RSYNC: Backup Solution thoughts...
tim.conway at philips.com
tim.conway at philips.com
Wed Dec 19 11:42:19 EST 2001
First: yes, wide open.
Second: Sure, if your network is secure. I initially didn't understand
that you were going to limit access. Anyway, trusted host access is a
vulnerability. You know your system and situation.
Tim Conway
tim.conway at philips.com
303.682.4917
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(nnnnnnnnnnnn,
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970),
".\n" '
"There are some who call me.... Tim?"
Philip Mak <pmak at animeglobe.com>
12/18/2001 04:50 PM
To: Tim Conway/LMT/SC/PHILIPS at AMEC
cc: <rsync at lists.samba.org>
Subject: Re: RSYNC: Backup Solution thoughts...
Classification:
If I understand correctly, you're saying that if someone manages to gain
access to my rsync server, they can read my password files and private
keys, right?
How would they accomplish gaining access to my rsync server, though? Only
my backup server would be authorized to connect to it...
I think I *do* want to back up /etc/shadow actually, because this is a
full system backup that's meant to be able to be used to restore the
system in case of hard drive failure. If I didn't include /etc/shadow,
then everyone would lose their passwords.
On Tue, 18 Dec 2001 tim.conway at philips.com wrote:
> readonly full disk.
> rsync yourhost::rootmodule/etc/shadow .
> satan -f ./shadow
> telnet yourhost
> login as user
> su -
> f*** you over.
>
> what, no telnet, only ssh?
> grab an identity file and ssh in.
>
> yes, it's bad... at least, exclude secure areas.
More information about the rsync
mailing list