Hi, thanks for your quick answers. On 17/06/2010 17:55, Les Mikesell wrote: > On 6/17/2010 9:29 AM, Jonathan Schaeffer wrote: >> >> I'm administrating a BackupPC server and I'm concerned about the security of >> the >> whole system. > > It is based on controlling access to root and the backuppc user on the > server. I don't see a way around that. Sure, my point is to limit the risks of intrusion on the clients when the server is compromised. But the first thing to do is obviously to protect the server.
>> And then, when the client restores the file, it gets an empty file. >> >> Is there a checking mechanism to ensure the integrity of the restored files ? >> i.e. the server can check that the files he is about to restore is the same >> as >> the one he stored previously ? > > If you are going to corrupt something intentionally and you have root > access, you would also be able to replace/bypass any such check. Don't > give anyone you don't trust root access... The problem is not who I give root access but who takes it in my back. First, I will not connect the BackupPC host to the internet Then, I'll use a file alteration monitor on the system to be aware of any modification in the backupPC core programs and in the data stored. iwatch looks like a good candidate. Finaly, I'll keep in mind that anybody gaining root priviledges can basicaly do all imaginable stuff. Still, would'nt it be a nice feature to check the file integrity before the restore ? Not only in case of evil intrusion but also in case of data corruption, preventing corrupted data to be restored. ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
