|
From: | Bas Jansen |
Subject: | [Jailkit-users] rsync files |
Date: | Tue, 03 Jan 2006 11:01:16 +0100 |
Hello everyone, First of all, a happy new year to all :) secondly i have been working in secret with a co-worker on the security/rsync problem that i described earlier on this mailing list and we have a set of files which can be labeled beta/devel (which you prefer) and would love your help in testing them (monkey-proofing if you like). TAKE NOTE HOWEVER!!! the script requries a ready /chroot and /data mount, the /chroot can be 1 LVM block large partition with all the files from rootfiles.tar.gz in it and then mounted as /chroot (basically it contains the jail like a original jk_init would contain with some tweaks so that rsync can write as root). /data has to be mounted as RW, no-exec, no-dev, no-suid. For safety reasons and experience from testing within my company.... you don't want to do these things scripted..... they can be very dangerous if you don't know what you'r doing and luckily you only need to do this once.... after that the scripts do everything. The first script jk_prepare creates the environment to which rsync will backup files, it does this with --bind mounting and similair, the variables it uses are in jk_prepare.rc (like the group the user belongs to (don't change if necessary) and the path it will build the environment under). These script can eb called with like jk_prepare [options] <user_name>, if you know the key allready, i'd suggest using the public_key option so it directly adds that. After that you can specify which files you want to backup in the rsb script which uses the rsb.rc file for variables (specify howlong each backup is supposed to be stored, deletion isn't possible for security but done by syncing /var/empty to the specified directory at specified time. Building a small script to clear the empty dir's is rather trivial so i didn't include it here). This script is something my co-worker made up and i expanded as shown in the license. THIS way i am more convinced that it's (near?) unbreakable.... please feel free to ask any questions and spout comments that you want :P Sincerely, Bas "Tarskin" Jansen
rootfiles.tar.gz
Description: application/compressed-tar
jk_prepare
Description: application/shellscript
jk_prepare.rc
Description: Text document
rsb
Description: application/shellscript
rsb.rc
Description: Text document
[Prev in Thread] | Current Thread | [Next in Thread] |