Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not the GP but I use ZFS snapshots for such things. Should the files be overwritten or deleted I can always fetch an older copy from snapshots.

The trick is to make sure nothing has access to the backup storage, which is obviously easier said than done.



That's not hard. On my backup server, I have an account with a restricted shell that my backed-up machine has an ssh key for. That restricted shell is simply the following script:

  #!/bin/bash
  cd ~/backups
  tar --restrict --keep-old-files -x
So the only thing that the backed-up machine (or an attacker) can do with the ssh key is push new files onto the backup server as a tar stream - it can't overwrite any files, and it can't put any files anywhere except the correct directory.


For my server I went one step further and set it up so that the server being backed up has no access to the backup system at all and insteady only prepares encrypted (differential) tar archives that the backup system then grabs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: