Re: network backup advice
hi ya Mike
yes... good point, you(a hacker/cracker) can remove the backups tooo ...
no question ...
but how many levels of backups and what type of backups
one wants ??? ( one can do backups securely ... or not..
- sorta endless game...
- once we are almost ready to use a "crdom array" of 5 cdroms...
and give everybody "one" cdrom ....for the backup...
- very secure so to speak...since no one can read
any data unless they have at least 4 of the 5 cdroms...
- but when they found out...i donno anybody doing it this way...
they changed their mind... :-) though its very/fairly secure
On Fri, 7 Sep 2001, Mike Dresser wrote:
> On Fri, 7 Sep 2001, Alvin Oga wrote:
> > backup server should export the host directory to each host
> I'm not too sure about this, because if I manage to compromise the machien
> being backed up, I can remove your backups on the host server.
> I ended up setting up a central backup server, that pulls a locally
> generated backup off the machine, using scp. Instead of pushing the
> backup up to the server. More disk space required, but works. I modified
> a script from Joey Hess to handle making compressed backups using tar in
> 650 meg chunks. (Easy to burn to cd and use to restore with)
yes... good way to proceed...
> > -- backups for Win98 can be done similarly...
> > - need to have samba installed on the linux box...
> > and test that you can see the windoze shares
> > - backup the windoze boxes from the backupserver itself
> smbtar is really nice for this. Keep in mind you may have 2gb limits to
> deal with. I have up to 15 machines being backed up to a central server.
> I keep at least 7 days of full backups from each machine.
> I use:
> smbtar -s server -x share -p password -t filename.tar
> smbtar -s server -x share -p password -t - | gzip -1 > filename.tar.gz
> for compression.
yeah.... i will not use any scripts that has "passwd" in it...
for anything that might compromise security.... even if its in its local
> Then once i have snagged all the local .tar or .gz's, they get written to
> an unreliable HP 14 gb Travan drive. In other words, don't bother with the
> HP travan's, they're horrible :) Slowly working on getting them replaced
> with 20/40 HP Dat drives.
travan is not too secure in that its not ejected upon writing to it...
whilest the other dat tapes does eject with the tape eject command
so one cannot erase it ( without manually reinserting the tape ) after the
backup tape was written...
> > -- you can also do the same to write to tape instead of a backup file..
> > - use a "-tape" option in the backup script
> Always have some kind of offline backups. Like i said before, if someone
> compromises your systems, and manages to compromise your backup server
> and that was your only copy...
> Someone can be a person, or a fire/earthquake/etc.
yuppers... ditto... concur completely...