On Wed, Feb 04, 2009 at 12:26:23PM +0000, Wayne Stallwood wrote:
On Wed, 2009-02-04 at 12:04 +0000, Chris G wrote:
Maybe I haven't described exactly what I meant. 'My' machine is called 'chris' and it has data that needs backing up, I back it up to a machine called 'backup'. Say an intruder gets access to 'chris' (it's about the only machine on the LAN where a break in is directly possible), they can directly delete my data but I'm trying to make it so they *can't* get easy access to 'backup' and delete data there.
Using rdiff-backup (for example) to backup means that there is passwordless ssh access to 'backup' and so the intruder can simply go and delete files on 'backup' as well.
Ok so what if "backup" had read only access to "Chris" and pulled the files (via rsync or whatever) and Chris had no passwordless access to backup. Then if "Chris" is compromised "Backup" would be safe*. If Backup was compromised then the files on Chris would be safe* as well.
That's how I'm doing it at the moment. :-) Yes, it does do what I want from the security point of view but it's less "user friendly" from the point of view of knowing if the backup worked.
If I can get a similar level of safety of backup with a 'push' mode then it's *much* easier to get told when a backup has failed.
- Where "safe" is safe from deletion not interception..if you want safe
from interception then you need to wrap rsync in ssh..encrypt the backup volume and the volume with your data on "chris" before you are even close.
The data isn't inherently valuable or even particularly confidential, it's just rather important to running our small business. If someone copied the data I think they'd find it very boring and not very useful.