From owner-freebsd-security  Wed Nov 28  6: 7: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from topperwein.dyndns.org (acs-24-154-28-168.zoominternet.net [24.154.28.168])
	by hub.freebsd.org (Postfix) with ESMTP id 15ADA37B405
	for <security@freebsd.org>; Wed, 28 Nov 2001 06:07:04 -0800 (PST)
Received: from topperwein (topperwein [192.168.168.10])
	by topperwein.dyndns.org (8.11.6/8.11.6) with ESMTP id fASE6wN61198
	for <security@freebsd.org>; Wed, 28 Nov 2001 09:06:59 -0500 (EST)
	(envelope-from behanna@zbzoom.net)
Date: Wed, 28 Nov 2001 09:06:53 -0500 (EST)
From: Chris BeHanna <behanna@zbzoom.net>
Reply-To: <questions@freebsd.org>
To: <security@freebsd.org>
Subject: Re: crypted remote backup
In-Reply-To: <20011128101048.A25860@shikima.mine.nu>
Message-ID: <20011128085832.D61032-100000@topperwein.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Note:  Reply-To set to freebsd-questions.

On Wed, 28 Nov 2001, Rasputin wrote:

> * Stephen T. Shipley <steve@e-shipley.com> [011127 03:57]:
> > Configure rsync.conf on source server (with 40g file) and run as a daemon. Provide a net name like "www" for alias to path.
> > And possibly run from one of the /etc/periodic/daily scripts like this (on destination box).
> >
> > /usr/local/bin/rsync -e /usr/bin/ssh -avz <source address>::www  \
>
> I think (though could be wrong) that the double colon here  ^^
> will cause rsync to use rsh as a transport, despite the fact that
> you specified ssh as an *available* transport with '-e ssh' earlier.
>
> And while we're on the subject, what's the safest way of doing this as root
> (to preserve permissions, and have access to a whole fs tree;
> I'm not too bothered about crypto at the destination directory)

    If you drop a "cookie" file at the end of each backup, you could
do something like:

    find targetdir -newer cookiefile -type f -print | tar cf - -I - | \
    ssh user@backuphost dd of=incremental`date "+%Y%m%d-%H%M%S"`.tgz

    Then, if you have to restore, you unpack the incremental tarball
with tar xvpf (restoring file ownership and permission will require
unpacking as root, but you can ship it to the archive host as another
user).

    This isn't really any longer security-related.

-- 
Chris BeHanna
Software Engineer                   (Remove "bogus" before responding.)
behanna@bogus.zbzoom.net
I was raised by a pack of wild corn dogs.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message