[tomxor]

ZFS snapshots!... I _wanted_ to use "rsync.net" for this, they use FreeBSD with ZFS snapshots in a jail, the idea is that you get your stuff onto the account however you like over SSH (i.e rsync), then the snapshots serve two purposes: snapshots through time, and read only access incase you get 0wned.

I couldn't use rsync.net though because all it's datacenters are outside of EEA, i'm currently looking into doing this myself on a simple VPS, ZFS for linux has matured quite well it seems. I'm a bit new to doing chroot jails on linux but the ZFS snapshot part is very easy if that's enough for you.

    apt install zfsutils-linux

It's pretty trivial to make a pool put it in a user directory and then make snapshots... you could easily make a script to do schedule the snapshots, or there are at least two tools already around to schedule this for you via either cron or systemd timers: zfsnap or zfs-auto-snapshot respectively.

RE databases, with some extra work you could also use ZFS on the source server and take a snapshot of the database (once you invoke the correct commands to lock it), rather than do a dump, this would be very fast because it prevents the duplication of a dump, and therefor could be done much more frequently, you however have the additional complexity of then syncing the snapshot to another servers ZFS pool, although there are tools for this I haven't bothered going this far.

[rsync]

Yes, this is the part of our Zfs snapshots that many people don’t appreciate – they are immutable from your perspective. If an attacker gains access to your rsync.net credentials and destroys your local copy and your remote copy you still have seven days (or more) to discover this and access your historical snap shots which are online live and Browsable.

[Youden]

> I couldn't use rsync.net though because all it's datacenters are outside of EEA

Honestly curious, what's wrong with Switzerland? It's not technically in the EEA but it's part of EFTA and the single-market so has to meet the same requirements as an EEA country.

[tomxor]

You are absolutely correct, this is essentially for meeting GDPR requirements and Switzerland (as far as I can tell) is under the same legal requirements in that regard despite not being in the EEA.

The problem is our customers are not end-users, they have their own policies and a significant number of them have a much more rigid interpretation of GDPR data storage rules which we've been forced to integrate into our own. This is one of the many problems of overreach due to the fear that GDPR creates IMO.

[aspyct]

Note that chroot is not a security feature, it can be compromised in many ways. You probably need containers like lxc/lxd

[tomxor]

I thought it was reasonably secure (consider this would only include minimal binaries required for rsync without an interactive shell), but I am relatively ignorant in this area, would you care to elaborate?

LXC/D was on my radar but all of this is a little more complexity than I was anticipating dealing with myself (the security side of locking down the rsync account at least). I may even settle for "restricted rsync". This is why I value rsync.net, they do this for me - and for a much lower cost I might add (I am not a security expert).

[napsterbr]

Indeed. For clarification, FreeBSD jails are considered safe, since they add capabilities checks on top of the chroot. Chroot itself, on the other hand, is relatively easy to break out.

Not sure if you have ever used, but you might enjoy FreeBSD :) using jails is not at all that difficult. To be honest I find it easier to use jails than docker. Never used LXC so I don't know how it compares with regards to ease of use.

[tomxor]

Thanks. I've used FreeBSD before, but have far more experience using Linux in production, I may have to give it another go some time for specific purposes like this.