> The method I use is that I use rsync+ssh. I then create a regular backuppc
> user and limit sudo access to the tools needed to perform the backup, plus
> anything needed to be done as root in the pre/post backup scripts, such as
> my dbdump script. Here is my /etc/sudoers.d/backuppc:
>
> # This file is managed by puppet. Do not edit locally.
> Cmnd_Alias BACKUP=/bin/tar, /usr/bin/rsync, /usr/bin/mysqldump,
> /usr/local/sbin/dbdump
> backuppc ALL=NOPASSWD:BACKUP
>
> This allows me access to all the files to be backed up/restored, and limits
> the backuppc user to the specific tools needed to perform the task. An
> attacker could get in and cause mischief, but that risk is far overshadowed
> by missing backups in a DR type scenario.
What I ended up doing was pushing from each of the clients to the
backup server via rsync --fake-super. You can lock down rsync access
on the backup server to a particular directory via the authorized_keys
file. Then the backup server runs rdiff-backup against the rsynced
backups in order to maintain a versioned history. This way the backup
server doesn't have any access to any of the clients and the clients
only have access to their own backup folder on the server. If a
client is infiltrated, the infiltrator can wipe out the client's
backups on the server but the rdiff-backup repository is safe.
- Grant
>> Hi,
>>
>> I can understand the question. If BackupPC will use root permission,
>> your BackupPC will become No. 1 target. Because when the attacker
>> controls your BackupPC, she can access every box within your network
>> as root. Nothing you really want. And in business, you will have
>> multiple sys-admins.. but as the VPN/Firewall admin you want your
>> servers to be backed up, but you shouldn't trust your colleague which
>> is running the backup server too much. Because it is your ass which
>> will get kicked when someone compromises the systems under your
>> responsibility.
>>
>> Two ways we are using:
>> 1) If you really know what folder you want to be backed up, create a
>> user "backup" and add an ACL which allows the user "backup" to read
>> these folders.
>>
>> 2) If you don't know what folders you want to be backed up or you want
>> to backup everything, also create a user "backup" and lock it down.
>> Now, create a copy of rsync. Make sure, only the user "backup" can
>> execute this file. Set the CAP_DAC_READ_SEARCH capability for the
>> private rsync copy. Now, the user "backup" can access all your data
>> like root can, but if anybody will get access to that user on that
>> box, he/she is very limited.
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
