[CentOS] Howto: Extremely tight security rsync shell for backups
m.roth at 5-cent.us
m.roth at 5-cent.us
Mon Sep 23 20:02:32 UTC 2013
Lists wrote:
> We've been using rsync since forever to back up all our servers and it's
> worked without a problem. But in a recent security review, we noted that
> our specific rsync backup host is using root keys to access the server,
> meaning that if the keys on the backup server were leaked/compromised in
> any fashion, that would provide r00t access to the servers being backed
> up.
>
> Since this doesn't seem to be readily documented, I thought I'd provide
> it to the community.
>
> After some playing around, we've found it is possible to set up
> rsync/ssh so that the connecting server can ONLY run rsync with a
> predetermined set of options.
<snip>
Yup. What we do is have keys for a specific program (in house written)
that is called via crontab, and the keys for the backup server is *only*
on the servers that are backed up by that system, and there's an in-house
written script that restricts what that program can do. It does have to
run as root, though, on both, to preserve ownership of home and project
directories, etc.
mark
More information about the CentOS
mailing list