[BBLISA] Securely backing up Linux machines to NAS?

Dewey Sasser dewey at sasser.com
Fri Sep 11 23:37:39 EDT 2009 

Scott Ehrlich wrote:
> I have been tasked with having a Buffalo Terastation Pro 2 NAS box,
> likely to be connected to a Linux box via samba, be the storage device
> to back up mostly Ubuntu and Centos systems.  The trick is, the
> machines to be backed up need to do so in an automated fashion and
> make a secure, encrypted connection to my Linux box hosting the NAS.
> The NAS does have SSL enabled for web admin access, though the same
> login credentials are used to authenticate the Linux host via samba to
> the NAS.
>   
Just to make sure I've got this straight, I see

Bunch of Linux Boxen ------->    Linux Backup Server -----------> NAS

The first link has to be a secure protocol.  The second link could be
secured by a secure protocol or by isolating it from everything else
(e.g. a VLAN).
> So what are the simplest options to back up the Linux hosts?   rsync
> does come to mind, but how to do so securely from each host?   I'd
> consider something via ssh, but that would mean an interactive login,
> and encrypting individual files on the hosts is not an option.
>   
Unless you set up an rsync server, rsync tunnels over SSH.  I consider
that secure.

I'm quite happily using BackupPC (http://backuppc.sourceforge.net/) to
back up many Linux, Solaris and Windows boxes but it requires the target
file system (meaning where it keeps the backup files) to support hard
links which I'm pretty sure rules out SAMBA (I'm using NFS in one site,
local file system in another). 

BackupPC is easy to install, easy to manage and is very, very space
efficient.  It uses rsync or SMB to snarf files from client machines. 
Right now one of my backup systems contains 142 full and 156 incremental
backups of 26 machines comprising about 810GB of raw storage and only
uses 80GB after compression and file pooling.  I can configure it to
delegate just enough management capability (i.e. requesting, restoring
and browsing backups) for individual machines to owners of that machine
and it will also bug them via email when a backup hasn't been successful
for a while.  It also has features to backup transient machines (e.g.
laptops) opportunistically.

I'm not quite sure why you say that ssh requires interactive login -- is
that a policy at your site?  I have SSH configured to allow passwordless
ssh from my backuppc account on my backup host to all my backup target
machines.  Rsync runs over ssh by default.  This requires that I keep
the backup machine secure (a good idea anyway, but fairly simple since
all it does is outbound SSH and SMB requests and NFS to my NAS) and that
the backup machine must have access to all files on the target machines
via some account.
> NFS is also available on the NAS, but considering the security
> concerns, I will not use that, nor do I want to enable any more
> services on the linux machines being backed up than necessary, meaning
> samba is not an option, unless it remains the ONLY one.
>   
NFS is definitely a problem to secure, but you could isolate the network
traffic from backup server to NAS on it's own VLAN.  Then (as long as no
one sneaks up behind the switch) you're good.  I haven't really found a
good NAS protocol.

It is likely also possible to layer on a Linux encryption file system
layer (not crypt-setup based -- that uses block devices) to encrypt the
files on the fly -- then it wouldn't matter so much that NFS was
insecure, nor would anyone be able to read the files directly from the
NAS.  However, this seems problematical to me -- when I have a machine
melt down, I don't want to deal with a lot of complexity in the
backups.  I've also never done this, so I can only call it a theoretical
possibility.
> I ONLY plan to use samba to mount the NAS to my Linux server, unless
> someone comes up with a more secure method, or even away to negate the
> need of the Linux server and permit the hosts to back up directly to
> the NAS...
>   
That means all hosts would have direct credentials to the NAS box, which
would either be a management pain or terribly insecure, or both.  I
prefer pull for my backups though there are times when push is appropriate.

If it helps, before BackupPC matured enough to be so terribly wonderful,
I wrote a PERL wrapper for rsync that manages rotating backups in an
efficient manner and handles either pull or push backups.  However, it
only merges common files across backup sets, not across machines, so
it's not as efficient as BackupPC.  (Available at
http://www.thesassers.com/dewey/RsyncBackup.html)


--
Dewey

More information about the bblisa mailing list