[OpenIndiana-discuss] Relocated root home directory
Roel_D
openindiana at out-side.nl
Sat Feb 9 21:59:33 UTC 2013
It was hypothetical.
I never backup ;-)
You always end up with copies of old software ;-)
Kind regards,
The out-side
Op 9 feb. 2013 om 21:41 heeft Sašo Kiselkov <skiselkov.ml at gmail.com> het volgende geschreven:
> On 02/09/2013 08:55 PM, Roel_D wrote:
>> Just a question out of interest:
>>
>> Let's say you put root's directory to another zfs dataset.
>> This dataset has been backupped to an USB stick.
>
> Hang on, you don't encrypt your back ups? Seriously? No offense dude,
> but if you did that at my place, you'd find yourself in serious trouble
> really soon.
>
>> I find it (the USB) and I take it to a new OI server and try to
>> import it. This will work since it is not encrypted.
>
> Who in their right mind does backups to removable media unencrypted?
>
>> On the new server i am root with a new/different password. Since i
>> am root, i can open the old root directory and read its bash history.
>> Voila. I know all things from the old admin.
>
> You already committed so many capital crimes in systems administration
> that you just deserved what is coming. In order, your crimes were:
>
> 1) You've used tools which record sensitive data into your .bash_history
> (Ever wonder why security-aware tools never take passwords as
> command-line arguments? That's why.)
>
> 2) You neglected to encrypt your backups to removable media. Big no-no.
>
> 3) You didn't handle backup media with the care they deserve (encrypted
> or not, backups are among the most sensitive data an organization can
> have) and misplaced them where they can be easily picked up by an
> attacker.
>
> So by this time, everything that happens to your systems is already
> karma. Plus, all of this works regardless of whether /root is on a
> separate dataset or not! (I use duplicity backup on my Linux laptop.)
>
> Cheers,
> --
> Saso
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
More information about the OpenIndiana-discuss
mailing list