I backup most of my servers using rdiff-backup over ssh, where the
servers have a /root/.ssh/authorized_keys of the following format:
command="rdiff-backup --server" ssh-rsa <rest of key>
On the "client" (i.e., the backup server), I then use a REMOTE_SCHEMA
to access the servers. I also specify exclusions on the "client" side
(i.e. on the backup server), for example that /proc should not be
backed.
Now I have a new server where parts of the filesystem contains stuff
that should not be contained anywhere else than on just that
server. I still want to take backups of the server. I'd like a way to specify
on the server that "the directory /secure may not be transferred to
the backup server using rdiff-backup".
I can, of course, specify on the backup server that /secure should not
be transferred, but what if someone breaks into my backup server, but
not into my "secure" server (they will have different root passwords)?
Then he/she can just change the excludes-list on the backup server and
get the information he/she wants.
Can you see the idea? Is this possible with the current rdiff-backup?
Does it sound like a decent thing, or just security-by-obscurity?
A Networker-like behaviour, where rdiff-backup checks if there is a
.rdiff-excludes file present in each directory before backing it up
would solve this. (Networker reads .nsr files, where you can specify
for example that subdirectories foo, bar and gaz should be skipped). I
think I've spoken about this before, but I don't remember what the
response to the idea were (perhaps just "Oh, nice, please implement!
).
\EF
--
Erik Forsberg Telephone: +46-13-21 46 00
Cendio AB Web: http://www.cendio.com
