Consolidate & restrict backup procedure over ssh
|Reported by:||zooey||Owned by:||haiku-web|
|Has a Patch:||no||Platform:||All|
Baron grants sudoable rsync access to the
backup user via ssh. This is used for pull-style filesystem syncs initiated from an external server.
In order to restrict the possible damage should an intruder ever get in possession of the private ssh key granting that access on baron, the process should be reviewed and improved.
authorized_keysfile should be adjusted to limit access only to
orange.hirschkaefer.de(and any other backup servers that we might want to use)
authorized_keysfile should be adjusted to specify the exact command to use for the backup process (possibly a shell script residing on baron containing the exact rsync invocation).
- Instead of sudoing rsync directly, the backup process should sudo a shell script owned by root - this way an intruder can't bend the rsync cmdline to copy out interesting files.
- The rotated backups are currently push-style, i.e. they are being pushed from baron onto the external backup server using another ssh key. From a security perspective, having both push- and pull-style backups to/from the same backup server isn't nice, as a successful attacker on baron could use the push-style backup path to gain access to the backup server, too. Would the rotated backups to be pull-style, too, we could close the access path from baron to the backup server.