Re: [rdiff-backup-users] Clarification of --restrict-update-only

[Jakob Unterwurzacher]

Chris G schrieb:
> If I never turn it on it will be perfectly safe.  :-)
> 
> Yes, my client (the machine to be backed up) is fairly secure. 
> However given that ssh access from the outside world is allowed (even
> if only for non-root and from specific IPs) there is a risk that
> someone could get into it and wreak havoc.  What I want to do is to
> minimise the risk that anyone who does that will also be able to get
> at my backups and destroy them too.
> 

IMO "the" solution to this is to use pull-style backups. The backup
machine should login to your machine (and not the other way round) and
start the backup.
That way, no intruder on your machine can destroy the backups. If he
deletes files, the deletes will be backed-up, but the files will still
be in the increments.
(unless he manages to crash rdiff-backup in a way that corrupts the
increments. Not too easy i guess.)

Even safer:
rsync to the backup host, then rdiff-backup the backup (via cron) to
another folder that can't be accessed over ssh.
Takes twice the space, but is really safe.

I usually use the first solution.

Jakob