secure remote backups
mike wolman
mike@nux.co.uk
Mon, 17 Dec 2001 14:27:34 +0000 (GMT)
Hi Ben and Jason,
I have finally got around to setting up the secure backups for the various
locations we needed to backup.
On the machine(s) to be backed up i installed sudo, as my c is poor so was
worried about writing a suid c wrapper for rdiff.
Example sudoers file:
-------------
# sudoers file.
# This file MUST be edited with the 'visudo' command as root.
# See the sudoers man page for the details on how to write a sudoers file.
# User privilege specification
root ALL = (ALL) ALL
mike ALL = NOPASSWD: /usr/local/bin/rdiff-backup -s
-------------
Now on the backup server i run:
/usr/local/bin/rdiff-backup -v6 --remote-schema "ssh -C %s '/home/backupuser/backup.sh'" \
mike@machine.to.backup::/home /home/backups/machinename
The backup.sh script contains:
#!/bin/sh
#stop services
sudo -u root /usr/local/bin/rdiff-backup -s
#start services
I know that i could simply use "ssh -C %s 'sudo -u root /usr/local/bin/rdiff-backup -s'"
however on some machines there are some apps which need to be shutdown
before backing up so it should be extenable to stop services before the
backup and start them again when finished (if the services need to be
stopped and started as root then the relevent commands have been added to
sudoers file).
When run as root on the backup server i am able to preserve user and group
ownership for all files.
Please let me know if i have left major security hole open here,
Mike.
On Tue, 27 Nov 2001, mike wolman wrote:
> Hi Jason,
>
> I am playing with a suid wrapper for rdiff,
> then sshing in as a backup user and running the wrapper script,
> as linux refuses to run scripts as suid, i am playing doing it
> with very limited c knowledge, and with a pile of other stuff mounting
> in the inbox i have not had a chance to get it setup.
>
> I will let you know as soon as i actually have it running.
>
> And yes usermode linux or a vm would be way overkill.
>
> Cheers,
>
> Mike.
>
> On Tue, 27 Nov 2001, Jason Piterak wrote:
>
> > Ben & Mike,
> > Probably WAY overkill depending on your needs, but... what about running
> > the rdiff-backup under user-mode linux with root ssh allowed to the virtual
> > host? That way, if rdiff-backup (or sshd) is compromised, the cracker only
> > gets to the virtual host... It also allows you to run several completely
> > separate instances of rdiff-backup (with different chrooted environments and
> > data repositories).
> > Of course in order to do this, you'd either have to have some IP addresses
> > available (one per VM), or you'd have to do some funky port forwarding on
> > the host machine.
> >
> > Mike, please let us know what you _do_ end up with or get to work...
> >
> > Take care,
> >
> > --Jason
> >
> > ---
> > Jason Piterak
> > System Architect
> > CIS Technical Services
> > 33 Main St., Suite 302
> > Nashua, NH 03064
> > (603) 889-4684 - FAX (603) 889-0534
> >
> >
> >
> > > -----Original Message-----
> > > From: rdiff-backup-admin@keywest.Stanford.EDU
> > > [mailto:rdiff-backup-admin@keywest.Stanford.EDU]On Behalf Of
> > > mike wolman
> > > Sent: Thursday, November 22, 2001 7:33 AM
> > > To: Ben Escoto
> > > Cc: rdiff-backup@keywest.Stanford.EDU
> > > Subject: Re: secure remote backups
> > >
> > >
> > > Hi Ben,
> > >
> > > I will give your suggestions a try, I am not too keen on
> > > opening up root ssh access on the remote machines but i will
> > > give your other suggestions a try.
> > >
> > > Thanks,
> > >
> > > Mike.
> > >
> > > On Wed, 21 Nov 2001, Ben Escoto wrote:
> > >
> > > > >>>>> "MW" == mike wolman <mike@nux.co.uk>
> > > > >>>>> wrote the following on Wed, 21 Nov 2001 14:41:15 +0000 (GMT)
> > > >
> > > > MW> Hi Ben, I have tried your suggestion however when i try to ssh
> > > > MW> and su i get the following problem from su: standard
> > > in must be
> > > > MW> a tty
> > > >
> > > > MW> I have had a hunt for anybody else trying to run su
> > > from ssh but
> > > > MW> have not found a solution.
> > > >
> > > > Hmm, I think something like the ssh-then-su method still could work,
> > > > but you would need some more complicated wrapper... Ok, how about
> > > > these suggestions instead:
> > > >
> > > > 1. Suid script that runs rdiff-backup --server. I think you would
> > > > have to create another user id, and make sure only that user has
> > > > access to the script.
> > > >
> > > > 2. Instead of running rdiff-backup on machine A and trying
> > > to get it
> > > > to log in to machine B which doesn't accept ssh root logins, run
> > > > rdiff-backup on machine B (after you 'su' normally)
> > > with machine A
> > > > being remote.
> > > >
> > > > 3. Reconfigure ssh on the remote machine to accept root logins. To
> > > > do this, make sure the line
> > > >
> > > > PermitRootLogin yes
> > > >
> > > > appears in your sshd configuration file, usually at
> > > > /etc/ssh/sshd_config.
> > > >
> > > > Anything here look promising?
> > > >
> > > >
> > > > --
> > > > Ben Escoto
> > > >
> > >
> > > _______________________________________________
> > > Rdiff-backup mailing list
> > > Rdiff-backup@keywest.Stanford.EDU
> > > http://keywest.Stanford.EDU/mailman/listinfo/rdiff-backup
> > >
> >
> > ---
> > Jason Piterak
> > System Architect
> > CIS Technical Services
> > 33 Main St., Suite 302
> > Nashua, NH 03064
> > (603) 889-4684 - FAX (603) 889-0534
> >
> >
> >
> > > -----Original Message-----
> > > From: rdiff-backup-admin@keywest.Stanford.EDU
> > > [mailto:rdiff-backup-admin@keywest.Stanford.EDU]On Behalf Of
> > > mike wolman
> > > Sent: Thursday, November 22, 2001 7:33 AM
> > > To: Ben Escoto
> > > Cc: rdiff-backup@keywest.Stanford.EDU
> > > Subject: Re: secure remote backups
> > >
> > >
> > > Hi Ben,
> > >
> > > I will give your suggestions a try, I am not too keen on
> > > opening up root ssh access on the remote machines but i will
> > > give your other suggestions a try.
> > >
> > > Thanks,
> > >
> > > Mike.
> > >
> > > On Wed, 21 Nov 2001, Ben Escoto wrote:
> > >
> > > > >>>>> "MW" == mike wolman <mike@nux.co.uk>
> > > > >>>>> wrote the following on Wed, 21 Nov 2001 14:41:15 +0000 (GMT)
> > > >
> > > > MW> Hi Ben, I have tried your suggestion however when i try to ssh
> > > > MW> and su i get the following problem from su: standard
> > > in must be
> > > > MW> a tty
> > > >
> > > > MW> I have had a hunt for anybody else trying to run su
> > > from ssh but
> > > > MW> have not found a solution.
> > > >
> > > > Hmm, I think something like the ssh-then-su method still could work,
> > > > but you would need some more complicated wrapper... Ok, how about
> > > > these suggestions instead:
> > > >
> > > > 1. Suid script that runs rdiff-backup --server. I think you would
> > > > have to create another user id, and make sure only that user has
> > > > access to the script.
> > > >
> > > > 2. Instead of running rdiff-backup on machine A and trying
> > > to get it
> > > > to log in to machine B which doesn't accept ssh root logins, run
> > > > rdiff-backup on machine B (after you 'su' normally)
> > > with machine A
> > > > being remote.
> > > >
> > > > 3. Reconfigure ssh on the remote machine to accept root logins. To
> > > > do this, make sure the line
> > > >
> > > > PermitRootLogin yes
> > > >
> > > > appears in your sshd configuration file, usually at
> > > > /etc/ssh/sshd_config.
> > > >
> > > > Anything here look promising?
> > > >
> > > >
> > > > --
> > > > Ben Escoto
> > > >
> > >
> > > _______________________________________________
> > > Rdiff-backup mailing list
> > > Rdiff-backup@keywest.Stanford.EDU
> > > http://keywest.Stanford.EDU/mailman/listinfo/rdiff-backup
> > >
> >
>
>