[ale] Bacula backup gathering?
DJ-Pfulio
djpfulio at jdpfu.com
Tue Feb 16 13:07:43 EST 2016
On 02/16/2016 12:31 PM, Alex Carver wrote:
> On 2016-02-16 07:23, Derek Atkins wrote:
>> DJ-Pfulio <djpfulio at jdpfu.com> writes:
>>
>>> Best, easier, how-to:
>>> https://www.kirya.net/articles/backups-using-rdiff-backup/ Use the
>>> "pull" method for greater security.
>>
>> Only concern with rdiff-backup is the inability to encrypt the backups
>> (Data at Rest encryption).
>
> Is this not solved with an encrypted storage volume at the destination
> (e.g. LUKS, ecryptfs, etc.)?
Yep. Lots of ways to solve this. Sometimes having too many choices complicates
things. That's the problem with Unix/Linux.
encfs vs ecryptfs vs dm-luks? Discuss. I'm using dm-luks, mainly because it is
much faster than the other options and the entire OS is encrypted. The evil maid
attack still exists, so there are trade-offs.
OTOH, any automatic encryption would necessarily mean the keys are stored on the
system somewhere. I suppose a USB device could be connected overnight and
removed daily to reduce the risk period. "Data at rest" does that mean "when
not in use" or when the machine is powered down? I use LUKS dm-crypt for some
storage, but not all.
Having a HDD replaced under warranty doesn't freak me out, thanks to whole disk
encryption. Returning a disk under warranty that might contain sensitive data
always seemed like a bad idea. I don't think the security parts of the US Gvmt
does warranty returns at all for this reason. Basically, if they've used a disk,
it doesn't leave until it is powder - crushing isn't sufficient.
More information about the Ale
mailing list