Re: [rdiff-backup-users] Clarification of --restrict-update-only

[Chris G]

On Thu, Feb 05, 2009 at 01:52:20AM +0100, Jakob Unterwurzacher wrote:
> Chris G schrieb:
> > If I never turn it on it will be perfectly safe.  :-)
> > 
> > Yes, my client (the machine to be backed up) is fairly secure. 
> > However given that ssh access from the outside world is allowed (even
> > if only for non-root and from specific IPs) there is a risk that
> > someone could get into it and wreak havoc.  What I want to do is to
> > minimise the risk that anyone who does that will also be able to get
> > at my backups and destroy them too.
> > 
> 
> IMO "the" solution to this is to use pull-style backups. The backup
> machine should login to your machine (and not the other way round) and
> start the backup.

That's how I *had* arranged it but it has the difficulty of needing
extra monitoring software to tell me if the backups are no longer
working.  A 'push' backup has the big advantage that any errors or
failures get mailed to me withing 24 hours without me having to add
any sort of extra monitoring.

The client machine is actually pretty secure, it has ssh access
allowed from the outside world but only from two specific IP addresses
neither of which is a publicly accessible machine so the chances of an
intruder getting in are pretty small.

> That way, no intruder on your machine can destroy the backups. If he
> deletes files, the deletes will be backed-up, but the files will still
> be in the increments.

That's what I'm trying to approach with a 'push' backup plus some
extra arguments to rdiff-backup.

-- 
Chris Green