Support

Akeeba Backup for Joomla!

#11931 Advanced S3 Setup

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Backup version
n/a

Latest post by nicholas on Wednesday, 11 April 2012 03:25 CDT

Tuesday, 10 April 2012 12:46 CDT

dlb
Nicholas,

Some time ago, you wrote an article on advanced S3 setup. It included the minimum settings for the Backup user (it needs read, write, delete ability but not list, etc.). I thought it was a blog post, but I can't find it on your site. Can you point me in the right direction please?

Dale


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Tuesday, 10 April 2012 14:36 CDT

nicholas
Hi Dale!

I believe you were looking for the cloud backup documentation page where I mention all the advanced setup options for S3 :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 10 April 2012 15:58 CDT

dlb
I did check the documentation before posting. I found the S3 instructions in Chapter 3 but missed the advanced instructions in Chapter 6. :-( Perhaps a cross reference would be in order in Chapter 3 to the advanced topic for those of us who quit looking when we think we've found what we were looking for.

Remote quota management would require a DeleteObject permission and restoring the backup from S3 from the Administer Backups screen would require GetObject. I recall that those permissions are fairly benign because a hacker would have to write a script to find out the object names in the S3 directory, after he/she broke the encryption on the Akeeba settings to get the access codes. Is that correct?


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Tuesday, 10 April 2012 17:21 CDT

nicholas
Yup, the different sections need to be cross-linked.

If you give the user DeleteObject and GetObject privileges, you're back to square one from a security perspective. If a hacker breaks into your site's backend (with Super Administrator rights) and reads the Amazon S3 access and secret keys, he can do the following:
- With DeleteObject he can easily calculate the paths and names of your backups and create a small script (using s3cmd on Linux) to delete your off-site backups before altering anything else on your site.
- With GetObject he can use a visual tool, like S3Fox, to list your backups and download them; he can not, however, delete your existing backups.
- With none of the above, he could try to overwrite existing archives with zero-byte files.
Nothing is bullet proof. By not giving DeleteObject and GetObject privileges you will stall the attacker, but not stop him.

Likewise, if the attacker has read only file access to your site –but not Super Administrator login access- he could always read the encryption key, the configuration.php file, connect to the database, decrypt Akeeba Backup's preferences and extract the Amazon S3 credentials. If he has write access, he can easily install a tiny script to create a new Super Admin user and apply the attacks outlined in the first paragraph.

Pitfall: all of these methods assume that you are being attacked by a hacker who knows what he's doing. The thing is, if you are attacked by someone like that, you're screwed, big time. Think about an evil version of me let loose upon a site.

IMHO, the best security practice is:
- Use a different bucket per site
- Use a different Amazon S3 user per site
- Don't let the user of site A access the bucket for site B
- Keep multiple copies of your backups, on S3
- Keep multiple copies of your backups, on your hard disk
- Keep multiple copies of your backups, on flash drives
- Keep multiple copies of your backups, on CDs
- Keep multiple copies of your backups, on stone, holographic crystals, carbonite, positronic brain...
- You can never have too many copies of your backups

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 10 April 2012 23:21 CDT

dlb
Oh great! I should have waited until morning to read your reply, now I'm going to have nightmares about your evil twin! I'll have to think about how paranoid I am. I'm in the process of cleaning up my S3 rights now, so that is a step in the right direction.

Automation has it's downside, my backups just go to S3 without being touched by human hands. It takes special effort to move them to another computer. :-D

Thanks for your insight Nicholas!

Dale


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Wednesday, 11 April 2012 03:25 CDT

nicholas
I know, automation always has some gotchas. That said, using s3cmd with a CRON job on your CentOS box to fetch the latest backup files is always possible. See their sync how-to. The β€”skip-existing switch is the key. Just don't use --delete-removed since you don't want to automatically removed deleted archives (that's why you're downloading them in the first place).

Hey, you're a Linux guy. There is no such thing as "impossible to automate" in Linux :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!