Re: [Duplicity-talk] Biggest nightmare

[Cristian KLEIN]

Kenneth Loafman a écrit :
> Cristian KLEIN wrote:
>> Hello list,
>>
>> I wanted to ask you how did you prepare yourself to deal with your
>> biggest nightmare. Say somebody hacked your system and wants to do the
>> biggest damage possible. So his strategy goes as follows:
>>
>> - he installs a sniffer or uses another method to get access to you
>> duplicity backup host
>> - he deletes your hole home folder
>> - he deletes yours backups from your backup host
>>
>> Is anybody dealing with this situation right now? How?
> 
> Sorry to hear you're having problems.

Luckily, I don't have this problem. But better be safe than sorry. :)

Thank you very much for your feedback. I observe that there are two
solutions:
1) Also store backup off-site.
2) Backup-host initiated backup.

I would like to add another idea and know what you're thinking about it.
Everything duplicity needs for „normal” backup operations is to list
files, read files and create new (non-existing) files. So I thought
about creating a restricted SFTP server, which would allow exactly these
three operations. Then an evil attacker could not compromise backups.

A user who has an SSH account on a backup host, would use two keys:
a) not-password-protected, restricted to SFTP
b) password-protected, restricted to backup maintainance, which he
should actually *never* use

Unfortunately, I could not find any Restricted SFTP server, but writing
a paramiko-based one should not be too difficult. Also, duplicity does
not currently have a „pure” SFTP backend, but again, this should be
piece of cake.

So, what do you think?