[ale] how do I make a virus proof nas?

Chuck Payne terrorpup at gmail.com
Tue Jan 8 21:46:41 EST 2013


I have in the past set up clam av to scan it. I also have use the free
version of AVG to scan it.

On Tue, Jan 8, 2013 at 9:24 PM, Ron Frazier (ALE)
<atllinuxenthinfo at techstarship.com> wrote:
> Hi Matthew,
>
> Upon re reading my post, I noticed that my description was a bit vague.  I'm
> mainly worried about the potential of a virus on the client machines that
> are being backed up.  I am pretty paranoid and take steps to prevent this.
> However, say it happened.  So, the client gets a virus, the virus attaches
> to the remote nas, and the virus deletes the partitions, etc.
>
> What you're describing sounds interesting but expensive.  I have a VERY
> minimal budget at the moment.  How much would something like that cost not
> including the hard drives?
>
> Also, what software would run on the client PC's and how would it talk to
> the NAS?  How would we prevent things other than the backup software from
> accessing the backup partition on the NAS in write mode?
>
> It would be OK if there was another partition that was accessible for
> general data storage.
>
> Sincerely,
>
> Ron
>
>
>
>
> On 1/8/2013 8:55 PM, Matthew wrote:
>
> I can build a centos 6 disc that should do that. you can look into a
> dedicated NAS box, which usually has its own prop OS, or freenas/nas-lite.
>
> On building an OS, you will want to setup selinux, aide, anti-virus, etc.
> and lock down the permissions. My scripts that I have for that, can help,
> but if you go with something newer like fedora/ubuntu builds, I am not sure
> they will. Setup PAM and other services to lock things down. Actually one of
> my NAS systems here is a debian 6 box, but all others are custom built
> centos. I do IA for a living, so that's why the heavy rhel background.
>
>
> On Tue, Jan 8, 2013 at 8:31 PM, Ron Frazier (ALE)
> <atllinuxenthinfo at techstarship.com> wrote:
>>
>> Hi all,
>>
>> I'm considering making a mini nas to run backups on here at home.  It
>> would probably have 2 - 4 TB of storage.  My router has 1 USB port, so I
>> could just attach a HDD to that.  Or, I could get something like a Buffalo
>> Link Station which holds two drives and attaches to the router.
>>
>> The main concern I've always had about having backup media attached all
>> the time is that, if a virus got into the machine, it could attack and wipe
>> out the backup drive.
>>
>> So, I need to know how to make a virus proof nas, such that at least one
>> partition on the device is accessible only  to the backup software for write
>> mode.  I don't care if everything can read the backup file, but I only want
>> the backup software to be able to add new files, write to them, or delete
>> them.
>>
>> I need something that can run while Windows 7 is running and backup using
>> the volume shadow copy service.  I also need it to be able to back up the
>> ext4 Ubuntu partition on the PC's HDD, either by reading the native file
>> system or by using a sector by sector approach.  This way, I can just let
>> the backups run periodically on their own and not worry about malware
>> affecting the backup.
>>
>> Any help is appreciated.
>>
>> Sincerely,
>>
>> Ron
>>
>>
>> --
>>
>> Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9
>> Mail.
>> Please excuse my potential brevity.
>>
>> (To whom it may concern.  My email address has changed.  Replying to
>> former
>> messages prior to 03/31/12 with my personal address will go to the wrong
>> address.  Please send all personal correspondence to the new address.)
>>
>> (PS - If you email me and don't get a quick response, you might want to
>> call on the phone.  I get about 300 emails per day from alternate energy
>> mailing lists and such.  I don't always see new email messages very
>> quickly.)
>>
>> Ron Frazier
>> 770-205-9422 (O)   Leave a message.
>> linuxdude AT techstarship.com
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
>
>
>
> --
> SimonTek
> 912-398-6704
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
>
> --
>
> (To whom it may concern.  My email address has changed.  Replying to former
> messages prior to 03/31/12 with my personal address will go to the wrong
> address.  Please send all personal correspondence to the new address.)
>
> (PS - If you email me and don't get a quick response, you might want to
> call on the phone.  I get about 300 emails per day from alternate energy
> mailing lists and such.  I don't always see new email messages very
> quickly.)
>
> Ron Frazier
> 770-205-9422 (O)   Leave a message.
> linuxdude AT techstarship.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
Terror PUP a.k.a
Chuck "PUP" Payne

(678) 636-9678
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- en.opensuse.org/User:Terrorpup
openSUSE Ambassador/openSUSE Member
Community Manager -- Southeast Linux Foundation (SELF)
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363

Have you tried SUSE Studio? Need to create a Live CD,  an app you want
to package and distribute , or create your own linux distro. Give SUSE
Studio a try. www.susestudio.com.
See you at Southeast Linux Fest, June 8-10, 2012 in Charlotte, NC.
www.southeastlinuxfest.org


More information about the Ale mailing list