[Jailkit-users] rsync files

jailkit-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Jailkit-users] rsync files

From:	Bas Jansen
Subject:	[Jailkit-users] rsync files
Date:	Tue, 03 Jan 2006 11:01:16 +0100

Hello everyone,

First of all, a happy new year to all :) secondly i have been working in
secret with a co-worker on the security/rsync problem that i described
earlier on this mailing list and we have a set of files which can be
labeled beta/devel (which you prefer) and would love your help in
testing them (monkey-proofing if you like).

TAKE NOTE HOWEVER!!! the script requries a ready /chroot and /data
mount, the /chroot can be 1 LVM block large partition with all the files
from rootfiles.tar.gz in it and then mounted as /chroot (basically it
contains the jail like a original jk_init would contain with some tweaks
so that rsync can write as root).

/data has to be mounted as RW, no-exec, no-dev, no-suid.

For safety reasons and experience from testing within my company.... you
don't want to do these things scripted..... they can be very dangerous
if you don't know what you'r doing and luckily you only need to do this
once.... after that the scripts do everything.

The first script jk_prepare creates the environment to which rsync will
backup files, it does this with --bind mounting and similair, the
variables it uses are in jk_prepare.rc (like the group the user belongs
to (don't change if necessary) and the path it will build the
environment under).

These script can eb called with like jk_prepare [options] <user_name>,
if you know the key allready, i'd suggest using the public_key option so
it directly adds that.

After that you can specify which files you want to backup in the rsb
script which uses the rsb.rc file for variables (specify howlong each
backup is supposed to be stored, deletion isn't possible for security
but done by syncing /var/empty to the specified directory at specified
time. Building a small script to clear the empty dir's is rather trivial
so i didn't include it here). This script is something my co-worker made
up and i expanded as shown in the license.

THIS way i am more convinced that it's (near?) unbreakable....

please feel free to ask any questions and spout comments that you
want :P

Sincerely,
Bas "Tarskin" Jansen

rootfiles.tar.gz
Description: application/compressed-tar

jk_prepare
Description: application/shellscript

jk_prepare.rc
Description: Text document

rsb
Description: application/shellscript

rsb.rc
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-users] chrootsh login problem, Mike Nelson, 2006/01/03
- [Jailkit-users] rsync files, Bas Jansen <=
  - Re: [Jailkit-users] rsync files, Olivier Sessink, 2006/01/04
    - Re: [Jailkit-users] rsync files, Bas Jansen, 2006/01/05
    - Re: [Jailkit-users] rsync files, Bas Jansen, 2006/01/05
    - Re: [Jailkit-users] rsync files, Bas Jansen, 2006/01/05
    - Re: [Jailkit-users] rsync files, Olivier Sessink, 2006/01/05
    - Re: [Jailkit-users] rsync files, Bas Jansen, 2006/01/05
- Re: [Jailkit-users] chrootsh login problem, Olivier Sessink, 2006/01/04
  - Re: [Jailkit-users] chrootsh login problem, Mike Nelson, 2006/01/04
    - Re: [Jailkit-users] chrootsh login problem, Olivier Sessink, 2006/01/04

Prev by Date: [Jailkit-users] chrootsh login problem
Next by Date: Re: [Jailkit-users] chrootsh login problem
Previous by thread: [Jailkit-users] chrootsh login problem
Next by thread: Re: [Jailkit-users] rsync files
Index(es):
- Date
- Thread