Arkeia Network Backup Agent Remote Access

hdm writes "The Metasploit Project has published a security analysis of the Arkeia Network Backup Client. Anyone able to connect to TCP port 617 can gain read/write access to the filesystem of any host running the Arkeia agent software. This appears to be an intentional design decision on the part of the Arkeia developers. A long-winded description of this issue, complete with screen shots, demonstration code, and packet captures can be found in the research article. Arkeia has been credited with being the first commercial backup product for the Linux platform."

Re:One more strike

[bferrell]

Arcserve is nice. But what about bacula?

http://www.bacula.org/

Re:got root?

[TheRaven64]

Backing up from the raw device rarely a good idea. Backups of this nature need to be atomic, so you need to unmount the filesystem, copy it, and then remount it. You will need to keep the FS unmounted for long enough to do a complete copy. A better solution is to provide rôle-based access control (SELinux does this, for example), and create a backup rôle which has read access to all files on mounted filesystems.

Re:Somebody has to say it

[Donny Smith]

> For the time being, I guess I'll stick to my proven, open source (free software even) backup solution involving tar, gpg, and ssh.

You aparently either run a limited number of basic backup jobs and/or have plenty of time to write backup scripts, which is not bad as you need something to make yourself look very good at your job.

And FYI Arkeia Light is free (as in "one can use it at no cost"), see arkeia.org.

Re:Hum off topic'ish.

[Chris Croome]

If target is compromised, a malicious user can run arbitrary commands through rsync.

I agree this is an issue, the best solution I have found is Push Mirroring [debian.org] with this the command that can be run is put in the ssh public key and then the compromised client can only run this specific command.

Easy: Use QuickPar or some form of PAR2

[jvbunte]

Here is an instance of the warez-monkies indirectly contributing something useful. PAR2 is essentially a RAID5 type data parity for files. Warezpups use it to add a layer of parity to their hundreds of RAR files (or whatever). If one (or more) RAR's go bad, the parity files can be used to reconstuct the bad file. Much like RAID5 however, there is a space sacrifice for this extra parity layer.

http://sourceforge.net/projects/parchive/

Its frequently used on USENET binaries groups now as well to solve the missing part problems.

I'm sure this exact strategy could be integrated into your backup solution with minimal effort.

Arkeia Backs-up Great - Restore Is a Problem

[zentec]

I ran Arkeia with a large web hosting firm for about 2 years mixed with Linux and Windows machines. We tested the backups extensively before deployment and spent $18,000 with Knox for licenses.

All seemed well until we needed to restore data. The logging indicated a perfect backup, but time and time again our restores were either failing or incomplete. On Windows, it simply wouldn't restore anything.

The solution, according to Arkeia was to purchase an upgrade ($12,000) which would solve all our problems. And since we refused to spend another 15% for a support agreement, that was our only alternative. I don't think so.

Needless to say, we went with someone else. Veritas had a great enterprise solution that worked with Linux and Windows (the server app runs only on Windows) and supports a huge array of tape drives. And it was one-third the price.

I can't definetly recall, but the Veritas agent also has some security peculiarities that raised some eyebrows. If you run any enterprise backup, I guess the answer is to make sure you're firewalled.

In this day and age of cheap disk drives, I wonder if anyone is using USB or Firewire drives and just using those for back-ups. A Lacie 250 gig Firewire drive is <$200.

Re:Somebody has to say it

[nurd68]

Have a look at dar (should handle 1-3, and 5) with par2 to get 4.

Actually, even without par2, dar will be able to get all the files except the ones in regions with bad data, IIRC.

Re:Hum off topic'ish.

[mmurphy000]

how do you handle complicated tape library management (ie: tape robots, backup aging, onsite/offsite backups) automatically without having to use software more complicated than the basic Unix command line utilities?

By not using tape. rsnapshot [rsnapshot.org] going to a sufficiently-large RAID array or drive covers your regular backups, including aging. A separate rsnapshot or rsync can do nicely for offsites, pushing the backups to another server. For enterprises, this approach probably is insufficient, but for smaller firms (e.g., ~70 employees, 5 offices), this works well.

Re:got root?

[Scorillo47]

>>> On a Windows box however it's not uncommon to see backup utilities running with higher priviledges than the "administrator" account because that's the only way to sidestep things like system file protection and other tricks Microsoft uses to protect the system from abuse.

That is not true.

All you need to read a file system in Windows is the backup privilege. You don't even need to be an adminstrator. So if you have this privilege enabled, you can use the BackupRead API to backup stuff.

Re:got root?

[Jester99]

On a Windows box however it's not uncommon to see backup utilities running with higher priviledges than the "administrator" account because that's the only way to sidestep things like system file protection and other tricks Microsoft uses to protect the system from abuse

Actually, you'll almost inevitably see backup utilities running as LOCALSYSTEM, which is indeed higher than Administrator, because that's how Windows works.

If a user registers a program to run as a service (note: You must have Administrator-level access to perform this step), then that program will run for all users regardless of who logs on (ideal to ensure that a backup program runs every night), and programs that run in this mode are always LOCALSYSTEM.

It's not a hack or a "trick," that's just how the security model works. But since you've got to be the equivalent of root to install such a program, it's not exactly a problem.