Re: [CentOS] Securely backing up Linux machines to NAS?
At 10:42 PM 9/11/2009, you wrote: I have been tasked with having a Buffalo Terastation Pro 2 NAS box, likely to be connected to a Linux box via samba, be the storage device to back up mostly Ubuntu and Centos systems. The trick is, the machines to be backed up need to do so in an automated fashion and make a secure, encrypted connection to my Linux box hosting the NAS. The NAS does have SSL enabled for web admin access, though the same login credentials are used to authenticate the Linux host via samba to the NAS. So what are the simplest options to back up the Linux hosts? rsync does come to mind, but how to do so securely from each host? I'd consider something via ssh, but that would mean an interactive login, and encrypting individual files on the hosts is not an option. NFS is also available on the NAS, but considering the security concerns, I will not use that, nor do I want to enable any more services on the linux machines being backed up than necessary, meaning samba is not an option, unless it remains the ONLY one. I ONLY plan to use samba to mount the NAS to my Linux server, unless someone comes up with a more secure method, or even away to negate the need of the Linux server and permit the hosts to back up directly to the NAS... Ideas are welcome. Thanks. Scott Scott, http://www.jms1.net/code/rsync-backup.shtml Cheers! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securely backing up Linux machines to NAS?
Hi, On Fri, Sep 11, 2009 at 22:42, Scott Ehrlich srehrl...@gmail.com wrote: I ONLY plan to use samba to mount the NAS to my Linux server, unless someone comes up with a more secure method, I don't know if I understand what you mean by the sentence above, but Samba is *not* secure in the sense that nothing is encrypted in that connection. or even away to negate the need of the Linux server and permit the hosts to back up directly to the NAS... Ideas are welcome. You mention that you want to use encryption to upload the files to the NAS and for that you would like to use an encrypted protocol (something over SSL or SSH). However, by doing that the files on the NAS side would still be unencrypted, and anyone having access to it would have access to all your backup files (I don't know if that is an important security consideration for you). Another alternative would be using a backup software that would create an encrypted backup image and then upload it to the NAS. That way you may do the upload using an unencrypted protocol (like FTP or CIFS which seem to be the ones that your NAS supports) and even if someone hacks your NAS they would not be able to access your backed up files. One software that does exactly that is Duplicity: http://duplicity.nongnu.org/ It certainly supports FTP for the upload, I believe it should support Samba as well. HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securely backing up Linux machines to NAS?
So what are the simplest options to back up the Linux hosts? rsync does come to mind, but how to do so securely from each host? I'd consider something via ssh, but that would mean an interactive login, and encrypting individual files on the hosts is not an option. Rsync's default transport _is_ ssh, and I understood you can't even change that in current versions. That's pretty secure and can be automated... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securely backing up Linux machines to NAS?
nice simple script and setup info here... http://www.jms1.net/code/rsync-backup.shtml - rh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securely backing up Linux machines to NAS?
Scott Ehrlich wrote: I have been tasked with having a Buffalo Terastation Pro 2 NAS box, likely to be connected to a Linux box via samba, be the storage device to back up mostly Ubuntu and Centos systems. The trick is, the machines to be backed up need to do so in an automated fashion and make a secure, encrypted connection to my Linux box hosting the NAS. The NAS does have SSL enabled for web admin access, though the same login credentials are used to authenticate the Linux host via samba to the NAS. So what are the simplest options to back up the Linux hosts? rsync does come to mind, but how to do so securely from each host? I'd consider something via ssh, but that would mean an interactive login, and encrypting individual files on the hosts is not an option. NFS is also available on the NAS, but considering the security concerns, I will not use that, nor do I want to enable any more services on the linux machines being backed up than necessary, meaning samba is not an option, unless it remains the ONLY one. I ONLY plan to use samba to mount the NAS to my Linux server, unless someone comes up with a more secure method, or even away to negate the need of the Linux server and permit the hosts to back up directly to the NAS... I always recommend looking at backuppc first for an online backup service because it gets almost everything right and has a simple web interface for configuration and acces. It's not a real good fit for a NAS though. You could probably make it work over NFS - and fix the security issue by connecting it directly to a 2nd NIC on the linux box and nothing else, but it would be much easier to just add some large drives either internally or via eSATA on the linux box itself. It can't use samba-mounted storage for it's archive because it uses hard links to save space for duplicate files. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securely backing up Linux machines to NAS?
You'll want to look into rsync over ssh with ssh key-based authentication. On 9/12/09, Les Mikesell lesmikes...@gmail.com wrote: Scott Ehrlich wrote: I have been tasked with having a Buffalo Terastation Pro 2 NAS box, likely to be connected to a Linux box via samba, be the storage device to back up mostly Ubuntu and Centos systems. The trick is, the machines to be backed up need to do so in an automated fashion and make a secure, encrypted connection to my Linux box hosting the NAS. The NAS does have SSL enabled for web admin access, though the same login credentials are used to authenticate the Linux host via samba to the NAS. So what are the simplest options to back up the Linux hosts? rsync does come to mind, but how to do so securely from each host? I'd consider something via ssh, but that would mean an interactive login, and encrypting individual files on the hosts is not an option. NFS is also available on the NAS, but considering the security concerns, I will not use that, nor do I want to enable any more services on the linux machines being backed up than necessary, meaning samba is not an option, unless it remains the ONLY one. I ONLY plan to use samba to mount the NAS to my Linux server, unless someone comes up with a more secure method, or even away to negate the need of the Linux server and permit the hosts to back up directly to the NAS... I always recommend looking at backuppc first for an online backup service because it gets almost everything right and has a simple web interface for configuration and acces. It's not a real good fit for a NAS though. You could probably make it work over NFS - and fix the security issue by connecting it directly to a 2nd NIC on the linux box and nothing else, but it would be much easier to just add some large drives either internally or via eSATA on the linux box itself. It can't use samba-mounted storage for it's archive because it uses hard links to save space for duplicate files. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Sent from my mobile device Jake Paulus jakepau...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securely backing up Linux machines to NAS?
Jake wrote: You'll want to look into rsync over ssh with ssh key-based authentication. indeed, note, the Terastation is in fact an embedded linux box and quite 'hackable'.first link on google for: terastation ssh rsync, says its easy to enable ssh and rsync, see http://bigdiver.wordpress.com/2008/07/24/installing-rsync-and-unison-on-the-buffalo-terastation-live/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securely backing up Linux machines to NAS?
... and you are welcome enough to use my rsync/ssh backup scripts... http://www.effortlessis.com/backupbuddy On Saturday 12 September 2009 12:06:59 John R Pierce wrote: Jake wrote: You'll want to look into rsync over ssh with ssh key-based authentication. indeed, note, the Terastation is in fact an embedded linux box and quite 'hackable'.first link on google for: terastation ssh rsync, says its easy to enable ssh and rsync, see http://bigdiver.wordpress.com/2008/07/24/installing-rsync-and-unison-on-the -buffalo-terastation-live/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securely backing up Linux machines to NAS?
On Fri, Sep 11, 2009 at 10:42:19PM -0400, Scott Ehrlich wrote: I have been tasked with having a Buffalo Terastation Pro 2 NAS box, likely to be connected to a Linux box via samba, be the storage device to back up mostly Ubuntu and Centos systems. The trick is, the machines to be backed up need to do so in an automated fashion and make a secure, encrypted connection to my Linux box hosting the NAS. The NAS does have SSL enabled for web admin access, though the same login credentials are used to authenticate the Linux host via samba to the NAS. So what are the simplest options to back up the Linux hosts? rsync does come to mind, but how to do so securely from each host? I'd consider something via ssh, but that would mean an interactive login, and encrypting individual files on the hosts is not an option. NFS is also available on the NAS, but considering the security concerns, I will not use that, nor do I want to enable any more services on the linux machines being backed up than necessary, meaning samba is not an option, unless it remains the ONLY one. I ONLY plan to use samba to mount the NAS to my Linux server, unless someone comes up with a more secure method, or even away to negate the need of the Linux server and permit the hosts to back up directly to the NAS... Ideas are welcome. rsync+ssh (using key based auth) or some sort of private encrypted backup network (perhaps via openvpn). rsync+ssh probably simpler. :) I would guess some of the backup software packages out there (bacula, etc) will also do encryption. Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securely backing up Linux machines to NAS?
Scott Ehrlich wrote: Ideas are welcome. Quite a situation your in, if security is that much of a concern glad I don't work where you are, sounds like a real pain in the ass. Your only options to mount the NAS from what I could see on the data sheet are FTP and Samba. So what I would do is probably use something like rsnapshot over ssh. Use key based authentication so your server can login to the other systems(not vise versa), if your really paranoid you could even assign a pass phrase to the key and use something like ssh-agent to manually run backups. Copy the files to the linux server first, encrypt them, perhaps copy them directly to a loopback mounted file system that is encrypted already. Then send the encrypted file(s)/image(s) to the NAS box via whatever protocol you want. Don't send the data unencrypted to the NAS box at all. Treat the data as compromised, it doesn't matter who gets their hands on it, if they don't have your keys and passwords they can't unlock it. You could go a step further and run an encrypted file system on the servers themselves to store the sensitive data, and back up the raw image(make sure it's in a consistent state). I can't imagine a situation where the data is so important to do this sort of a procedure and yet rely on a such a piece of crap NAS box as the one your tasked with using. Even when I worked at a company that processed millions in CC transactions a day we didn't have that kind of paranoia. Of course the networks themselves were fairly well protected. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
