Hello Howard,
"On Feb 3, 2024, at 7:08 AM, computer...@familyhistoryact.org.au wrote:
Hi,Thanks for all the responses, an interesting discussion.Bacularis would probably be a good solution for us except for the security concern. Allowing Apache access to the backup directory would mean all web apps would have access and that doesn't seem like a good idea on a multi-purpose server. We're not big enough to need, or afford, a dedicated backup server.Does anyone have a suggestion?I understand that many people think the command line is best, but we have limited skills and the GUI helps"
First of all, if you are storing backups in the same production data machine this is not backup. IMHO you should try to build an integrated backup appliance with Bacula with a small or even used servers, to process and store tha backup, even if having to use SATA disks. NVMe is also surprisingly cheap nowadays. It is probably the most inexpensive, usual and relatively safer solution.
Personally, I designed with my team and I'm selling many backup Appliances with Bacula Enterprise and our own operating system (BaculaOS), with more than 30 security enhancements, including IDS and CRC.
AFAIK Apache is present in more than 90% of the most accessed Internet websites. It is pretty safe. Many proprietary applications use Apache for critical systems. Also, Bacularis does not access Bacula volumes directly (which is the most critical data). Bacularis only access catalog via API, wich is a security abstraction layer, and confs via bjson modules. Those are also very safe IMHO.
If you are concerned with Apache security you can always use allow/deny lists, firewall rules and certificates to improve the security, among other techniques.
Rgds.
On Feb 3, 2024, at 7:08 AM, computer...@familyhistoryact.org.au wrote: Hi, |
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
