[lug] quick bash mount and rmt questions
duboulder
blug-mail at duboulder.com
Tue Oct 15 22:49:20 MDT 2019
1. findmnt might be interesting;
findmnt -n -o TARGET /mnt/mountpoint
findmnt -n -o TARGET LABEL=fslabel
2. Not quite following abount append-only archives being (more) secure. Seems like
code could just do the equivalent of chmod 777 /viticm && dd if=/dev/zero of=/victim &&
truncate /victim && rm -f /victim if it is root, or has write perms on the parent dir or the file
or is in a process wtih the same rights as the backup tool.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, October 15, 2019 10:52 AM, Dan Mackin <dan.mackin at gmail.com> wrote:
> I like this solution:
>
> if grep -qs '/mnt/backups ' /proc/mounts; then
> # Mounted, do backup stuff.
> else
> # Not mounted, print error and exit.
> fi
>
> On Tue, Oct 15, 2019 at 8:04 AM Bear Giles <bgiles at coyotesong.com> wrote:
>
>> A few quick questions since I've been reviewing my backup scripts...
>>
>> 1. Is there a way for my bash script to be conditional on whether a disk is mounted? It's partly security (only mount disks when required), partly to ensure that I don't exhaust my disk space since I didn't notice the NFS /backups directory wasn't mounted. I know I could create a sentinel file that's only present in the mounted partition (or vice versa) and do a test for existence but is there another way using the mount subsystem?
>>
>> 2. Are there 'rmt' apps that write to disk instead of tape? It might to do some deep packet inspection to extract the 'label' from the data stream. It's fine if it's write-only.
>>
>> ... or I might just (finally) write a simple webapp and client. I want to create standard files - .tar or .zip - but want the backup tool to be write-only and append-only. I can retrieve the file directly if I need to do a restore the partition. That avoids the problem of malware that walks the filesystem and deletes or encrypts everything - including backup media. I can easily create .tar or .zip files, encrypt them, and even upload them to S3. The client would only need to be able to walk the filesystem and make simple REST calls to the server.
>>
>> Bear
>>
>> _______________________________________________
>> Web Page: http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20191016/be6ef9cd/attachment.html>
More information about the LUG
mailing list