A simple solution is to edit the python source code for rdiff-backup on
the backup server and restrict what it will accept for the
--remove-older-than argument.
You could also have two different versions of rdiff-backup on the backup
server. One accessed remotely that has this option completely disabled
(by editing the source). The other version would be the original code
but can only be accessed from the local backup server.
Sarel
On 11/14/2011 9:03 PM, Grant wrote:
The problem is that I run rdiff-backup in a crontab and one of the
commands there includes --remove-older-than. That's a very creative
solution though. Because of this, I think there is a gaping security
hole in any automated rdiff-backup scheme that pushes backups to the
server. Pulling to the backup server eliminates this problem, but if
the backup server is compromised, the infiltrator has root read access
to each system being backed up and can thereby compromise each of
those systems as well. Is rdiff-backup ill-suited to automated
backups? - Grantolutionsfirst.com.au/index.php/RdiffBackupWiki
_______________________________________________
rdiff-backup-users mailing list at rdiff-backup-users@nongnu.org
https://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
