[CentOS] Securely backing up Linux machines to NAS?

nate centos at linuxpowered.net
Sat Sep 12 03:41:40 UTC 2009


Scott Ehrlich wrote:

> Ideas are welcome.

Quite a situation your in, if security is that much of a concern
glad I don't work where you are, sounds like a real pain in the
ass.

Your only options to mount the NAS from what I could see on the
data sheet are FTP and Samba.

So what I would do is probably use something like rsnapshot over
ssh. Use key based authentication so your "server" can login to
the other systems(not vise versa), if your really paranoid you
could even assign a pass phrase to the key and use something
like ssh-agent to manually run backups.

Copy the files to the linux server first, encrypt them, perhaps
copy them directly to a loopback mounted file system that is
encrypted already. Then send the encrypted file(s)/image(s) to
the NAS box via whatever protocol you want. Don't send
the data unencrypted to the NAS box at all. Treat the data
as compromised, it doesn't matter who gets their hands on it,
if they don't have your keys and passwords they can't unlock
it.

You could go a step further and run an encrypted file system
on the servers themselves to store the sensitive data, and
back up the raw image(make sure it's in a consistent state).

I can't imagine a situation where the data is so important to
do this sort of a procedure and yet rely on a such a piece
of crap NAS box as the one your tasked with using.

Even when I worked at a company that processed millions in CC
transactions a day we didn't have that kind of paranoia. Of
course the networks themselves were fairly well protected.

nate





More information about the CentOS mailing list