Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
rethinking_my_backup_strategy [01.01.2021 22:12] – [self-made collection of other tools] Pascal Suter | rethinking_my_backup_strategy [01.01.2021 22:39] – [First POC - Burp + rsync] Pascal Suter | ||
---|---|---|---|
Line 72: | Line 72: | ||
* it would be nice to be able to mount an entire backup, or even all backups at once, via for example sshfs. One could then remount it using gocryptfs on the client to see a decrypted representation. however, this brings another isse: the mount should be read-only, so that a hacked client can't destroy existing backups on the backup server. so either we find a way to create a read-only share using for example NFS (possibly tunnelled over ssh) or we find a way to make them read-only on the backup server already before sharing them through sshfs. | * it would be nice to be able to mount an entire backup, or even all backups at once, via for example sshfs. One could then remount it using gocryptfs on the client to see a decrypted representation. however, this brings another isse: the mount should be read-only, so that a hacked client can't destroy existing backups on the backup server. so either we find a way to create a read-only share using for example NFS (possibly tunnelled over ssh) or we find a way to make them read-only on the backup server already before sharing them through sshfs. | ||
* i have found [[https:// | * i have found [[https:// | ||
+ | |||
+ | ===== First POC - Burp + rsync ===== | ||
+ | with all the arguments above considered, I decided to proceed a burp based solution and just add off-site capabilities to burp. Here is the targeted setup: | ||
+ | * " | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * one needs to make sure that all the necessary paths mentioned in '' | ||
+ | * " | ||
+ | * clients run the burp client and use client-side encryption with a strong password. the following additional core settings are used: | ||
+ | * '' | ||
+ | * '' | ||
+ | * a script on the burp server uses '' | ||
+ | * on the offsite server, a script is called (somehow, haven' | ||