Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Bacula security

2013-07-02 08:36:25
Subject: Re: [Bacula-users] Bacula security
From: Josh Fisher <jfisher AT pvct DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Tue, 02 Jul 2013 08:32:43 -0400 
On 7/1/2013 4:09 PM, Kern Sibbald wrote:
> Hello,
>
> This is an interesting subject and what everyone says is correct.
> I have been thinking over the past few months about how to
> improve security, and although we already have one way that
> the FD can drop permissions to become a backup only FD,
> I have been thinking about two additions:
>
> 1. A command line option and/or perhaps a Directive that
> forces the FD into read-only mode -- i.e. it can only do
> Backups but no restores.  Of course, to do restores, one
> would have to turn off the service and restart it (or another
> one) with restore permission if one wanted to do restores.
>
> 2. Implementation of a ScriptsDirectory that would allow the FD
> to run scripts only from that Directory rather than from any
> Directory.

A ScriptsDirectory is a good idea, although I would add that it is 
essential that the ScriptsDirectory must NOT be restorable, else a 
compromised Dir could place any script it wants in the ScriptDirectory 
in a two-step attack. #2 does not make any difference unless used in 
conjunction with #1.

Also, another approach is a command line option or FD directive to 
disallow scripts so that each FD could enable or disable scripts 
altogether. Using PKI data encryption together with the ability to 
disable scripts would allow for fairly safe restores, since the FD's 
private key would be needed to alter any files being restored and a 
compromised Dir could not run commands to alter the FD's private key 
even when FD was running as root.



>
> Though neither of these would be effective against all attacks
> they should permit the user to configure better security.
> There are probably a lot of similar ideas that could help improve
> security ...
>
> Best regards,
> Kern
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> Bacula-users mailing list
> Bacula-users AT lists.sourceforge DOT net
> https://lists.sourceforge.net/lists/listinfo/bacula-users


------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] using auto-clean on an autochanger, Jummo
Next by Date:  [Bacula-users] Bacula vchanger USB - Device is not open, arnaldojsousa
Previous by Thread:  Re: [Bacula-users] Bacula security, Kern Sibbald
Next by Thread:  Re: [Bacula-users] Bacula security, Kern Sibbald
Indexes:  [Date] [Thread] [Top] [All Lists]