Warn about delete priviledges from backup machine #9
Description
Hey Abe,
very cool image, I was about to build something very similar myself and think we will be using this for our project!
One quick remark, in your example you include a crontab to delete old backups from the same machine that performs the backup. It might be good to add a word of warning that this can be very dangerous: Should an attacker ever gain access to the machine he/she will most likely also have access to the AWS/backup storage credentials. With delete privileges such an attacher could potentially delete all existing backups of the DB - certainly not something one wants to worry about in case of an intrusion. Even just write rights can be bad though as the attacher can just overwrite the existing files with empty or garbled content - if you are using S3 for the backups you can mitigate this by enabling versioning for the backup bucket. This way you will never loose the original content of the files even if they are (ever) overwritten.