skybeam/ccollect
1
0
Fork 0
forked from ungleich-public/ccollect
Code Issues Pull requests Projects Releases Wiki Activity

Fixed some borken English

Browse source
This commit is contained in:
Nico Schottelius 2006-06-13 13:25:09 +02:00
parent 3e33691460
commit c6d18d4699
1 changed files with 24 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
doc/ccollect.text
View file

@ -1,7 +1,7 @@
ccollect - Installing, Configuring and Using ccollect - Installing, Configuring and Using
============================================ ============================================
Nico Schottelius <nico-linux-ccollect__@__schottelius.org> Nico Schottelius <nico-linux-ccollect__@__schottelius.org>
0.4.0, for ccollect 0.4, Initial Version from 2006-01-13 0.4.1, for ccollect 0.4-0.4.1, Initial Version from 2006-01-13
:Author Initials: NS :Author Initials: NS
(pseudo) incremental backup (pseudo) incremental backup
@ -12,23 +12,36 @@ Introduction
------------ ------------
ccollect is a backup utility written in the sh-scripting language. ccollect is a backup utility written in the sh-scripting language.
It does not depend on a specific shell, only `/bin/sh` needs to be It does not depend on a specific shell, only `/bin/sh` needs to be
bourne shell compatibel (like 'dash', 'ksh', 'zsh', 'bash', ...). bourne shell compatible (like 'dash', 'ksh', 'zsh', 'bash', ...).
Why you can only backup TO localhost Why you cannot backup TO remote hosts (but FROM them!)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
While thinking about the design of ccollect, I thought about enabling While thinking about the design of ccollect, I thought about enabling
backup to *remote* hosts. Though this sounds like a nice feature backup to *remote* hosts. Though this sounds like a nice feature
('Backup my notebook to the server now.'), it is in my opinion a ('Backup my notebook to the server now.'), it is in my opinion a
bad idea to backup to a remote host, because you have to open bad idea to backup to a remote host.
security at your backup host. Think of the following situation: You backup
your farm of webservers *to* a backup host somewhere else. One of Reason
your webservers gets compromised, then your backup server will be compromised, ^^^^^^
too. Think of it the other way round: The backup server (now behind a To backup *TO* a remote host, you have to open security on it.
Think of the following situation: You backup your farm of webservers *TO*
a backup host somewhere else.
Now, one of your webservers, which has access to your backup host, gets
compromised.
Then your backup server will be compromised, too.
And all data from the other webservers are also know to the attacker.
Doing it the secure way
^^^^^^^^^^^^^^^^^^^^^^^
Think of it the other way round: The backup server (now behind a
firewall using NAT and strong firewall rules) connects to the firewall using NAT and strong firewall rules) connects to the
webservers and pulls the data *from* them. If someone gets access to one webservers and pulls the data *from* them. If someone gets access to one
of the webservers, the person will perhaps not even see your machine. If of the webservers, the person will perhaps not even see your machine. If
he/she sees that there are connections from a host to the compromised the attacker sees that there are connections from a host to the compromised
machine, he/she will not be able to login to the backup machine. machine, he/she will not be able to login to the backup machine.
All other backups are still secure. All other backups are still secure.
@ -65,6 +78,7 @@ Installing ccollect
~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~
For the installation, you need at least For the installation, you need at least
- the latest ccollect package (http://unix.schottelius.org/ccollect/)
- either `cp` and `chmod` or `install` - either `cp` and `chmod` or `install`
- for more comfort: `make` - for more comfort: `make`
- for rebuilding the generated documentation: additionally `asciidoc` - for rebuilding the generated documentation: additionally `asciidoc`