---

---

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 461 $ man restore (8) - "restore files or file systems from backups made with dump" Backing up and restoring over the network Backups allow you to restore the availability and integrity of information resources following security breaches and accidents. Without a backup, you may be unable to restore a computer's data after system failures and security breaches. It is important to develop a plan that is broad enough to cover all the servers you plan to deploy. We must determine what categories of files will be backed up. For example, you may choose to back up only user data files (i.e. /home) because damaged system files should be reloaded from the original distribution media. There are common technological approaches to file backups. For network servers, authoritative version of the information content of the server is created and maintained on a secure machine that is backed up. If the server is compromised and its content damaged, it can be reloaded from the secure system maintaining the authoritative version. This approach is typically used for public servers, such as Web servers, because the content changes at more predictable intervals. It is important to ensure that backups are performed in a secure manner and that the contents of the backups remain secure. We recommend that the plan specify that: · The source data is encrypted before being transmitted to the storage medium. · The data remains encrypted on the backup storage media. · The storage media are kept in a physically secure facility that is protected from man- made and natural disasters. Transfer your backup in a secure manner over the network In the previous sections, we are showing you how to make backup on tape and files from the same system where you execute the backup procedure with utilities like tar and dump. These programs (tar and dump) are capable to make backup over the network too. To be able to backup over the network, you must ensure that packages named “rmt” and “rsh” are installed on your system. The “rmt” utility provides remote access to tape devices for programs like dump, and tar. In the other part, the “rsh” package contains a set of programs, which allow users to run commands on remote machines, login to other machines and copy files between machines (rsh, rlogin and rcp are this set of programs). Since the “rsh” can be easily hacked and “rmt” depend of “rsh” to be able to work, we are choose to not install them in our setup installation (see chapter 2 Installation of your Linux Server for more information) for securities reasons. So we must find another way to make backup over the network in a secure manner. The SSH technology is the solution for our problem (see chapter 11 Securities Software (Network Securities) because it also have the ability to copy data across the network with it “scp” command through encryption. The following is a method that permit us to use the potential of SSH software to transfer our backup made with tar or dump in a secure manner via the “scp” utility of SSH. Using the scp command of SSH to transfer backup over the network The “scp” command copies files between hosts on a network. It uses ssh for data transfer, and uses the same authentication and provides the same security as SSH. Unlike “rcp” utility that comes with the package “rsh”, “scp” will ask for passwords or passphrases. In our example bellow, we transfer a backup file made with the tar archive program; the procedure to transfer a backup file or tape made with dump program is the same.