[CentOS] Howto: Extremely tight security rsync shell for backups

Kahlil Hodgson kahlil.hodgson at dealmax.com.au
Mon Sep 23 22:16:50 UTC 2013


A couple of weeks ago I found this breakdown of various approaches

    https://techstdout.boum.org/EncryptedBackupsForParanoiacs/

We're currently using a variation of the push-backup system described
(using rsync via duplicity).

K

Kahlil (Kal) Hodgson                       GPG: C9A02289
Head of Technology                         (m) +61 (0) 4 2573 0382
DealMax Pty Ltd                            (w) +61 (0) 3 9008 5281

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

"All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer."  -- IBM maintenance manual, 1925



On Tue, Sep 24, 2013 at 7:58 AM,  <m.roth at 5-cent.us> wrote:
> Lists wrote:
>> On 09/23/2013 02:44 PM, m.roth at 5-cent.us wrote:
>>> Lists wrote:
>>>> On 09/23/2013 01:50 PM, Les Mikesell wrote:
>>>>> Is there something that convinces you that sudo is better at handling
>>>>> the command restriction than sshd would be?
>>>> In the context of a production server, the idea is to remove any
>>>> ability from another host (EG: backup server) to run local arbitrary
> code or
>>>> change local files. (read-only)
>>> <snip>
>>>> You can disable the password on the backup account to achieve a similar
>>>> effect using an SSHD option. If there's a better/simpler way to do this
>>>> via SSHD option I'd love to hear about it!
>>>>
>>> Sure. You disable password authentication, and allow keys only, in
>>> /etc/ssh/sshd_config.
>>
>> This prohibits SSH logins via password, but does not strictly enforce
>> what commands are allowed to be run (and all options allowed) by a
>> specific which is what I was looking for.
>>
>> Having done a bit more research, It does appear that you could use the
>> "ForceCommand" option and disable passwords altogether for a user to
>> achieve a similar effect with SSHD.
>
> Right, but a) it very much limits who can get in. Another thing is that
> you can run the backups from a cron job as a push, instead of a pull.
>
> And the other user still leaves the issue of ownership - only root can
> copy a user's home directory, or a project directory owned by that
> project, and keep it all the same.
>
> And don't forget to save selinux contexts....
>
>       mark
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos



More information about the CentOS mailing list