[H-GEN] Fixes for excalibur's backup
Robert Brockway
robert at timetraveller.org
Mon Jul 13 22:14:04 EDT 2009
On Tue, 14 Jul 2009, Russell Stuart wrote:
> Is there anyway to get to the VM if it has been compromised and we are
> locked out? (I have never used linode, so I don't know.) It is not like
We can get to the console even if we close regular network access to the
box. I'll show the other admins how to do that.
> we can toddle down into UQ's basement and get copy of the drive and do
> forensics on it. If we don't, the only way to look at the log files is
> from the backups. What you loose in that case is all history (apache,
> sudo, etc). If you are trying to prevent a similar exploit in the
> future that information can be pretty useful. Particularly so because
Yep that would be the price we'd pay.
I've done a lot of forensics following up on breakins and I'd say the logs
were really useful to find the cause in maybe 50% of cases. Having said
that the vast majority of breakins I've looked at occured because the
system was behind in security updates rather than alternative causes like
a config error or a vulnerable custom web app.
So yes I'd like to have the logs in case of a breakin but perhaps the
price is too high.
> Look in /etc/rdiff-image/rdiff-image.conf to see what is currently
> excluded.
Great thanks.
Cheers,
Rob
--
I tried to change the world but they had a no-return policy
Projected IPv4 exhaustion: http://www.potaroo.net/tools/ipv4/index.html
More information about the General
mailing list