Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Bacula security

2013-07-01 11:11:36
Subject: Re: [Bacula-users] Bacula security
From: Martin Simmons <martin AT lispworks DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Mon, 1 Jul 2013 16:07:54 +0100 
>>>>> On Mon, 01 Jul 2013 16:25:06 +0200, Jérôme Blion said:
> 
> Le 2013-07-01 15:53, Martin Simmons a écrit :
> >>>>>> On Mon, 01 Jul 2013 15:25:23 +0200, Jérôme Blion said:
> >> 
> >> Le 2013-07-01 13:07, Martin Simmons a écrit :
> >>> Bacula does have root read (and write) privileges on every backed-up
> >>> system,
> >>> but you can encrypt the backups before sending them to the central
> >>> server.
> >>> Bacula can also sign the backups, so the client can verify that a
> >>> restore
> >>> doesn't contain modified data.  You still have to keep the
> >>> encryption/signing
> >>> keys secure of course.
> >>> 
> >>> __Martin
> >> 
> >> 
> >> If the bacula server is compromised and the attacker gains root
> >> privileges on the Bacula director, it can modify any client's job to 
> >> run
> >> a specific command to gain access (unprivileged or not)
> >> In this kind of architecture, securing the director from unauthorized
> >> access is primordial and needs to take the necessary time to do it
> >> properly.
> >> 
> >> If you don't grant privileges to clients (console access and so on),
> >> they can be safely compromised (sigh). At worst, you will back up 
> >> wrong
> >> files. If they have a console access to the director, you must ensure
> >> they can't do harm to your system or your files (restoring files from 
> >> a
> >> confidential system on a public one, for example)
> > 
> > The latter case is secured by encrypting the backups (since the key is 
> > only on
> > the correct client).
> > 
> > You are right are the risk of compromise of the client though -- it 
> > looks like
> > there is no way to force the FD to only restore from signed backups.
> > 
> > __Martin
> 
> Hello,
> 
> It can be secured via ACL too.
> You can manage what a client has access to.
> 
> And so, ensure no critical data pieces can be stolen through that way.

Yes, that works as long as the Director is secure -- otherwise the attacker
can just write their own ACL.

__Martin

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Bacula security, Jérôme Blion
Next by Date:  Re: [Bacula-users] Bacula security, Josh Fisher
Previous by Thread:  Re: [Bacula-users] Bacula security, Jérôme Blion
Next by Thread:  Re: [Bacula-users] Bacula security, Jérôme Blion
Indexes:  [Date] [Thread] [Top] [All Lists]