On 04/15/2016 05:40 PM, Lennart Sorensen wrote:
On Fri, Apr 15, 2016 at 05:12:40PM -0400, Alvin Starr wrote:
For things like system backups you tend to have to run as root. Often for some parts. Its those parts where bad things happening can really hurt. Your backup device often has to be connected to the server. I have yet to see a backup media the magicaly gets data written to it while on the shelf. So once you have plugged in your back up media to backup and your backup program runs wild ... your kind of screwed. That's why you have a rotation of backup devices. That way you still have a backup while creating a new one. If your only backup is connected to your system, then you have no backups at all. Rotating backup media is becoming a thing of the past. A lot of organizations are moving to cloud backup or backing up to some NSA/SAN or other connected device. In an environment where changing disks/tapes is hard like in a data centre then the single backup device is attractive.
I do work for a backup provider and they have a large number of companies who in essence have a single point of failure for their backups. For better or for worse people are moving their backups offsite but into a single location.
I kind of think it would be possible to use selinux to insure things like backups or system files cannot be deleted by accident.
That would take some work to get right and I believe most systems run with selinux disabled. I know there are more than a few packages that I administer where they outright say the selinux must be disabled.
Screwing up backup software is all too easy. I once worked for a computer company the sold systems to banks and for about a 3 month period a bug in the tape driver software was writing blank tapes. It was not discovered till a customer tried to restore something simple. Fortunately nobody needed to do a real restore of important data. Well it isn't really a backup until it is verified either. Many people skip that step. I certainly have at home in many cases. True enough but testing your recovery processes is something that is seldom done. Taking systems offline to do a full recovery is just too big a pain.
You also have to do the recovery testing on a regular basis.
This company had a number of VERY smart people doing the coding but still silly errors crept through.
-- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||