Gentoo Archives: gentoo-user

From: Grant <emailgrant@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] {OT} Are "push" backups flawed?
Date: Fri, 11 Nov 2011 18:29:22
In Reply to: Re: [gentoo-user] {OT} Are "push" backups flawed? by Michael Mol
1 > [snip]
2 >
3 >> The problem with my current push-style layout is that if one of the 3
4 >> machines is compromised, the attacker can delete or alter the backup
5 >> of the compromised machine on the backup server.  I can rsync the
6 >> backups from the backup server to another machine, but if the backups
7 >> are deleted or altered on the backup server, the rsync'ed copy on the
8 >> next machine will also be deleted or altered.
9 >
10 > As a final stage in your backup, could you trigger a 'pull'-style
11 > backup copying the data image to a more secure area? How about setting
13 Even if I pull a copy of the backup to a separate machine from the
14 backup server, it will pull an altered copy if an attacker compromises
15 one of the systems being backed up and alters that system's backup on
16 the backup server. Am I missing something?
18 - Grant
21 > your backup target on top of lvm, and snapshotting? Some mechanism
22 > could be employed so that the snapshot command is run by a more
23 > restricted user, and done so after, e.g. a certain amount of idle time
24 > in the backup target directory
25 >
26 >>
27 >> If I run a pull-style layout and the backup server is compromised, the
28 >> attacker would have root read access to each of the 3 machines, but
29 >> the attacker would already have access to backups from each of the 3
30 >> machines stored on the backup server itself so that's not really an
31 >> issue.  I would also have the added inconvenience of using openvpn or
32 >> ssh -R for my laptop so the backup server can pull from it through any
33 >> router.
34 >
35 > Check out freenet6. I use it so that my laptop has a static, global IP
36 > address whether it's on my home network or not. It's quite nice. IPv6
37 > in various applications also solves my other direct-access needs.
38 >
39 >>
40 >> What do you think guys?  Are push-style backups flawed and unacceptable?
41 >
42 > I imagine you might still want to 'pull' from your backup server; if
43 > someone gets a key that allows them to manipulate the behavior of a
44 > local process that shouldn't normally be manipulated, your
45 > vulnerability surface goes up.
46 >
47 > --
48 > :wq


Subject Author
Re: [gentoo-user] {OT} Are "push" backups flawed? Michael Mol <mikemol@×××××.com>