Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FAQ points to closed issue for pull backups #5480

Closed
anarcat opened this issue Nov 3, 2020 · 4 comments · Fixed by #5501
Closed

FAQ points to closed issue for pull backups #5480

anarcat opened this issue Nov 3, 2020 · 4 comments · Fixed by #5501
Milestone
1.1.15

Comments

@anarcat
Copy link
Contributor

anarcat commented Nov 3, 2020

https://borgbackup.readthedocs.io/en/latest/faq.html#how-can-i-protect-against-a-hacked-backup-client says:

How can I protect against a hacked backup client?

Assume you backup your backup client machine C to the backup server S and C gets hacked. In a simple push setup, the attacker could then use borg on C to delete all backups residing on S.

These are your options to protect against that:

  • Do not allow to permanently delete data from the repo, see Append-only mode (forbid compaction).
  • Use a pull-mode setup using ssh -R, see document pull-like operation #900.
  • Mount C’s filesystem on another machine and then create a backup of it.
  • Do not give C filesystem-level access to S.

That's great except #900 is a kind of long issue that was closed because BountySource and chaos. Maybe it would be best to point to some other documentation for pull-mode? Maybe something about #5288 which I believe made https://borgbackup.readthedocs.io/en/latest/deployment/pull-backup.html possible?
@ThomasWaldmann ThomasWaldmann added this to the 1.1.15 milestone Nov 3, 2020
@Gu1nness
Copy link
Contributor

@anarcat So you'd like to see https://borgbackup.readthedocs.io/en/latest/faq.html#how-can-i-protect-against-a-hacked-backup-client point to https://borgbackup.readthedocs.io/en/latest/deployment/pull-backup.html instead of #900 ?
If yes I'll do the change

@ThomasWaldmann
Copy link
Member

There is also one strange item in that list:

Do not give C filesystem-level access to S.

If one wants to protect S from attackers on C, one of course does not do that.
But, to delete all archives on S, it is not required to have that (one can just use the borg client).

Not sure what to do about this one. Either add "Of course, ..." or remove it from the list?

@ThomasWaldmann
Copy link
Member

Note: it already points to the right chapter via "See Hosting repositories for a detailed protection guide."

So maybe just continue that sentence with ", especially [point to pull backup subsection]"?

@anarcat
Copy link
Contributor Author

anarcat commented Nov 11, 2020

If yes I'll do the change

pretty much yeah.

Do not give C filesystem-level access to S.

Yeah, that struck me as odd as well: i'm not sure why it's there for.

Note: it already points to the right chapter via "See Hosting repositories for a detailed protection guide."

I think the pull-mode should be an explicit item in the list.

Gu1nness added a commit to Gu1nness/borg that referenced this issue Nov 13, 2020
@Gu1nness
Update the documentation on hacked backup client.
3278d25 
Fixes borgbackup#5480.
@Gu1nness Gu1nness mentioned this issue Nov 13, 2020
Merged
ThomasWaldmann pushed a commit to ThomasWaldmann/borg that referenced this issue Apr 19, 2021
@Gu1nness @ThomasWaldmann
Update the documentation on hacked backup client.
5a42ac6 
Fixes borgbackup#5480.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1.15
Development

Successfully merging a pull request may close this issue.

Update the documentation on hacked backup client. Gu1nness/borg
3 participants
@ThomasWaldmann @anarcat @Gu1nness