A couple of weeks ago I found this breakdown of various approaches
https://techstdout.boum.org/EncryptedBackupsForParanoiacs/
We're currently using a variation of the push-backup system described
(using rsync via duplicity).
K
Kahlil (Kal) Hodgson GPG: C9A02289
Head of
Lists wrote:
> On 09/23/2013 02:44 PM, m.r...@5-cent.us wrote:
>> Lists wrote:
>>> On 09/23/2013 01:50 PM, Les Mikesell wrote:
Is there something that convinces you that sudo is better at handling
the command restriction than sshd would be?
>>> In the context of a production server, the i
On 09/23/2013 02:44 PM, m.r...@5-cent.us wrote:
> Lists wrote:
>> On 09/23/2013 01:50 PM, Les Mikesell wrote:
>>> Is there something that convinces you that sudo is better at handling
>>> the command restriction than sshd would be?
>> In the context of a production server, the idea is to remove any
Lists wrote:
> On 09/23/2013 01:50 PM, Les Mikesell wrote:
>> Is there something that convinces you that sudo is better at handling
>> the command restriction than sshd would be?
>
> In the context of a production server, the idea is to remove any ability
> from another host (EG: backup server) to
On 09/23/2013 01:50 PM, Les Mikesell wrote:
> Is there something that convinces you that sudo is better at handling
> the command restriction than sshd would be?
In the context of a production server, the idea is to remove any ability
from another host (EG: backup server) to run local arbitrary c
On Mon, Sep 23, 2013 at 3:26 PM, Lists wrote:
> >
> Depending on how you interpret this statement, my documented process may
> present a (mild) improvement.
>
> It has the backup account on the public server being a non-priviliged
> account only able to run a (tightly controlled) shell script whic
On 09/23/2013 01:02 PM, m.r...@5-cent.us wrote:
> It does have to
> run as root, though, on both, to preserve ownership of home and project
> directories, etc.
Depending on how you interpret this statement, my documented process may
present a (mild) improvement.
It has the backup account on the
Hello,
gpk-update-viewer on my CentOS 6 desktop gives me an error about
untrusted updates. When running yum update from a terminal I get the
following error:
Package chkconfig-1.3.49.3-2.el6_4.1.x86_64.rpm is not signed
No other packages seem to be affected so for now I updated excuding
chkconfi
Lists wrote:
> We've been using rsync since forever to back up all our servers and it's
> worked without a problem. But in a recent security review, we noted that
> our specific rsync backup host is using root keys to access the server,
> meaning that if the keys on the backup server were leaked/co
We've been using rsync since forever to back up all our servers and it's
worked without a problem. But in a recent security review, we noted that
our specific rsync backup host is using root keys to access the server,
meaning that if the keys on the backup server were leaked/compromised in
any
On 09/23/2013 01:10 PM, Joe Pruett wrote:
> On 09/23/2013 09:39 AM, Leonard den Ottolander wrote:
>> Hello,
>>
>> gpk-update-viewer on my CentOS 6 desktop gives me an error about
>> untrusted updates. When running yum update from a terminal I get the
>> following error:
>>
>> Package chkconfig-1.3.
On 09/23/2013 09:39 AM, Leonard den Ottolander wrote:
> Hello,
>
> gpk-update-viewer on my CentOS 6 desktop gives me an error about
> untrusted updates. When running yum update from a terminal I get the
> following error:
>
> Package chkconfig-1.3.49.3-2.el6_4.1.x86_64.rpm is not signed
>
> No oth
isd...@gmail.com wrote:
>>My advice to anyone who needs a good, solid browser is to use the stock
>>one (Firefox ESR) or get the latest Firefox binary from ftp.mozilla.org
>>if they really want to be bleeding edge.
>
> Doesn't work or even build on CentOS5 anymore. The latest version that
> s
Hello!
I'm trying to install Centos 6.4 64 bit on this Xserve:
http://www.everymac.com/systems/apple/xserve/specs/xserve-intel-xeon-2.8-eight-core-specs.html
I got a bootloader from:
http://blog.christophersmart.com/2009/07/23/linux-on-an-apple-xserve-efi-only-machine/
as none of the official Cen
14 matches
Mail list logo
