> I think (but haven't tried) you could alter the rdiff-backup option text > like this (this is under Ubuntu 10.04, the location might differ with > another OS): > > sed -i 's/remove-older-than/remove-older-thax/g' > /usr/share/pyshared/rdiff_backup/*.py > > So unless an infiltrator knew the new command name (remove-older-thax in the > example above), they couldn't use it.
The problem is that I run rdiff-backup in a crontab and one of the commands there includes --remove-older-than. That's a very creative solution though. Because of this, I think there is a gaping security hole in any automated rdiff-backup scheme that pushes backups to the server. Pulling to the backup server eliminates this problem, but if the backup server is compromised, the infiltrator has root read access to each system being backed up and can thereby compromise each of those systems as well. Is rdiff-backup ill-suited to automated backups? - Grant >> I'm using rdiff-backup in an automated "push" arrangement with access >> to the backup server provided via SSH keys and restricted to the >> rdiff-backup command like command="rdiff-backup --server". I think an >> infiltrator could delete a compromised machine's backups from the >> backup server like this: >> >> rdiff-backup --remove-older-than 1s [email protected]::/path/to/backup >> >> Is there any way to prevent something like that from happening? >> >> - Grant _______________________________________________ rdiff-backup-users mailing list at [email protected] https://lists.nongnu.org/mailman/listinfo/rdiff-backup-users Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
