Re: Secure rsync setup
On Monday, 2006-12-18 at 09:04:47 +0100, Frédéric VANNIÈRE wrote:
> You should look at scponly, it's a shell which only allow scp, sftp
> and rsync in
> a very restricted chroot.
> It works well, I'm using it for the backup of more 100 servers and
If you want to use scponlyc (in chroot), you have to loopback-mount all
filesystems into the chroot you want to rsync. Since Linux does not
support read-only loopback mounts, this leaves them open not only for
reading but also for writing...
The way I did it some years ago was to dump and encrypt the filesystems,
writing the result into the chroot. You can use incremental dumps or use
find | cpio for incrementals (which I did).
Of course, you need enough space to keep an encrypted, compressed dump
of all filesystems...
| You know we're sitting on four million pounds of fuel, one nuclear |
| weapon and a thing that has 270,000 moving parts built by the lowest |
| bidder. Makes you feel good, doesn't it? |
| Rockhound in "Armageddon", 1998, about the Space Shuttle |