[ previous ] [ next ] [ threads ]
 
 From:  "Bosse Timothy" <Bosse dot tf at mellon dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] backups
 Date:  Sun, 22 Aug 2004 23:56:54 -0400
IMHO, you really shouldn't automate your backups for these config files
as you shouldn't be updating the config files frequently enough to
warrant the effort of automation.

Since you SHOULD be making changes from the webGUI, why not include in
your changes a manual backup?  The pro of this is that you won't need to
worry about making regular backups as the config file is as valid as
when you last made changes to m0n0wall.  The only con is that it is up
to YOU to do the backup.

Automated methods could be created, but they just won't have the
security you should want/demand/need/provide/etc.; mostly because
automated tasks require a username/password be stored somewhere in a
config file or on the CLI, thus exposing your once well hidden password.
You should also ask yourself if you really want a device that sits on
both "protected" and "unprotected" sides of your network to transfer
files with a "protected" server? 

There is always the option of using something like pssh
(http://www.theether.org/pssh/), but then again, you get stuck in the
"security vs. automation" quandary (NOTE:  "Quandary" was on my
"word-a-day" calendar :).

- Tim

> -----Original Message-----
> From: Seth Rothenberg [mailto:seth at pachai dot net] 
> Sent: Sunday, August 22, 2004 10:30 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] backups
> 
> 
> I've started off on a great foot,
> backing up my configs even before deployment.
> 
> I had a thought, it would be nice to have
> an automated backup - eg wget of the config.
> Alas, there would need to be authentication.
> 
> Are either of these an option?
> We static routes set up, it would be possible to
> have one device back up a network of m0n0's.
> (I have one deployed, one ready to go, another on the bench, 
> and parts on order to replace a pebble :-)
> 
> Maybe someone is doing this already?
> 
> Thanks
> Seth
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>
 
The information contained in this e-mail may be confidential and is intended solely for the use of
the named addressee.
Access, copying or re-use of the e-mail or any information contained therein by any other person is
not authorized.
If you are not the intended recipient please notify us immediately by returning the e-mail to the
originator.(B)