Request - backup/restore related security issue



  • I currently have a wget script that takes a daily backup of my firewall. You know… Just in case.

    In the wget script i have to enter a username and password in cleartext. Therefore i have created a group with a backup user that only has access to /diag_backup.php

    The problem, as i see it, is if my backup user gets compromised you could log into my firewall, download the configuration, alter the firewall rules, and reupload the configuration. Sure the firewall would reboot, and i would notice it. But it would be alot better to have a /diag_backup.php and a /diag_restore.php.

    Just my 2 cents.

    :)


  • Rebel Alliance Developer Netgate

    It's not really a security issue, it has exactly the permissions you gave it.

    So setup a backup with SSH keys or use another mechanism that is more secure than a remote wget call.

    And of course there is always the AutoConfigBackup package if you're a support customer ;-)



  • @jimp:

    It's not really a security issue, it has exactly the permissions you gave it.

    So setup a backup with SSH keys or use another mechanism that is more secure than a remote wget call.

    And of course there is always the AutoConfigBackup package if you're a support customer ;-)

    Lets call it a feature then. A feature you can bypass IF you want to pay for it. ;)

    I might just go ahead and edit the /diag_backup.php file and remove the restore function. If i ever want to use it i can always active the function again.  Might do a writeup. :)


  • Rebel Alliance Developer Netgate

    Setting it up with ssh and cron would be more secure and require no hacking. Have the firewall push its own config off to a box using an account that does ssh key only auth and upload the config to a write-only directory on the backup system. ACB isn't required, it just makes things easy/automatic.


Log in to reply