Securing-Optimizing-RH-Linux-1_2_461
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
461
$ man restore (8)
- "restore files or file systems from backups made with dump"
Backing up and restoring over the network
Backups allow you to restore the availability and integrity of information resources following
security breaches and accidents. Without a backup, you may be unable to restore a computer's
data after system failures and security breaches. It is important to develop a plan that is broad
enough to cover all the servers you plan to deploy. We must determine what categories of files
will be backed up. For example, you may choose to back up only user data files (i.e. /home)
because damaged system files should be reloaded from the original distribution media.
There are common technological approaches to file backups. For network servers, authoritative
version of the information content of the server is created and maintained on a secure machine
that is backed up. If the server is compromised and its content damaged, it can be reloaded from
the secure system maintaining the authoritative version. This approach is typically used for public
servers, such as Web servers, because the content changes at more predictable intervals.
It is important to ensure that backups are performed in a secure manner and that the contents of
the backups remain secure. We recommend that the plan specify that:
·
The source data is encrypted before being transmitted to the storage medium.
·
The data remains encrypted on the backup storage media.
·
The storage media are kept in a physically secure facility that is protected from man-
made and natural disasters.
Transfer your backup in a secure manner over the network
In the previous sections, we are showing you how to make backup on tape and files from the
same system where you execute the backup procedure with utilities like tar and dump. These
programs (tar and dump) are capable to make backup over the network too. To be able to backup
over the network, you must ensure that packages named rmt and rsh are installed on your
system. The rmt utility provides remote access to tape devices for programs like dump, and tar.
In the other part, the rsh package contains a set of programs, which allow users to run
commands on remote machines, login to other machines and copy files between machines (rsh,
rlogin and rcp are this set of programs).
Since the rsh can be easily hacked and rmt depend of rsh to be able to work, we are choose
to not install them in our setup installation (see chapter 2 Installation of your Linux Server for
more information) for securities reasons. So we must find another way to make backup over the
network in a secure manner. The SSH technology is the solution for our problem (see chapter 11
Securities Software (Network Securities) because it also have the ability to copy data across the
network with it scp command through encryption. The following is a method that permit us to
use the potential of SSH software to transfer our backup made with tar or dump in a secure
manner via the scp utility of SSH.
Using the scp command of SSH to transfer backup over the network
The scp command copies files between hosts on a network. It uses ssh for data transfer, and
uses the same authentication and provides the same security as SSH. Unlike rcp utility that
comes with the package rsh, scp will ask for passwords or passphrases. In our example
bellow, we transfer a backup file made with the tar archive program; the procedure to transfer a
backup file or tape made with dump program is the same.