At 1:13 PM -0600 2007/07/11, Google Kreme wrote:
On 11-Jul-2007, at 08:30, Daniel Farnworth wrote:
Or even rsync, very powerful...
Yep, the more I learn about rsync, the better it gets
For example, I have two FreeBSD machines that are servers sitting on
a T1. They have a rsyncd.conf file like this:
[backup]
path = /backup/
comment = Backup
readonly = no
auth users = backup
secrets file = /usr/local/etc/rsyncd.secrets
Why not readonly? I prefer to allow as few other machines as
possible to *change* files, so would have each machine connect to its
partner and download the files to back up. This way any outsiders who
screw arround cannot change either machine's live files -- just the
backup.
I would also use "hosts allow" there to prevent random
Internet machines from connecting, or (better) use ipfw to accomplish
the same thing.
For extra bonus points, whip up an ssh private key and
restrict the matching public key to running the rsync 'server'
process in ~/.ssh/authorized_keys, but this is rather complicated.
For triple word score, use encrypted keys and Gentoo keychain to
avoid unencrypted keys on disk; this way you'd need to reload the
keys after each reboot, but have better security and one less daemon
process on each machine.
Chris
--
Chris Pepper: <http://www.reppep.com/~pepper/>
<http://www.extrapepperoni.com/>
The Rockefeller University: <http://www.rockefeller.edu/>
--
------------------------------------------------------------------
Have a feature request? Not sure the software's working correctly?
If so, please send mail to <[EMAIL PROTECTED]>, not to the list.
List FAQ: <http://www.barebones.com/support/lists/bbedit_talk.shtml>
List archives: <http://www.listsearch.com/BBEditTalk.lasso>
To unsubscribe, send mail to: <[EMAIL PROTECTED]>
