RSYNC: Backup Solution thoughts...
dwd at bell-labs.com
Thu Dec 20 02:57:36 EST 2001
Tim is right that if you're worried about the security of your network,
even if you use "hosts allow" in an rsyncd.conf to only allow access
from the backup hosts that you could be vulnerable to host spoofing;
rsync --daemon by itself does not prevent that. I've got a situation
where a backup machine (not using rsync by the way) is on the same subnet
as a machine and I put an entry for the backup machine in /etc/hosts so I
feel pretty confident that nobody would be able to spoof the backup machine.
If you rely on DNS on an unprotected network you're very vulnerable.
Another good solution for you is JD Paul's patch to run rsync --daemon
over SSH, which is planned to be integrated into rsync sometime soon.
Assuming that you have confidence in the security of your backup machine,
you could use ssh to call to the backed-up machine using an authorized_key
and have that run rsync --daemon with an rsyncd.conf that only allows
- Dave Dykstra
On Tue, Dec 18, 2001 at 05:42:19PM -0700, tim.conway at philips.com wrote:
> First: yes, wide open.
> Second: Sure, if your network is secure. I initially didn't understand
> that you were going to limit access. Anyway, trusted host access is a
> vulnerability. You know your system and situation.
> Tim Conway
> tim.conway at philips.com
> Philips Semiconductor - Longmont TC
> 1880 Industrial Circle, Suite D
> Longmont, CO 80501
> Available via SameTime Connect within Philips, n9hmg on AIM
> perl -e 'print pack(nnnnnnnnnnnn,
> ".\n" '
> "There are some who call me.... Tim?"
> Philip Mak <pmak at animeglobe.com>
> 12/18/2001 04:50 PM
> To: Tim Conway/LMT/SC/PHILIPS at AMEC
> cc: <rsync at lists.samba.org>
> Subject: Re: RSYNC: Backup Solution thoughts...
> If I understand correctly, you're saying that if someone manages to gain
> access to my rsync server, they can read my password files and private
> keys, right?
> How would they accomplish gaining access to my rsync server, though? Only
> my backup server would be authorized to connect to it...
> I think I *do* want to back up /etc/shadow actually, because this is a
> full system backup that's meant to be able to be used to restore the
> system in case of hard drive failure. If I didn't include /etc/shadow,
> then everyone would lose their passwords.
> On Tue, 18 Dec 2001 tim.conway at philips.com wrote:
> > readonly full disk.
> > rsync yourhost::rootmodule/etc/shadow .
> > satan -f ./shadow
> > telnet yourhost
> > login as user
> > su -
> > f*** you over.
> > what, no telnet, only ssh?
> > grab an identity file and ssh in.
> > yes, it's bad... at least, exclude secure areas.
More information about the rsync