1 |
On 11/11/2011 10:20 PM, Pandu Poluan wrote: |
2 |
> |
3 |
>> And if I pull, none of my backed-up systems are secure because anyone |
4 |
>> who breaks into the backup server has root read privileges on every |
5 |
>> backed-up system and will thereby "gain full root privileges quickly." |
6 |
> |
7 |
> IMO that depends on whether you also backup the authentication-related |
8 |
> files or not. Exclude them from backup, ensure different root passwords |
9 |
> for all boxes, and now you can limit the infiltration. |
10 |
|
11 |
If you're pulling to the backup server, that backup server has to be |
12 |
able to log in to and read all files on the other servers. Including |
13 |
e.g. your swap partition and device files. |