Hello,
I am building a network of Linux clients which are connected to the main server (FreeBSD 9.1). I would like to keep incremental backups of these clients till they reach a specific GB number, say 0.5 GB for each client is enough, since the backup is mostly configuration files (should not be more than 50MB a full backup).
My initial thought was setting up a FreeBSD jail and using rdiff-backup to backup the clients to server's jail. This would require for every client to have an ssh authorization access to the jail.
The problem is that I don't trust the clients. I don't know if any of them at any time will get compromised. I will secure them (iptables, monitoring scripts and possibly, AIDE) but I would like to be able to keep their backups on the server without giving shell access. I wonder if there's a way I can achieve this. Running rdiff-backup from server to clients, will not give me root access which is need to backup that require root permission, since 'root ssh' is a no-no.
Thank you for your time,
best regards,
atmosx
I am building a network of Linux clients which are connected to the main server (FreeBSD 9.1). I would like to keep incremental backups of these clients till they reach a specific GB number, say 0.5 GB for each client is enough, since the backup is mostly configuration files (should not be more than 50MB a full backup).
My initial thought was setting up a FreeBSD jail and using rdiff-backup to backup the clients to server's jail. This would require for every client to have an ssh authorization access to the jail.
The problem is that I don't trust the clients. I don't know if any of them at any time will get compromised. I will secure them (iptables, monitoring scripts and possibly, AIDE) but I would like to be able to keep their backups on the server without giving shell access. I wonder if there's a way I can achieve this. Running rdiff-backup from server to clients, will not give me root access which is need to backup that require root permission, since 'root ssh' is a no-no.
Thank you for your time,
best regards,
atmosx