All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Backup Epiphany! Critiques, please
raindog308
Administrator, Veteran
I've been thinking about backups and how to solve a problem that has vexed me: if one of my VPSes were ever compromised, the credentials to access to backup server are stored there, which could lead to its compromise as well. (Storing credentials on the backup server to pull from the primaries is the same problem).
Using a proper 3rd party backup solution (r1, webbycart, bqbackup, etc.) is one solution, but expensive. Right now I'm using a backup VPS at hostigation and there is also S3/Azure/Rackspace.
But how to solve the credentials problem?
I realized tonight that instead of launching a cron job on each VPS, I could ssh via cronjob from my home linux desktop to invoke my backup script on each VPS and provide the credentials for whatever backup service (or a password to decrypt a credentials store).
Yes, that means if my home was ever broken into and my computer stolen, etc. I would be vulnerable. Storing the script/credentials on an encrypted partition should fix that (they couldn't steal the PC without powering it off and it's not a laptop). I realize I'd be depending on my home PC to backup my vast VPS empire (lol) but if it failed the script would be easy enough to run somewhere else and I always have a "backup successful/failed" report mailed to me daily anyway.
Thoughts?
Comments
You could read the other thread about the exact same thing from a few hours ago.
http://www.lowendtalk.com/discussion/1996/how-do-you-backup-your-vps
Thanks, but this particular issue wasn't addressed there.
If the data means so much, why don't you consider 3rd party backup? What kind of data are you backing up and how much resources?
There are inverse solutions (can't remember).
I mean, the backup server access to the servers to backup, and not inverse.
What I used to do was encrypt the backup files and send them to a directory that's accessible via the webserver. I then call my backup cgi script and pass the directory plus filename of my backups. The cgi script checked if the caller is on the white list ip and wget the backups.
--edit--
you can also restrict the access to your backup files so that it will only allow connection from the backup server.
What about using actual rsync, not tunnel via ssh, and the hosts allow/deny directives in rsyncd.conf Now there is no worry of actual credentials being on either system, as only certain hosts are allowed to connect via rsync.
That's sort of the same problem, Tim - if someone compromises the primary, they can rsync and nuke the backup.
@draco - it's not super-valuable data, but it is mine
Who cares if they nuke the backup, backups are like Doritos, don't worry, they'll make more.
actually i can see how someone can steal your desktop without powering it off.
How? Unless it's on a UPS already there isn't really a way
Maybe I'm misunderstanding...if they compromise my VPS and rsync empty directories, my data is lost, no?
@kbar - I'm curious - how? It's a pretty basic PC in. generic beige case, though I have an old soekris running openbsd that might be good for this.
I appreciate the feedback from all.
Depends on the permissions. If the VPS is allowed to talk to the backups, your going to lose everything, if the backup machine is allowed to talk to the VPS, and the VPS does it's backup to a local directory and the backup machine pulls from the VPS, you are only losing backups, not data. So if you play out every possible scenario, you will never be safe and would only be better off unplugging the ethernet.
Gotcha.
Hostigation...backup VPS and free consulting. What a value! :-)
Not a tip, just a story I've heard at the hospital, they used to do the log server with a modified ethernet cable which was one-end only. It would not be able to send from the syslogserver to the clients, the clients would only be able to send. Wouldn't something like that help here?
Are you being serious? Ethernet with only one end? That is the same as not plugging it in.
Yes, the link detection / negotiation would not work.
But one-way rs232 should be possible, perfect for logging server.
I think @Raymii was meaning a cable that could only send data one way.
Yes but such cable cannot work (for ethernet). The ethernet cards would report "no link".
I'm not sure something quite like what @Raymii said could be done for logging, but I did some searching and it looks like such things are useful for intrusion detection systems, because they let you monitor network traffic undetectably; for instance, see this PDF or this Instructable. You basically rewire a cable/jack to make sending impossible and set the machine on the receiving end to promiscuous mode.
@rds100, you're right; I've definitely heard of one-way RS-232 being used for secure logging.
@miTgiB and @dmmcuntyre3 It was an self-made ethernet cable which had a few pairs different so that is could only send data one-way. Indeed to log without being able to detect it. They had their own customized version of syslog also, but what was changed I don't know.