Date: Wed, 28 Nov 2001 09:06:53 -0500 (EST) From: Chris BeHanna <behanna@zbzoom.net> To: <security@freebsd.org> Subject: Re: crypted remote backup Message-ID: <20011128085832.D61032-100000@topperwein.dyndns.org> In-Reply-To: <20011128101048.A25860@shikima.mine.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
Note: Reply-To set to freebsd-questions.
On Wed, 28 Nov 2001, Rasputin wrote:
> * Stephen T. Shipley <steve@e-shipley.com> [011127 03:57]:
> > Configure rsync.conf on source server (with 40g file) and run as a daemon. Provide a net name like "www" for alias to path.
> > And possibly run from one of the /etc/periodic/daily scripts like this (on destination box).
> >
> > /usr/local/bin/rsync -e /usr/bin/ssh -avz <source address>::www \
>
> I think (though could be wrong) that the double colon here ^^
> will cause rsync to use rsh as a transport, despite the fact that
> you specified ssh as an *available* transport with '-e ssh' earlier.
>
> And while we're on the subject, what's the safest way of doing this as root
> (to preserve permissions, and have access to a whole fs tree;
> I'm not too bothered about crypto at the destination directory)
If you drop a "cookie" file at the end of each backup, you could
do something like:
find targetdir -newer cookiefile -type f -print | tar cf - -I - | \
ssh user@backuphost dd of=incremental`date "+%Y%m%d-%H%M%S"`.tgz
Then, if you have to restore, you unpack the incremental tarball
with tar xvpf (restoring file ownership and permission will require
unpacking as root, but you can ship it to the archive host as another
user).
This isn't really any longer security-related.
--
Chris BeHanna
Software Engineer (Remove "bogus" before responding.)
behanna@bogus.zbzoom.net
I was raised by a pack of wild corn dogs.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011128085832.D61032-100000>