From owner-freebsd-security Wed Nov 28 6: 7: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-168.zoominternet.net [24.154.28.168]) by hub.freebsd.org (Postfix) with ESMTP id 15ADA37B405 for ; Wed, 28 Nov 2001 06:07:04 -0800 (PST) Received: from topperwein (topperwein [192.168.168.10]) by topperwein.dyndns.org (8.11.6/8.11.6) with ESMTP id fASE6wN61198 for ; Wed, 28 Nov 2001 09:06:59 -0500 (EST) (envelope-from behanna@zbzoom.net) Date: Wed, 28 Nov 2001 09:06:53 -0500 (EST) From: Chris BeHanna Reply-To: To: Subject: Re: crypted remote backup In-Reply-To: <20011128101048.A25860@shikima.mine.nu> Message-ID: <20011128085832.D61032-100000@topperwein.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Note: Reply-To set to freebsd-questions. On Wed, 28 Nov 2001, Rasputin wrote: > * Stephen T. Shipley [011127 03:57]: > > Configure rsync.conf on source server (with 40g file) and run as a daemon. Provide a net name like "www" for alias to path. > > And possibly run from one of the /etc/periodic/daily scripts like this (on destination box). > > > > /usr/local/bin/rsync -e /usr/bin/ssh -avz ::www \ > > I think (though could be wrong) that the double colon here ^^ > will cause rsync to use rsh as a transport, despite the fact that > you specified ssh as an *available* transport with '-e ssh' earlier. > > And while we're on the subject, what's the safest way of doing this as root > (to preserve permissions, and have access to a whole fs tree; > I'm not too bothered about crypto at the destination directory) If you drop a "cookie" file at the end of each backup, you could do something like: find targetdir -newer cookiefile -type f -print | tar cf - -I - | \ ssh user@backuphost dd of=incremental`date "+%Y%m%d-%H%M%S"`.tgz Then, if you have to restore, you unpack the incremental tarball with tar xvpf (restoring file ownership and permission will require unpacking as root, but you can ship it to the archive host as another user). This isn't really any longer security-related. -- Chris BeHanna Software Engineer (Remove "bogus" before responding.) behanna@bogus.zbzoom.net I was raised by a pack of wild corn dogs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message