rdiff-backup-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] Getting info about the backups


From: Ben Escoto
Subject: Re: [rdiff-backup-users] Getting info about the backups
Date: Fri, 25 Nov 2005 02:37:39 -0600

>>>>> <address@hidden>
>>>>> wrote the following on Thu, 24 Nov 2005 23:17:03 -0800 (PST)
>
> One of my servers was compromised the other day.  I backup the
> system using rdiff-backup.  I was thinking that it is a GREAT tool
> for auditing what the hacker did to the files on the system.
> However, I'm not really certain on the best ways of getting that
> information about of rdiff-backup

Can you use --compare[-at-time] to see how your current files differ
from the backed-up files?  Note that this is relatively fast but not
totally safe because it only checks the metadata.  An attacker may be
able to modify a file while keeping it the same size, and then reset
its mtime.

To get around this attack, the devel version keeps sha1 checksums of
all the regular files, and you can use --compare-hash[-at-time] to
check those.  This should be a more secure way to expose any attacks.

> I've been waiting for someone to step up and develop a free web GUI
> for the rdiff-backup system... but it looks like there are no real
> takers yet.  Some commerical ones... but I really think a free tool
> deserves a free GUI.  So maybe I'll give it a whirl.

Someone has started one at http://rdiffbackupweb.sourceforge.net/ but
I don't know how usable it is.

> I remember reading somewhere that there was a XML output option for
> rdiff-backup but I don't see it in the man pages.  Can someone
> please let me know what is the best way of getting information about
> the backup from rdiff-backup?  (I would like to use the XML
> interface if this exists... just doesn't seem to be documented if it
> is) I could simply read the data directory... but I don't think this
> is the way to go because if the data directory changes or major
> restructuring happens... the GUI becomes useless.

Currently rdiff-backup doesn't use XML.  I looked into using it for
the mirror_metadata file but thought it was overkill.  So far at least
I'm satisfied with that decision.  The mirror_metadata format can be
considered pretty stable---I don't think you need to worry too much
about it changing because I'd have to worry about all the existing
repositories in the legacy format.

Sometimes the format of the data files get extended (like additional
fields in the mirror_metadata file, or the addition of the
access_control_lists file) but as far as I can remember all of these
have been backwards-compatible.  So in theory rdiff-backup v0.4 should
work on a repository created by v1.1.2.


-- 
Ben Escoto

Attachment: pgpKjXZ3Du1qT.pgp
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]