. How does the master server obtain access to the client?
the master is the first name in all the client SERVER directive.
either you found that in the cleint bp.conf (unix) or in the
client Win32 configuration pannels (Win32).
> I know we have the typical 13782 port enabled for bpcd, but the question is
> how does Netbackup communicate with the clients if for example it
> doesn't have the root password? Hence the possible security issue of coming
> in
> on a netbackup port to obtain root access.
bpcd process is launched by inetd, it's running under the account
configured in inetd.conf. no need for the root password to backup.
> On the NT client, the admin account was changed, so I assumed
> that I needed to update the services for Netbackup to show the new "real"
> admin as theowner of the service.
euuhh? default account for NetBackup services on a WinNT client is "system
account". don't need to touch anything here, except if your client
needs to backup trough the network - system account is a builtin
account with almost every right *locally*, but no rights trough
the network.
> I have also used an allow statement within hosts.allow file for the clients in
> question and bpcd is in the inetd.conf file.
don't understand. hosts.allow has nothing to do here if we're talking
about backups. or i missed something...
> The errors that I am recieving are 24 on the unix client and
> 57 on the NT client.
>
> I guess the real question is how does Netbackup connect to a
> client with root/admin access and how do we ensure that this is secure?
i'm not sure i've understood everything in your config. anyway, when
having connection problem, the fiorst thing is *always* to follow the steps
described in the troubleshooting guide.
fx
#include <std_disclaimer.h>
--
fx AT veritas DOT com | No keyboard present.
French Consulting Team | Hit F1 to continue.
http://www.veritas.com/ | Zen engineering?
|
|
|
