[ previous ] [ next ] [ threads ]
 
 From:  "Daniele Guazzoni" <daniele dot guazzoni at gcomm dot ch>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] backups
 Date:  Mon, 23 Aug 2004 23:45:33 +0200
My 2 cents:
What about a logout button and a pop-up "Configuration change detected, do
you want to backup" ?

Daniele 

-----Original Message-----
From: Bosse Timothy [mailto:Bosse dot tf at mellon dot com] 
Sent: Montag, 23. August 2004 05:57
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] backups

IMHO, you really shouldn't automate your backups for these config files as
you shouldn't be updating the config files frequently enough to warrant the
effort of automation.

Since you SHOULD be making changes from the webGUI, why not include in your
changes a manual backup?  The pro of this is that you won't need to worry
about making regular backups as the config file is as valid as when you last
made changes to m0n0wall.  The only con is that it is up to YOU to do the
backup.

Automated methods could be created, but they just won't have the security
you should want/demand/need/provide/etc.; mostly because automated tasks
require a username/password be stored somewhere in a config file or on the
CLI, thus exposing your once well hidden password.
You should also ask yourself if you really want a device that sits on both
"protected" and "unprotected" sides of your network to transfer files with a
"protected" server? 

There is always the option of using something like pssh
(http://www.theether.org/pssh/), but then again, you get stuck in the
"security vs. automation" quandary (NOTE:  "Quandary" was on my "word-a-day"
calendar :).

- Tim

> -----Original Message-----
> From: Seth Rothenberg [mailto:seth at pachai dot net]
> Sent: Sunday, August 22, 2004 10:30 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] backups
> 
> 
> I've started off on a great foot,
> backing up my configs even before deployment.
> 
> I had a thought, it would be nice to have an automated backup - eg 
> wget of the config.
> Alas, there would need to be authentication.
> 
> Are either of these an option?
> We static routes set up, it would be possible to have one device back 
> up a network of m0n0's.
> (I have one deployed, one ready to go, another on the bench, and parts 
> on order to replace a pebble :-)
> 
> Maybe someone is doing this already?
> 
> Thanks
> Seth
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>
 
The information contained in this e-mail may be confidential and is intended
solely for the use of the named addressee.
Access, copying or re-use of the e-mail or any information contained therein
by any other person is not authorized.
If you are not the intended recipient please notify us immediately by
returning the e-mail to the originator.(B)

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch