First I’m fairly new with restic and IT security, so I hope my questions are not too dumb.
I have a machine at home, that is exposed to the internet through a DMZ. It hosts a NextCloud instance. I want to backup the data on that machine to onedrive using rclone/restic.
Using rclone/restic directly on that machine, with the usual setup and regular backup. My question is, if that machine gets compromised/hacked, are there any risks of me losing my data present on my OneDrive backup ? In other words, are my fear legitimate ? My restic password is saved in /etc/environement, as cronjob won’t work otherwise.
I could use rclone to mount Nextcloud on another safe/isolated machine. I could also mount onedrive there, and then regularly backup from one to the other.
Which solution do you believe is safer ?
Happy to be told of another alternative as well, I’m here to learn and get help.
If the machine is able to delete data in a backup so is an attacker. Unless OneDrive offers some way to prevent data deletion I don’t know about.
If an attacker cannot compromise the isolated machine then that’s probably the safest option. Another way would be to setup rclone in append-only mode similar to the description at Append-only backups with restic and rclone just with onedrive as target and not a local repository.
Please don’t. Either store the password in a file that is only readable by the proper user and use
--password-file filename as parameter for restic. Or create a wrapper script which sets the proper environment variables.
Yes obviously first and most important step is to secure the machine. But plan for the worst hope for the best.
I will look at this option, this sounds more promising. I could then run pruning and maintenance through another machine to help with space.
I’m new to restock I didn’t know the file option was possible. I’ll do that. I guess the file should be set with chmod 0600 ?
Actually the restrict of commands won’t work I believe.
It restricts command a user can run when ssh-ing to a remote server.
I wasn’t planning on letting my DMZ machine to ssh to my safe/lan network. It’s actually the safe lan/machine that would ssh to DMZ to backup the data. That way no restic/rclone is on the machine that could be compromised
has the --apend-only option
You can also make a self-hosted s3-backend server and set it to append-only too