Arkeia Network Backup Agent Remote Access

hdm writes "The Metasploit Project has published a security analysis of the Arkeia Network Backup Client. Anyone able to connect to TCP port 617 can gain read/write access to the filesystem of any host running the Arkeia agent software. This appears to be an intentional design decision on the part of the Arkeia developers. A long-winded description of this issue, complete with screen shots, demonstration code, and packet captures can be found in the research article. Arkeia has been credited with being the first commercial backup product for the Linux platform."

Somebody has to say it

[Renegade+Lisp]

Well, to state the obvious: Would this problem have survived for so long if Arkeia Network Backup had been open source software?

Large enterprises migrating to Linux now should be careful not to throw away the biggest advantage of their new platform by committing to all sorts of closed source software that happens to run on it.

For the time being, I guess I'll stick to my proven, open source (free software even) backup solution involving tar, gpg, and ssh.

Re:Somebody has to say it

[eibon]

Would this problem have survived for so long if Arkeia Network Backup had been open source software? Well, considering that "This appears to be an intentional design decision on the part of the Arkeia developers", I guess it would.

Re:Somebody has to say it

[mirko]

Linus has another solution:

"Only wimps use tape backup: real men just upload their important stuff on ftp, and let the rest of the world mirror it."

Re:Somebody has to say it

[badfish99]

No it wouldn't, because people would have spotted the decision at an early stage and told the developers that it was stupid.

With a commercial product, it took someone with a network sniffer to discover this. So it's just a lucky fluke that someone other than the bad guys knows about it.

Re:Somebody has to say it

[Renegade+Lisp]

Well, considering that "This appears to be an intentional design decision on the part of the Arkeia developers", I guess it would.

Haha, point taken. There is no security hole large enough that couldn't be justified by a committed team of developers.

I guess, though, I should have said: Would this problem have gone unnoticed for so long if this had been open source?

Re:Somebody has to say it

Actually (TSM) will do the same thing as this product. Probally even better(more mature)

Re:Somebody has to say it

[Eric+Giguere]

if Arkeia Network Backup had been open source software

Well, it kind of is open source software... install it and it opens up your source (and pretty much anything stored on your computer) to anyone who wants it!

Eric
See what headers your browser is sending

Re:Somebody has to say it

[Donny+Smith]

> For the time being, I guess I'll stick to my proven, open source (free software even) backup solution involving tar, gpg, and ssh.

You aparently either run a limited number of basic backup jobs and/or have plenty of time to write backup scripts, which is not bad as you need something to make yourself look very good at your job.

And FYI Arkeia Light is free (as in "one can use it at no cost"), see arkeia.org.

Re:Somebody has to say it

[file-exists-p]

So it's just a lucky fluke that someone other than the bad guys knows about it.

Sure :) Considering the complexity of the exploit, it is obvious nobody did it before it made the headlines on slashdot.

Come on.

--
Go Debian!

Re:Somebody has to say it

Insightful? Is that really the closest mod to 'unnecessary answer to rhetorical question'??

Re:Somebody has to say it

[Rich0]

Hmm - doesn't look like it fits my bill (a shame - I'be been looking for a better backup solution and have yet to find it).

Here are my requirements:

1. Backups are encrypted.
2. Backup data can be split across media.
3. Backups can use include/exclude criteria.
4. Corrupted backup files are recoverable.
5. Backups are compressed.

I've yet to find anything free which does all of this. Instead I'm using a short shell script combo of tar/bzip/gpg/split which gets the job done, but not elegantly. I'm not 100% sure how successful #4 would be with this setup. I think gpg has some support for corrupted files.

Honestly, I don't care that much about ECC and all that. My main concern with #4 is that if one byte in the backup file is messed up, I don't lose the ability to read everything else in the file. I can tolerate having one file on my system which gets lost in a disaster...

Re:Somebody has to say it

[nurd68]

Have a look at dar (should handle 1-3, and 5) with par2 to get 4.

Actually, even without par2, dar will be able to get all the files except the ones in regions with bad data, IIRC.

Re:Somebody has to say it

[Epsillon]

Well, it kind of is open source software... install it and it opens up your source (and pretty much anything stored on your computer) to anyone who wants it!

Looks like someone took Linus' quote and ran with it:

"Only wimps use tape backup. Real men let everyone else mirror their data!"

Re:Somebody has to say it

[Doc+Ruby]

If people discovered the hole without reporting it, they're bad guys for keeping silent. So yes, by definition, Metasploit and the original researchers are the first guys other than the bad guys.

Re:Somebody has to say it

[goofy183]

Try WinRar, they have versions for OSs other than windows and it does everything you want it to.

http://www.rarlab.com/download.htm

-Encryption is done using AES
-You can specify a file size to split the archives across or you can let it auto-detect the size
-You can configure your backups with include/exclude file lists
-There are a few ways to do backup recovery. One involves adding some extra data to each archive that allows corrupt archives to be repaired or the parity data can be split off into seperate files. I've had to recover archives using both systems and they work very well.
-Rar probably has some of the best compression ratios I've seen from any tool I've ever used.

Using winrar and a simple batch file I make regular backups of my windows laptop and using the linux version and a shell script I make regular backups of my FC3 box.

Re:Somebody has to say it

[Rich0]

It looks quite promising. I have my first trial backup running now...

Re:Somebody has to say it

Well, this "feature" has been known for years already. Nothing new here.

got root?

[cgranade]

Seems to me that the only way to get r/w access to the entire filesystem is if either a) the backup daemon is running as root, or b) if the backup daemon's user or group has r/w access equal to root's. In either case, the sysadmin would have to be on crack to do that. Not that read-only access is OK by any stretch, but just making the point. Oh, and before idiots start saying "see, open source isn't secure," let me remind them that this is a commercial product that was comprimised. If anything, I'd take this as further evidence of the virtues of open source.

Re:got root?

[pmsr]

I hate to spoil your party, but how are you going to backup user files if you don't have access to them? It is obvious the backup client has to run as root.

/Pedro

Re:got root?

[Zocalo]

It's a piece of backup software, at the very least it needs to have read access to everything it is going to be used to backup. If you are planning on doing a full system backup, that means it needs read access to the whole filesystem or it can't do it's job. That doesn't mean it needs to be running as "root" of course; ideally such a tool would be running with a dedicated user and group. On a Windows box however it's not uncommon to see backup utilities running with higher priviledges than the "administrator" account because that's the only way to sidestep things like system file protection and other tricks Microsoft uses to protect the system from abuse.

Re:got root?

[Renegade+Lisp]

Oh, and before idiots start saying "see, open source isn't secure," let me remind them that this is a commercial product that was comprimised. If anything, I'd take this as further evidence of the virtues of open source.

Errrm, forgive me, but it's a bit hard to grasp the logic in that. Are you saying that the idiots might say: "look, there's a security problem on Linux, so open source isn't secure." And you remind them that this problem is due to some piece of proprietary software that is not open source?

Fair enough (although that kind of logic really sounds weird to me). But be careful to claim "commercial software" is an opposite to "open source". There's lots and lots of "commercial software" that is open source by every accepted definition (e.g. MySQL). The real opposite of "open source" is "closed source", or "proprietary software" (such as Arkeia Network Backup).

Re:got root?

[danielrose]

Perhaps allowing read only access to the physical device, ie /dev/sda, and backing up at a bit level, of course this does not seem to be as economical or easy as backing up individual files... but i may be wrong.

Re:got root?

Let me remind them that this is a commercial product that was comprimised.

Wouldn`t the word compromised imply there was security to begin with? From the article: Something still seems to be missing... What happened to authentication? Could those "root" strings somehow be the username and password? The install process for the backup client does not provide an option or utility to set the password. The user manual makes it clear that the root password for the backup server software should be changed, but it doesn't have any information on setting a password for the client side. If the username and password for the agent is "root", why is it being sent in the clear in the first place?

Re:got root?

[pmsr]

For that you don't need Arkeia or any backup software of sorts. If you lose ability to do incremental or differential backups, or even RESTORE files on their location...

/Pedro

Re:got root?

[danielrose]

thats right.. dd or cpio will do the trick.. you could restore files to their location, by mounting the image of the device as a loopback and copying the required file off
of course it is less than elegant..

Re:got root?

[cgranade]

Why not give the daemon read-only access to the source for backups? Seems like it's be a straight-forward enough thing to do.

Re:got root?

[pe1rxq]

You could still access /etc/shadow and get all the passwords. Do a little offline crack and you can ssh back in for some real damage...

Jeroen

Re:got root?

[pe1rxq]

The problem this thing is giving access to everyone without any authentification.....
That is a really bad thing.
You really don't want the whole world to have access to your shadow password file.

Jreoen

Re:got root?

[mirko]

If you have access to the physical device, it becomes possible to simulate an FS on top of your data stream... unless it's encrypted, of course.

Re:got root?

[TheRaven64]

Backing up from the raw device rarely a good idea. Backups of this nature need to be atomic, so you need to unmount the filesystem, copy it, and then remount it. You will need to keep the FS unmounted for long enough to do a complete copy. A better solution is to provide rôle-based access control (SELinux does this, for example), and create a backup rôle which has read access to all files on mounted filesystems.

Re:got root?

[Creepy+Crawler]

Wow, whats this /etc/shadow file? Better grab it to *ahem* back it up.

*runs a permutation-based dict attack on the md5 sums*

Wow, who's this admin running his password as.. Password?

Re:got root?

Easy. Just don't give the backup daemon any permissions on password files. If you're on a small network with few users, big deal if you lose it in a disaster. Just remember to set up your half dozen users again on your new installation. In a large network, you *are* keeping documentation on your users - everything but their passwords - aren't you?

Re:got root?

[FLAGGR]

To the second point..

but thats the whole point of the /etc/shadow... passwords... everything else is in the public readable /etc/passwd. In a network with more than 10 users you want to keep a backup of the /etc/shadow somehow.

Re:got root?

[fymidos]

This is a clear example of a problem that can never exist in opensource projects.
You cannot have this kind of "design decisions" if your code is open...

Re:got root?

[mmkkbb]

Yes, you most certainly can, unless all users run a complete code audit before installing anything from source.

Re:got root?

[fymidos]

>unless all users run a complete code audit

Actually, no. If only *one* user (or developer) gives it a look, people will know.

Re:got root?

[John+Hasler]

Odds are that one of your users has "sally5" as his password and a directory named "Sally" in $HOME. The attacker will crack his account and then start trying for privilege escalation. Maybe he won't find it...

Re:got root?

[mmkkbb]

Only if he gets enough people to listen and ignore all the cries of "no way, it's open source..."

Re:got root?

Actually, no. If only *one* user (or developer) gives it a look, people will know.

Actually, no. If only one user (or developer) investigates and finds this, then that person knows. You'd be surprised how many people don't share their vulnerability knowledge.

Re:got root?

[SeaGK]

What about restores?, they can't be done if the agent doesn't have r/w access to the entire filesystem (for full backups anyway).

The biggest problem of backups is being able to actually restore the files in less time than it would take you to just reinstall/redo things, and it is one of the reasons I love Bacula's Catalog on database concept. It would tell you on what tape the file you are looking for is, how old the backup is, and with a tape autoloader, it would even load the correct tape and restore the file quickly. Try that with a 6GB tar.gz file ... not fun.

Erik.

Re:got root?

[Mr+Z]

"Wow! I have the same combination on my luggage!"

Re:got root?

Psssshhh... You can only say that when it's NUMBERS. Duh.

Re:got root?

[Scorillo47]

>>> On a Windows box however it's not uncommon to see backup utilities running with higher priviledges than the "administrator" account because that's the only way to sidestep things like system file protection and other tricks Microsoft uses to protect the system from abuse.

That is not true.

All you need to read a file system in Windows is the backup privilege. You don't even need to be an adminstrator. So if you have this privilege enabled, you can use the BackupRead API to backup stuff.

Re:got root?

[Storlek]

The way I back up my /home is slightly insane, but it works: cat /dev/hda3 | cdrecord dev=0,0,0 -

It does involve making the partition about the same size as a CD (or DVD) but it's fast, cheap, and bit-for-bit exact.

Re:got root?

Ummm..why wouldn't my backup daemon, that can access random locations on disk, NOT be running as a user that can access any file on the filesystem?

Am I supposed to redesign the backup solution to include some local schemes of access and communicate this to arkeia..how?

Braindead comment dude.

Re:got root?

[Mr+Z]

Well, if your luggage is geeky 'nuff, it's got a keypad like a telephone... ;-)

Re:got root?

[Jester99]

On a Windows box however it's not uncommon to see backup utilities running with higher priviledges than the "administrator" account because that's the only way to sidestep things like system file protection and other tricks Microsoft uses to protect the system from abuse

Actually, you'll almost inevitably see backup utilities running as LOCALSYSTEM, which is indeed higher than Administrator, because that's how Windows works.

If a user registers a program to run as a service (note: You must have Administrator-level access to perform this step), then that program will run for all users regardless of who logs on (ideal to ensure that a backup program runs every night), and programs that run in this mode are always LOCALSYSTEM.

It's not a hack or a "trick," that's just how the security model works. But since you've got to be the equivalent of root to install such a program, it's not exactly a problem.

Re:got root?

[ComputerSlicer23]

(You might know this, but others reading this thread might not).

Use LVM snapshots. You dedicate some freespace out of an LVM pool to an LVM snapshot. If a block of the filesystem gets written to, the original block gets copied to the LVM snapshot. The more of the blocks that get written to while the snapshot is held open, the more space you have to dedicate to it.

In the end, if you have twice the disk space, then you can hold the snapshot open indefinitely (otherwise the snapshot fails once change more unique blocks then the snapshot had dedicated for it). You can write the the same block 100 times and it only takes one block on the snapshot device. You then run your backups from the snapshot, it tries to read the original blocks from the raw device. If they have changed, it gets them from the snapshot device. I've played around with this with LVM in 2.4, but not with the LVM2 stuff in the 2.6 kernel.

LVM is pretty flexible. If ext3 would just get the online re-sizing done, I'd be able to do online partition resizing out of the box (I don't trust ReiserFS from RedHat, SuSe ship it out of the box, but RedHat doesn't appear to be dedicating the kinds of resources to it to make me happy). It'd be a thing of beauty once that goes into the mainstream kernel.

Kirby

Re:got root?

[TheRaven64]

The disadvantage of taking backups at a block level is that you can only restore by either mounting the backup as an image, or restoring to a partition of exactly the same size (which may not be possible if you are restoring to a different size hard disk). It also makes incremental backups difficult - you could run diff on each image, but that would be very messy. A better solution would be to mount the snapshot image and run the backup from this. FreeBSD allows you to mount snapshots of currently mounted filesystems, and I believe Linux does with XFS, without having to use LVM.

Re:got root?

how are you going to backup user files

"back up". ("backup" is a noun.)

Re:got root?

it can't do it's job

"its".

bad issue

[progr]

I cannot undestand how a thing like that could be an "intentional design decision".

Microsoft style

[yogikoudou]

"It's not a bug, it's a feature !"

One more strike

Does anyone else dislike their UI with a passion? At least on the no-cost version of their product... it's unusable. I'd rather throw down cash on ARCserve.

Re:One more strike

[bferrell]

Arcserve is nice. But what about bacula?

http://www.bacula.org/

Re:One more strike

We use it on 20 Linux and FreeBSD machines and created our own rescue-cds. Just insert CD, boot from it, select your wanted image and restore your data. You get an nearly complete set up machine whith little user-intervention.

Re:One more strike

[ces]

Does anyone else dislike their UI with a passion? At least on the no-cost version of their product... it's unusable.

The UI on the for-pay version of Arkeia is just as bad. The only thing I can figure is Knox was intentionally trying to make it look ugly.

I'd rather throw down cash on ARCserve.

I wouldn't go that far. The alternatives have to be pretty bad before I'd consider going within a mile of any CA product.

On the other hand Veritas Netbackup has proven to be an excellent solution for far less than Knox wanted to charge. It is easy to see why their product is the market leader.

Re:One more strike

[Malor]

When I last used Arcserve, it was the biggest pile of crap ever. I struggled with that software for MONTHS, talking with them every few weeks, until I finally found out the problem was poorly designed software.

We had a rather odd setup(which I inherited), in which we had a network of about 30 (later 50, and then 70) development workstations, all of which were backed up . It was roughly similar to backing up 30 separate servers, though of course the individual data stores weren't that large. But it was a great number of small files.

Problem was, Arcserve at the time didn't support that many files, but this was not documented ANYWHERE. I don't remember the exact limit, but when you exceeded X files (32,000, possibly? it was surprisingly low), the namespace got corrupted. The files were copied out to data stores, but the database that tracked where the files WERE, was hopelessly corrupted. Over and over and over I dodged bullets, manually restoring whole tapes to spare servers and hunting for the files I needed to restore. I struggled and struggled, and called Arcserve and called Arcserve, until FINALLY they admitted to me (after MONTHS) that I was trying to do something the software wasn't capable of doing. It simply couldn't handle the number of files I was trying to save, and this WAS NOT DOCUMENTED and they DID NOT TELL ME THIS until after probably twenty phone calls.

We ended up spending a lot of money on Legato Networker, which was quite good in comparison. At the time (this was about 4 years ago), the Windows client had a nasty habit of locking up when it encountered specific files in the Internet Explorer cache directory. So I still had to watch the system very closely, because inevitably 1 or 2 machines each night wouldn't backup. I'd have to visit those machines, restart the Networker service, and purge the IE cache. That always fixed it, but I don't think I ever once got a perfect backup of every machine on the network at the same time.

Upshot: this is very old experience, but I really doubt that the fundamental nature of the people selling Arcserve has changed. They stonewalled me and put me through hell for months because their product was inadequate. I don't think I'd take solid gold bars from CA if they gave them to me for free.

Re:One more strike

[superpulpsicle]

Netbackup blows. It's support is excellent, which is why so many corporate managers are in favor of it. There is always someone to escalate to!

The software itself is extremely overrated. Legato had far better host agents for unix, windows, DB modules. Tivoli might be even better.

Re:One more strike

[ces]

The software itself is extremely overrated. Legato had far better host agents for unix, windows, DB modules. Tivoli might be even better.

I wouldn't know about either Legato or Tivoli as I don't have direct experience with either. I know that people tend to speak very highly of Legato.

I will say that Netbackup blows the doors off anything else I've had experience with such as Arkeia, Backup Exec, and several other rather lame PC/small office backup products.

Not a bug; it's a feature?

[physicsphairy]

"This appears to be an intentional design decision on the part of the Arkeia developers."

Does this mean that, possibly, they were anticipating people *not* being able to access TCP port 617? I.e. "we trust you know how to properly configure your firewall."

So far, I can narrow down to either that, them being drunk when they coded this, or this being a case of the improper usage of the word "intentional."

Re:Not a bug; it's a feature?

[moz25]

I consider closing of unnecessary ports (that is: unnecessary for any remote use) to be reasonable security practice. However, to have it be the only layer of protection is of course rather dubious.

I doubt that "intentional" is correct, but when a security hole is so blatant, the term does come to mind.

Re:Not a bug; it's a feature?

[Zocalo]

Even if they were making the somewhat idiotic assumption that all of their users were behind a properly configured firewall, so what? That makes absolutely zero provision for a potential cracker having already circumvented the firewall by other means or even the possibility that they might be an employee. Or haven't they seen any of the reports that a significant amount of computer crime is committed by aggrieved employees?

I don't think it's so much improper usage of the word "intentional" as an incorrect synonym for the term "brain dead".

Re:Not a bug; it's a feature?

[prefect42]

You're assuming that you have an institutional firewall, but nothing on individual machines. It's not unreasonable to suggest it could be sane to run system firewalls that restrict port access. It's still not sensible having that as the only security on the port though.

from the arkeia site

[Dr.Opveter]

Arkeia.com

I was looking for a Client-Server backup system that could offer me the possibility of backing up Unix/Linux and NT Servers on a single tape system.
After long research my choice went to the Arkeia solution, because it has all the benefits I needed. Since then, it runs like a black box, without any need of additional Service.

Tom Weber, IT Manager
RTL TV (Europe)

The backup system running like a black box might not be a good thing here eh?

Re:from the arkeia site

I bet you're Canadian, eh?

Re:from the arkeia site

[DingerX]

I'd say the worse thing here would be being a published user of a system with an "interesting" security hole like that; all of a sudden, a friendly testimonial becomes an advertisement of a vulnerability.

Unless, of course, they've got everything firewalled to tuesday.

Zzzzapp

Nope, metal.

Re:from the arkeia site

[Dr.Opveter]

The testimonials list only has a few companies/organisations named, but they say they have 4,000 corporate-class clients. I sure hope Arkeia will notify their customers of this 'extra' product feature.

Specifications

[Fox_1]

It's very frustrating when you find previously unknown and undocumented features in software that you have purchased. I remember having to provide clients with full copies of the specifications and code for software so that they would be able update/repair/modify if I was hit by a bus or something. Security through obscurity is not safety, that should be validated by now simply by the sheer number of stories similar to this Arkeia one. Open Source Software at least has the beauty of the source code being readily accessible so that the user/admin/owner can see what they are installing on their system. This poor guy in the article ended up having to reverse engineer his software to find out the security dangers. Which may be against a law somewhere, ha - putting a backdoor into software you give me not illegal, finding that backdoor - may be me in trouble. I love it.

Re:Specifications

[TheRaven64]

I think your post is probably the best one I've read on Slashdot explaining the benefits of open source, or free, software. It's not about giving the code away to everyone free of charge, it's about ensuring that those people who rely on the code have the ability to modify it.

Re:Specifications

[Creepy+Crawler]

---Security through obscurity is not safety

You dont say..

Im choosing a number between 2^0 and 2^69. If you dont get it the first time (or in 56 hours), Im using obscurity to hide the number.

Sheesh, guess you're good at parroting out the line, but security by obscurity does in fact work. Though, obscurity is best effective when mixed with true hardness.

Re:Specifications

[hunterx11]

Obscurity would be hiding the fact that your safety is reliant on a number between 2^0 and 2^69 (as opposed to say, a word). If you do use such a number and don't feel the need to hide this fact, then your security is not through obscurity, it's through hardness.

Re:Specifications

[Fox_1]

Exactly - choosing a number that is hard to guess is security through hardness
not telling me that number even exists would add security through obscurity
The point is though that this software relied on obscurity to protect the built in backdoor, once that obscurity is gone the software doesn't even have something as brillant as a hard to guess number protecting the backdoor.
I call it the jerk arguement
- I can call you a jerk behind your back - security - obscurity
if you hear about it though - i'm hosed
- I can call you a jerk to your face, while holding my louisville slugger
security - Hardness (maple in this case)
(no offense I don't even know you and of course don't mean to suggest anything negative about you, just creating an example)

Re:Specifications

[Spoing]

1. It's very frustrating when you find previously unknown and undocumented features in software that you have purchased.

Well, for this situation finding a potential problem is easy: Port scan, security scanner. Two things that you should be doing on every network enabled device.

The time consuming part comes with the follow up where you check the results of the scans on the local machines and determine if you trust that the exposed services are being handled by secure apps. If in doubt, use an encrypted tunnel or yank the service -- whatever is appropriate. (If neither is an option, determine the danger and try and deal with it as best you can.)

Along with that, setting up a filter to check for supposedly unused ports can catch some clever developers.

Not perfect (it doesn't handle piggybacked dynamic connections on port 80 for example), though it is a good initial test.

Re:Specifications

Ah but someone might have a gun.

Re:Specifications

[Wanker]

Well, for this situation finding a potential problem is easy: Port scan, security scanner. Two things that you should be doing on every network enabled device.

These would not have helped. There was no unusual port to be found via the portscanner-- the Arkeia client was listening on a documented port and since it was installed intentionally, this open port would be considered normal. The Nessus security scanner only looks for known vulnerabilities and again would not have helped here.

HD did an excellent job of following his curiosity and found a very interesting "feature" built into Arkeia.

I bet that Nessus will have a check for this soon enough.

Re:Specifications

[Spoing]

1. There was no unusual port to be found via the portscanner-- the Arkeia client was listening on a documented port and since it was installed intentionally, this open port would be considered normal.

The fact that a port was open would be enough to investigate what it was, why it was open, and if the service was properly secured. Anyone who stops and says "OH, it's just the backup software" should not be an admin.

1. The Nessus security scanner only looks for known vulnerabilities and again would not have helped here.

Nessus already looks for issues with Arkeia. What makes you so sure that it wouldn't find this specific issue right now -- and if not now, how about next week?

I don't rely on tools to do my job for me, though the three I mentioned would have given any admin that uses them a heads up that they need to pay attention.

I like my backup like I like my hookers:

[spectrokid]

wiiiide open

The oldest excuse in the book

[HeghmoH]

"It's not a bug, it's a feature!"

What a bunch of morons. It's one thing to accidentally write a security hole in your software. It's another thing entirely to claim that you deliberately make it so your software leaves your users' systems wide open to anybody who feels like taking advantage.

Re:The oldest excuse in the book

It's only the default setting, you ignorant cunt.

Re:The oldest excuse in the book

He's more than an ignorant cunt. Yes it is indeed the default setting. If you properly configure your install you shouldn't have this problem. If this is not the default setting then every fucking jack ass would be saying, wow this software sucks!!!! I can't get it to work.

A good saying

[Capt'n+Hector]

Never attribute to malice what is explainable by stupidity. (though the Bush admin. has stretched my imagination...) Though it appears intentional, there is probably a very good explanation for all of this. Needless to say, we'd better be hearing soon from Arkeia as to exactly WHAT that explanation is.

It may have been said before...

[caluml]

Well, let me be the first to say that I for one welcome our new nmap -sS -PS617 -iR 0 -p 617 -ing overlords.

Security available, just not enabled by default

Arkeia provides both authentication and encryption of the connections - if you enable it. There is a part of the manual that covers how to enable security.

It is indeed bad that it is not enabled by default. On the other hand, enabling authentication of the backup server on the backup clients means that it is slightly harder to set up a backup client.

The problem is not much worse than, say, nfs. (Where impersonating a host can get you everywhere unless authenticated rpc is used.

Re:Security available, just not enabled by default

[ananke]

There are a few differences between NFS and this. First, with NFS you are aware about its limitations and shortcomings right from the start. Nobody hides that. Second, you can still restrict NFS share to be read only. Third, I don't use arkeia, but after quickly glancing at the exploit page, it seems to indicate that there is no way to enable authentication for this.

Already have that feature...

[timotten]

Anyone able to connect to TCP port 617 can gain read/write access to the filesystem of any host running the Arkeia agent software. This appears to be an intentional design decision on the part of the Arkeia developers... the first commercial backup product for the Linux platform...

Ha! I've already got a feature just like that, and I didn't even have to pay for my NFS software.

Hum off topic'ish.

[zijus]

Hi there.

Well I just dealt recently "simple" backups via rsync + ssh. If you can rsync something from remote onto target with no special protection regarding rsync... If target is compromised, a malicious user can run arbitrary commands through rsync. And rsync server provides full read access to FS. (Well, within user permissions though.) Isn't it a bit the same problem that this software has? I would not be surprised to hear that you can customize the backup server to limit access/actions for better sefety. Which is exactly what you have to do with ssh on remote server: filter commands passed through ssh before running them. I mean: each remote you want to back up will have to be worked on a little.

It's off topic but FYI: Rsync server can take as a file list an arbitrary unix command.

rsync user@remote:'`\rm -rf /`' .

Pretty efficient isn't it ? (unix file perm will limit the damage though).

Bye bye.

Z.

Re:Hum off topic'ish.

Well I just dealt recently "simple" backups via rsync + ssh.

I'm assuming you are doing really simple backups...how do you handle complicated tape library management (ie: tape robots, backup aging, onsite/offsite backups) automatically without having to use software more complicated than the basic Unix command line utilities? I'm not targeting you in particular, but there seems to be a lack of realization in general in this thread that backup systems are usually more complicated than just sticking an 'rsync' or 'dd' command into your cron files.

Re:Hum off topic'ish.

[Querty]

You can restrict the commands and arguments allowed by ssh. If you don't restrict this, though, you are in deep poo.

Examples at: http://sial.org/howto/rsync/

Re:Hum off topic'ish.

[Chris+Croome]

If target is compromised, a malicious user can run arbitrary commands through rsync.

I agree this is an issue, the best solution I have found is Push Mirroring with this the command that can be run is put in the ssh public key and then the compromised client can only run this specific command.

Re:Hum off topic'ish.

[mmurphy000]

how do you handle complicated tape library management (ie: tape robots, backup aging, onsite/offsite backups) automatically without having to use software more complicated than the basic Unix command line utilities?

By not using tape. rsnapshot going to a sufficiently-large RAID array or drive covers your regular backups, including aging. A separate rsnapshot or rsync can do nicely for offsites, pushing the backups to another server. For enterprises, this approach probably is insufficient, but for smaller firms (e.g., ~70 employees, 5 offices), this works well.

Only wimps use tape backup...

[ttys00]

...real men just install Arkeia for their important stuff, and let the rest of the world mirror it :)

Uh...

[warrax_666]

... if the software doesn't need the port to be open on the internal network then why is it open?

Firewalling the port on each indivudual system behind the main firewall would then imply that the software couldn't actually function (for any reasonable definition of the word "function").

Re:Uh...

[prefect42]

Have you never used a firewall? Think filtered not blocked. Configure it such that it'll only allow packets from the backup server to that port. Bingo, job's a goodun.

Re:Uh...

[am+2k]

Configure it such that it'll only allow packets from the backup server to that port.

Well, except that it's easy to switch IP once you're in the right network (that's what Mitnick did, the system was using rlogin/rcp).

Re:Uh...

[prefect42]

Which is why it was poor that it was the only security measure; I wasn't defending their 'solution', but it's at least a barrier of sorts...

A little filtering (aka firewalling) might be good

[badger.foo]

I see this story mainly as a reminder that your default firewall policy should be to block. Then open up only what you need.

Seriously, 617 may be a very nice number, but the number of host with a real need to access that port on your machine is likely to be a short one.

Oh well. See http://undeadly.org/ for links to a vaguely relevant lecture / tutorial.

Sad

[Rock-n-Rolf]

It really makes me sad that Arkeia now gets a bad reputation. They have been one of the first companies that had belief on Linux and provided a commercial software. A good backup tool for Linux was needed at that time (long before IBM or Oracle got aware of Linux) and we at SUSE then decided to promote their product. I didn't follow the development of Arkeia for a couple of years now, but this bad press, although I cannot judge wether the accusation is correct or not and a response hasn't been seen, makes me sad.

Re:Sad

...although I cannot judge wether the accusation is correct or not and a response hasn't been seen, makes me sad.

Generally speaking, when common security testing apps have already added an exploit for a vulnerability and the amount of people scanning for it has caused the ISCs detectors to light up like Xmas trees, that's a pretty good sign that the problem does actually exist.

Re: Arkeia Devel smoking pot with Bush

Evidently, the Arkeia team was taking a
toke of the same stuff George Bush has
now admitted to puffing on.

So much for Christian virtue.

Well, duh,

[warrax_666]

but how hard is it to take over the IP of another machine? There's a reason people don't do authentication-by-IP (or MAC for that matter).

Actually it's not the first

According to http://www.bru.com/about.html

BRU Backup & Restore Utility was first developed to support UNIX systems in 1985. In 1994 BRU became the first available commercial end-user Linux application, released at Linux kernel 0.99pl12. Since then, BRU has been awarded more recognition from the Linux community than any other backup software tool.

Maybe Arkeia is the first commercial NETWORK backup utility for Linux. Or maybe BRU developer is wrong.

Re:Actually it's not the first

[BJH]

No, sounds about right. I remember one of the first commercial distributions I bought came with BRU.

Use the internet as a backup

[tom+taylor]

Of course it's a feature... why bother backing up to tape or HDD when you can let the internet do your backups for you?

Re:Use the internet as a backup

Because it's pretty fast to backup 60GB of information over a local net connection - particularly if you don't have a super fast broadband connection - or want to eat up your bandwidth for a considerable period of time.

Call to slashdot from a now ex-Arkeia customer.

[Ritontor]

Well well, isn't this interesting. I've had Arkeia running for a while now, backing up a number of different machines with a variety of linuxes, and I chose it because it was the only one that had any sort of support for Debian Sarge. It's been fine, apart from some unstable MySQL support, but other than that, a great piece of software. Until now.

I can't ever trust these guys again. When I first installed it, this issue occured to me, and I just assumed "no way could those guys be that stupid, they must have some internal IP restrictions" - and indeed, seeing as when you install the client it asks for the host server, I figured everything would be fine. If only I had've been wearing my tinfoil hat...

So. Who's got any better recommedations? I want some network capable, high quality backup software. Amanda doesn't cut it, and that was the best of the freeware stuff I saw. What else is out there that has support for a variety of linuxes? Veritas Netbackup wouldn't even touch a Sarge install, it was a dependency hell that I didn't have the time nor patience to get in to. I've got Redhat boxes, from 7.2 to 9, that all need backing up too... So what are the pros out there using? Is there anything that isn't rsync and a few mt commands in a bash script?

Re:Call to slashdot from a now ex-Arkeia customer.

[saundo]

whoa, easy there Tex. Let's not throw the baby out with the bathwater yet.

How about applying a firewall to your hosts to limit 617/tcp connections to your backup host? Firewalls on internal hosts should be there already, as should the host-based IDS.

Re:Call to slashdot from a now ex-Arkeia customer.

Try BrightStor Arcserve from CA. There isn't official support for Debian but, it will probably work just fine. It has worked, for me, on other unsupported distributions.

The only problem I've found so far is that it comes from CA. I love to hate ArcServe but, I haven't found anything better yet.

Re:Call to slashdot from a now ex-Arkeia customer.

[Ritontor]

Sure, I can do that, but a remote root hole one day and a glaring oversight in design the next has just thrown me in to paranoia mode. I don't think I'd be able to sleep at night knowing that there was such a poorly written piece of software running on my servers.

Besides which, the Java GUI never really worked all that well. I think it's time to take a look at other options.

Re:Call to slashdot from a now ex-Arkeia customer.

[dTb]

Bacula on Sourceforge and their own site. works very well as a networked backup system.

Re:Call to slashdot from a now ex-Arkeia customer.

[Undertaker43017]

I use Netbackup, but for me it was a price issue. Arkiea qouted me a price 3x Netbackup (Arkeia $5500, Netbackup $1700)!

Could you install CentOS (Veritas doesn't support any free OS's as a server, and while CentOS is free, it is a clone of a Veritas supported OS ;) on your backup server? Not sure what your environment is like, but my backup server is pretty much dedicated to backups and file sharing, so it really doesn't matter what OS it runs.

Re:Call to slashdot from a now ex-Arkeia customer.

[rk]

I would like to humbly suggest these guys. The software was completely self contained (Either static executables, or the dependant libraries on were included). The network agent did a DH key exchange when you first installed it, and after that, each agent contact required a challenge-response before it would do anything. Nothing is ever guaranteed secure, but several very bright engineers who were also experienced sysadmins burned a lot of brain cycles to design the security of this system before a line of code was written. Restores were easy, and you could immediately verify the integirty of a backup when it was finished, and verify that it was still good at any time. When you have a systems failure is not when you want to find out if your tapes are actually any good or not.

In the interest of full disclosure, you should know that I worked on the product that preceeded BRU Server, but I have never had financial interest in the current company that sells any BRU product. It was a product I was proud of when we shipped 1.0 back in 2001, and they appear to have made it only better as time has gone by.

I have not looked at the new version in-depth yet. They have 30 day free trial that will always let you restore, even beyond the 30 days. You just can't do more backups with an expired product.

Re:Call to slashdot from a now ex-Arkeia customer.

Check out NetVault from BakBone Software. Support for a wide array of linux's and any application from Oracle to MS Exchange

Re:Call to slashdot from a now ex-Arkeia customer.

[ke4qqq]

Take a look at Bacula, it's very network friendly, and will even allow you to backup your windows boxes to your linux backup server, among other things. http://bacula.org

Re:Call to slashdot from a now ex-Arkeia customer.

[rainer_d]

SEP comes to mind.
Extensive platform support and lot's of plugins.

Not free, but you get what you pay for...

Re:Call to slashdot from a now ex-Arkeia customer.

[HermanAB]

Rsync is your friend, but remember to use the ssh feature for security: rsync -e ssh --timeout=180 -Cavuzb www.example.com:/home/ /data/example.net/mirror/home/ and to automate the use of ssh, you need to use ssh-agent to keep the keys.

Re:Call to slashdot from a now ex-Arkeia customer.

[ces]

Could you install CentOS (Veritas doesn't support any free OS's as a server, and while CentOS is free, it is a clone of a Veritas supported OS ;) on your backup server? Not sure what your environment is like, but my backup server is pretty much dedicated to backups and file sharing, so it really doesn't matter what OS it runs.

AFAIK Veritas supports several Linux Distros and if you really object to paying the distro vendor there are any number of distributions that are 'close enough' (like CentOS) that the Netbackup server should be able to install and run. We've currently got our Netbackup server install running on RH 7.3 but there is no reason it shouldn't work say on Fedora or Mandrake.

Also if one was willing to work at it you could probably get the Netbackup server to work on Debian Woody or Sarge. I know this is possible for some other large commercial packages as I've done Debian installs of them in the past. (I really wish that commercial app vendors would start supporting Debian Stable. It's not like it is a fast moving target or anything)

For that matter I believe Veritas also supports FreeBSD as a Netbackup server. I could be wrong though as it has been a while since I've checked.

Re:Call to slashdot from a now ex-Arkeia customer.

[ces]

Veritas Netbackup wouldn't even touch a Sarge install, it was a dependency hell that I didn't have the time nor patience to get in to. I've got Redhat boxes, from 7.2 to 9, that all need backing up too... So what are the pros out there using? Is there anything that isn't rsync and a few mt commands in a bash script?

Netbackup seems to work fine with Debian Sarge clients for us. We've got the server running on a RedHat 7.3 box at the moment but are considering upgrading to a later RedHat/Fedora/CentOS/Mandrake.

I suspect you could probably make the server work on Debian Sarge but doing so would likely take a bit of work.

Re:Call to slashdot from a now ex-Arkeia customer.

[Undertaker43017]

Actually Netbackup used to be supported on RH7.3, so I would expect it to work there. Veritas offically stopped supporting Netbackup on RH8 or RH9.

I originally tired it on RH9 and had a few problems, that mysteriously went away when I built my own system from RHEL sources.

Last time I looked, only Win32, commerical *nix, and RHEL and SuSE were supported as servers. They support pretty much everything as a client.

Re:Call to slashdot from a now ex-Arkeia customer.

[Undertaker43017]

I was curious, so I checked.

They actually don't support SuSE as a server, and they stopped support for free RH versions at 7.3 (I assume this is when the first version of RHEL came out). The chart says they don't support RHEL 3.0, as a server, but I know someone who is running it on 3.0, and claims they support him.

No BSD's are supported as a server.

I hate to spoil yours, but...

[aug24]

Access requires r/o. The guiding rule of all software dev should be 'no more privs than absolutely necessary'.

Justin.

Re:I hate to spoil yours, but...

[fymidos]

Even so, everyone will be able to read everything.
IMHO you still have a big problem.

Re:I hate to spoil yours, but...

[aug24]

Yeah, but that's rather the point of a backup system, as one of the parents said! How could you back up the files if you couldn't read them?!

Having weak security is bad, but having write access as well is a mess.

J.

Re:I hate to spoil yours, but...

Even so, everyone will be able to read everything...

Not if you store the backup image in WOM (Write Only Memory)

Ever try Tapeware?

[GweeDo]

Well, in light of this I guess I will plug the backup software I have been using. At my work we are using Yosemite's Tapeware. We currently backup two Linux servers and one Windows server and it works very well. You can manage the storage group from any of the servers (CLI on the Linux box's, GUI on the Windows machine). Yosemite even offers a 30 day trial of their software with no limitations. I am not sure how well it works on a larger setup than what I have, but for my needs, it works great and is cheaper than Arkeia too.

Not necessarily bad

depending on how you do things.

Typically, you should be using key based authentication and encryption in an unsecured network. For a secured network where you are filtering and blocking access based on port and and source ip address, it would be safe and you would get better network i/o throughput. Note that physical security is part of that. But this should be an up front and well publicised requirement for the backup software.

Somebody mentioned in another post with regard to rsync that you could filter on "user@rhost". That's not entirely safe if "rhost" is a multi-user machine since the remote user name is supplied by the remote app and you can put any value as the user name you want.

Arkeia!

[fsck!]

That's not just the name of the product, it's the sound your digestive tract will make when you try to use it! Seriously, this announcement should serve as justice to anyone who found Arkeia and stopped looking. Your much better off with Amanda or TapeWare. Not that I've audited TapeWare or anything, but I've done several thousand backups with it and I know how robust it is.

http://www.tapeware.com/

Re:Arkeia!

[Taladar]

but I've done several thousand backups with it and I know how robust it is.

Have you done a restore? Most problems with backup software arise when you try to restore something, not when you backup the files.

Re:Arkeia!

[fsck!]

Not as many. :)

The only problem I've run into doing restores involed restoring a MS SQL 7.0 on NT. There was a bug in their connector and I was apparently the first one to hit it. I've long since switched to using an open file manager for Windows-side databases, and moved almost everything to Linux anyway. TapeWare's cross platform support is pretty good, although they do develop first on Windows and then port to Linux, Novell, DOS, and Solaris. I'm in the TW8 beta program but haven't done much as I'm still waiting for their Linux release.

Re:Arkeia!

[zrk]

Not in my case. We purchased it for a block of Sun servers, and had a LOT of problems with backing up. Performance was awful (> 24 hours to backup 40GB systems), and really bad error recovery. I was really disappointed with their tech support, and I had to educate them about the normal operations of Sun systems. When backups finally succeeded, restores were pertty straightforward.

This was a couple of years ago now. I believe they've gotten better, though, and we didn't upgrade the license to newer versions of the product

Addendum :

[da5idnetlimit.com]

"Said Linus Torvald, 10 Minutes before a HDD crash made him lose most personal notes, emails, docs and latest kernel modification his cron job didn't get a chance to duplicate..."

Check it up...

Re:Addendum :

[Asgard]

No tape backup sysem will be able to protect you from losing the last 10 minutes of data. You'd need a RAID or replicated filesystem for that.

Re:Addendum :

[biglig2]

10 minutes before the cron job that uploads your data to FTP, 10 minutes before the cron job that tars it all to tape, what's the difference?

Re:SPAM :: Mod Parent Down !

[conteXXt]

my apologies.

Easy: Use QuickPar or some form of PAR2

[jvbunte]

Here is an instance of the warez-monkies indirectly contributing something useful. PAR2 is essentially a RAID5 type data parity for files. Warezpups use it to add a layer of parity to their hundreds of RAR files (or whatever). If one (or more) RAR's go bad, the parity files can be used to reconstuct the bad file. Much like RAID5 however, there is a space sacrifice for this extra parity layer.

http://sourceforge.net/projects/parchive/

Its frequently used on USENET binaries groups now as well to solve the missing part problems.

I'm sure this exact strategy could be integrated into your backup solution with minimal effort.

Re:Easy: Use QuickPar or some form of PAR2

[Fweeky]

"Much like RAID5 however, there is a space sacrifice for this extra parity layer."

But it's settable; so if you want to be able to recover fully from losing/corrupting 20% of your backup you just set it to 20% of your backup size, and if you only care about a few minor bit errors or so, you can drop it to a couple of percent or less.

Be nice if vendors provided PAR2's for their ISO/DVD images/anything else big; it sucks when you find the MD5 of your download doesn't match the one they provide (or that 400MB setup.exe throws a checksum mismatch and refuses to run), and you know it's probably just a single bit flipped somewhere but can't do much beyond redownloading the entire thing. rsync helps, of course, but that's a *lot* heavier on the server both in resource use and administration cost.

Proof that Windows is more secure!

[doublem]

Entering Balmer Mode

Yes!

Now we can see a system configured for enterprise use with enterprise grade software is completely vulnerable! Linux is a sieve! It can't protect you data, why there are millions of machines infected with Linux that can now be remotely accessed by ANOYNE for any purpose? How many of those machines are being used for kiddie porn, illegal phishing sites and other similar and equally illegal activities?

The message is clear, install Linux and your data is open to the world.

Why, I'll bet it's even accessible to file sharing networks!

That's right, if you install Linux, all the world will be able to find your Star Trek / Star Wars ? Hobbit slash fiction!

(I'd say "The nude photos you took of your wife" but we all know that Linux users are a bunch of lonely, computer obsessed geeks with no social life outside of Dungeons and Dragons.)

The above message was brought to you by the Microsoft department of Information Distribution, and will be included, with an independently verified industry research paper, in the Q2 "The real facts about Linux" web site.

Arkeia Backs-up Great - Restore Is a Problem

[zentec]

I ran Arkeia with a large web hosting firm for about 2 years mixed with Linux and Windows machines. We tested the backups extensively before deployment and spent $18,000 with Knox for licenses.

All seemed well until we needed to restore data. The logging indicated a perfect backup, but time and time again our restores were either failing or incomplete. On Windows, it simply wouldn't restore anything.

The solution, according to Arkeia was to purchase an upgrade ($12,000) which would solve all our problems. And since we refused to spend another 15% for a support agreement, that was our only alternative. I don't think so.

Needless to say, we went with someone else. Veritas had a great enterprise solution that worked with Linux and Windows (the server app runs only on Windows) and supports a huge array of tape drives. And it was one-third the price.

I can't definetly recall, but the Veritas agent also has some security peculiarities that raised some eyebrows. If you run any enterprise backup, I guess the answer is to make sure you're firewalled.

In this day and age of cheap disk drives, I wonder if anyone is using USB or Firewire drives and just using those for back-ups. A Lacie 250 gig Firewire drive is <$200.

Re:Arkeia Backs-up Great - Restore Is a Problem

[Undertaker43017]

I had the same experience with Arkeia on price. I can't believe anyone would buy their product when it's at least 3x Netbackup.

The biggest problem with Netbackup is Veritas will only support the server on RHEL or SuSE, no "free" OS's. So I built an RHEL server from source, and got around that problem. Of course now you could use something like CentOS, if you don't want to build your own.

Re:Arkeia Backs-up Great - Restore Is a Problem

[raddan]

Yes. We are using LaCie 250's to do backups now with UltraBac. We were using Veritas, but after waiting on the phone for 3 hours for help on a restore (with a paid support contract, no less!), we decided that Veritas could piss off.

The UltraBac interface is definitely a bit clunky, but their phone support is great. I even get forwarded to their developers when I find potential bugs. (on that note, wait a bit to go with UB8, UB7 works great). UltraBac even claims to have a UNIX agent, although we only use UB for Windows backups. We then clone our backup drives and take those copies off-site.

For our OpenBSD machines, we only do bare-metal backups, since there is little changing data on them (mail gateways, FTP, etc). For those, I just boot up with the OpenBSD boot CD, and dd everything to an external SCSI drive. I can usually backup a 36GB RAID-5 in about 12 minutes.

Re:Arkeia Backs-up Great - Restore Is a Problem

[ces]

Needless to say, we went with someone else. Veritas had a great enterprise solution that worked with Linux and Windows (the server app runs only on Windows) and supports a huge array of tape drives. And it was one-third the price.

Actually Veritas supports a nubmber of UNIX platforms for the server app including Solaris, HP-UX, and Linux (there is the issue that for Linux Veritas only supports RHEL and SuSE, but there are free distros that are 'close enough' to work and given a little effort even Debian or Gentoo could probably be made to work)

I agree with you on Arkeia though. I used it for about 2 years as well before it got pitched for Netbackup. The clients were harder to install, the backup server kept corrupting its catalog, the UI was amaturish, and restores were hit and miss at best. I'm rather supprised that Knox has the stones to charge more for their product than Veritas does. Perhaps Netbackup was more expensive several years ago, but even with all of the various addons we have (datacenter product, 2 libraries and media servers, 6 database agents, several multiprocessor HP-UX clients, etc.) it is quite price-competitive with every other commercial backup product I've looked at.

Re:Arkeia Backs-up Great - Restore Is a Problem

I think your just a stupid fuck tard. If you had any common sense you would have been testing restores on a regular basis. Backup run throughout the month restores should be tested monthly.
Tapes wear out, tape drives go bad, fuck your system could be completely comprimised and your back ups, while reporting that they are working are just a small perl script to cover some L33T hack0r ftp island of your backup server.
As far as the support. Did you pay for support? No, then you don't get it!! If you had purchased support they would gladly help you. You bought the product, you configured the product, you didn't pay for support. Go fuck yourself stupid.

"Vertiras is bettter" It has the same fucking problems you fucking moron!!!!!!!!!!!! You just said that. God I hate the stupidity of it all.

Re:Arkeia Backs-up Great - Restore Is a Problem

[csirac]

Yep. We're a small shop but we have about 4 of our clients using external USB2 HDDs for backup instead of tape.

For the couple that wanted added reliability, they use two external drives on a rotation basis (the drive that gets taken off-site at the end of the day is swapped with the alternate drive that stays for overnight backup).

This is pretty common...

[tnordloh]

Our company has used Data Protector, HP's backup system, to back up Linux boxes for at least 2 years. It's similar to Arkeia, in that they assume that you have the brains to configure the firewall, but they also allow a certain level of client security. You can designate a client as only allowed to communicate with a certain cell manager (Data Protector's term for a backup server), and you can change the default IP range to one of your choosing. Within our environment, we keep everything on the internal network except a few servers that have minimal ability to function as proxies.

Re:This is pretty common...

[oftheapes]

Data Protector is about as worthless as software comes...not to mention HP's support, which is in my opinion among the worst in the industry. I've never encountered such clueless product engineers in my life. The GUI was written for windows, then ported to HP-UX and Sun, too bad you can't actually use the GUI on anything but a windows machine! Aside from limited device and media support, various widgets not rendering(pick a backup from calendar for restore) and system crashes on the HP/Sun boxes, HP was unable to tell us WHY things weren't working, even after extensive debugging. "LOOKS GOOD TO US" was their final reply. In the end we ended up building a windows machine to host the GUI and HP-UX to host the CellServer. The only reason we even kept it was the simple fact that we didn't have to pay for it, it was free with our support agreement.

I can only hope HP dies a quick death, and DP leads the way off the cliff.

!Tapeware

[zentec]

Tapeware doesn't use routeable protocols, so you can't do backups on systems outside your subnet.

Re:!Tapeware

[fsck!]

Correct me if I'm wrong, but I think the installer lets you enter hostnames manually. This isn't something I needed (backup server at each remote office), so I haven't tried. I think my sales rep told me I could cross subnets if I wanted to.

Port 617 - no less

[dnapper]

Unless I am mistaken,
To run a deamon on a port less than 1024 you have to be root.

So _full_ access appears to be the default..

Re:Port 617 - no less

[4A6F656C]

To bind to a port under 1024 you have to have root level access, however that's not to say that you can't drop priviledges shortly there after (which you should do, if at all possible).

bru

[menace3society]

What about BRU--backup/restore for Unix? They had a linux version in like 1995, IIRC

Re:SPAM :: Mod Parent Down !

[mmkkbb]

It is offtopic, and it is rude, but it is not SPAM, as it advertises no commercial service.

Although I receive plenty of spam that has no intelligible language anyway, hmm.

Simple fix

[flanderz]

Put this on your arkeia clients and wait until they release a fixed version:

iptables -A INPUT --protocol tcp --dport 617 -s $BACKUPSERVERIP -j ACCEPT
iptables -A INPUT --protocol tcp --dport 617 -s! $BACKUPSERVERIP -j LOG
iptables -A INPUT --protocol tcp --dport 617 -s! $BACKUPSERVERIP -j REJECT

Re:SPAM :: Mod Parent Down !

Check out NetVault from BakBone SOftware

Who checks all the code?

Who checks all the code of every program? we all are not C masters. So it's good, but don't say it is the final absolute solution for the security of my code.

Be careful if you decide to firewall port 617

[sakshale]

Just a note. For you [fortunate] individuals who may have SCO system on your network. Be careful about setting up firewall blocks for port 617.

sco-dtmgr 617/tcp SCO Desktop Administration Server
sco-dtmgr 617/udp SCO Desktop Administration Server

I ran a scan of the larger corporate network and found a lot of these hiding out there...

Solve the problem with RSSH

The rssh restricted shell can prevent arbitrary command execution with rsync:

http://www.pizzashack.org/rssh/index.shtml

What about Storix?

I heard that Storix traps for "unauthorized" commands that are executed on clients systems. Anyone know of any security problems with them?

you get what you didn't pay for

[oftheapes]

anyone who doesn't use Veritas Netbackup for backups and restores deserves exactly what they get...which usually means crappy restores. the hard part is the restore portion, not the backup. the last thing i want to deploy is something that hasn't been tested in real-world situations, something that hasn't been honed to near perfection. if it's good enough for big oil corps, it's definitely good enough for any environment i can think of. anything else is just a joke and would definitely make me lose sleep at night.

Drop privelages

[SanityInAnarchy]

Not the entire program has to be root. I understand that it wouldn't help in this case, but note how sshd needs root to authenticate and become the desired user -- then it drops privelages. It could even fork off authentication to a nobody'd process.

GNU tar handles hardlinks

[lorcha]

I just found this out. I don't really have a remote server that I can rsnapshot to, so I can just go

> tar -cf offiste050222.tar /var/cache/rsnapshot
> gpg -c offiste050222.tar

Dump the gpg file to a CD (or DVD... I don't know how much you like to backup) and bring the media to a remote location. Because GNU tar can do hardlinks (and gpg will compress your data), your tarball will be only a little bit larger than what rsnapshot du reports, and your gpg file will be... well.. depends on your data, but mine is about 40% of what is in my rsnapshot directory.

P.S. Take note that I used symmetric cypher encryption with gpg. Yeah, it's less secure, but if you hose your data, chances are elevated that your private key is now gone as well!