Re: [rdiff-backup-users] Prevent rdiff-backup from deleting?

[Grant]

> I think (but haven't tried) you could alter the rdiff-backup option text
> like this (this is under Ubuntu 10.04, the location might differ with
> another OS):
>
> sed -i 's/remove-older-than/remove-older-thax/g'
> /usr/share/pyshared/rdiff_backup/*.py
>
> So unless an infiltrator knew the new command name (remove-older-thax in the
> example above), they couldn't use it.

The problem is that I run rdiff-backup in a crontab and one of the
commands there includes --remove-older-than.  That's a very creative
solution though.

Because of this, I think there is a gaping security hole in any
automated rdiff-backup scheme that pushes backups to the server.
Pulling to the backup server eliminates this problem, but if the
backup server is compromised, the infiltrator has root read access to
each system being backed up and can thereby compromise each of those
systems as well.

Is rdiff-backup ill-suited to automated backups?

- Grant


>> I'm using rdiff-backup in an automated "push" arrangement with access
>> to the backup server provided via SSH keys and restricted to the
>> rdiff-backup command like command="rdiff-backup --server".  I think an
>> infiltrator could delete a compromised machine's backups from the
>> backup server like this:
>>
>> rdiff-backup --remove-older-than 1s address@hidden::/path/to/backup
>>
>> Is there any way to prevent something like that from happening?
>>
>> - Grant