rsbackup is a set of Perl scripts which use rsync to back up client machines to a remote server. The system was set to maximize security on the client, allowing no additional penetration vectors for the backup server. As Robert Heinlein stated, “Put all your eggs in one basket, and watch that basket.”
rsbackup’s server component never initiates a connection. Client initiates encrypted (ssh) connection with server, which verifies the following before allowing communication:
- public key of the client
- client name
- machine name
- ip address of client
- time of day
- command must be one of
- prepare – server executes a pre-defined set of actions for that particular client, ie creating a new delta of the backup store.
- rsync – verified for correct target, then allowed to execute. Only certain parameters are allowed in the rsync command.
- cleanup – server executes a pre-defined set of actions for that particular client, ie rotating off old deltas of backups
rsbackup server and client have both been tested on Linux (Debian, CentOS) and Unix (FreeBSD).