[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chkrootkit has me worried!



On Tuesday 29 November 2005 14.04, kevin bailey wrote:
> if backing up to another server get that server to pull backups out.  on
> my new machines i was pushing out the backups from the primary server -
> this would mean a cracker would then have an easy way in to the backup
> machine because i was using authorized_keys so the backup would run in a
> script.

Note that its not a question of push vs. pull but a question of where the 
authentication happens.  In both cases you'll have some means (ssh key, 
hardcoded password etc.) to access the other machine - the decision should 
thus not be push vs. pull but to store the authentication information on 
the side where a compromise is less likely.

Then, use tools like rssh to lock down the account used to transfer the back 
up data.  Also allow log in on this account only from a fixed IP address.  
(Obviously not always possible in the hobbyist scenario when you're backing 
up your server to your home machine on DSL or so.)

cheers
-- vbi



-- 
Beware of the FUD - know your enemies. This week
    * Patent Law, and how it is currently abused. *
http://fortytwo.ch/opinion

Attachment: pgpkZuKgJ6dvS.pgp
Description: PGP signature


Reply to: