On Thu, Feb 05, 2009 at 01:52:20AM +0100, Jakob Unterwurzacher wrote: > Chris G schrieb: > > If I never turn it on it will be perfectly safe. :-) > > > > Yes, my client (the machine to be backed up) is fairly secure. > > However given that ssh access from the outside world is allowed (even > > if only for non-root and from specific IPs) there is a risk that > > someone could get into it and wreak havoc. What I want to do is to > > minimise the risk that anyone who does that will also be able to get > > at my backups and destroy them too. > > > > IMO "the" solution to this is to use pull-style backups. The backup > machine should login to your machine (and not the other way round) and > start the backup.
That's how I *had* arranged it but it has the difficulty of needing extra monitoring software to tell me if the backups are no longer working. A 'push' backup has the big advantage that any errors or failures get mailed to me withing 24 hours without me having to add any sort of extra monitoring. The client machine is actually pretty secure, it has ssh access allowed from the outside world but only from two specific IP addresses neither of which is a publicly accessible machine so the chances of an intruder getting in are pretty small. > That way, no intruder on your machine can destroy the backups. If he > deletes files, the deletes will be backed-up, but the files will still > be in the increments. That's what I'm trying to approach with a 'push' backup plus some extra arguments to rdiff-backup. -- Chris Green _______________________________________________ rdiff-backup-users mailing list at rdiff-backup-users@nongnu.org http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
