Greetings! Sean McAvoy wrote:
I was looking at configuring a few of my VPN/Firewall systems to send me daily backups of vital config files, and selected log files. I was wondering what would be the easiest method of accomplishing this? I was thinking something along the lines of just tar/bzip and then gpg to encrypt. What other possibilities are there? And has anyone else setup something similar?
If you don't have the space/equipment/systems/security to use rsync via ssh (as suggested a number of times already), tar and gpg just do fine. bzip2 is not really necessary as gpg compresses the input per default (okay rate, comparable to gzip).
Advantage of tar+gpg+mail is that you don't have DSA keys to your machines lying around on your management system as you will have with rsync over ssh. If you want to use rsync/ssh you should really lock down and protect your management system. For the tar+gpg+mail solution (nearly) any client PC will do - as long as you don't unpack the mails and keep your GPG keyring safe...
Bye Volker Tanger IT-Security Consulting -- discon gmbh Wrangelstraße 100 D-10997 Berlin fon +49 30 6104-3307 fax +49 30 6104-3461 volker.tanger@discon.de http://www.discon.de/