Re: Secure rsync setup

[lupe@lupe-christoph.de (Lupe Christoph)]

On Monday, 2006-12-18 at 09:04:47 +0100, Frédéric VANNIÈRE wrote:

> You should look at scponly, it's a shell which only allow scp, sftp  
> and rsync in
> a very restricted chroot.
> It works well, I'm using it for the backup of more 100 servers and  
> workstations.

If you want to use scponlyc (in chroot), you have to loopback-mount all
filesystems into the chroot you want to rsync. Since Linux does not
support read-only loopback mounts, this leaves them open not only for
reading but also for writing...

The way I did it some years ago was to dump and encrypt the filesystems,
writing the result into the chroot. You can use incremental dumps or use
find | cpio for incrementals (which I did).

Of course, you need enough space to keep an encrypted, compressed dump
of all filesystems...

HTH,
Lupe Christoph
-- 
| You know we're sitting on four million pounds of fuel, one nuclear     |
| weapon and a thing that has 270,000 moving parts built by the lowest   |
| bidder. Makes you feel good, doesn't it?                               |
| Rockhound in "Armageddon", 1998, about the Space Shuttle               |