udpates README.md
This commit is contained in:
parent
664f5c046b
commit
ad24c3baa8
34
README.md
34
README.md
|
|
@ -2,31 +2,19 @@
|
|||
|
||||
Ansible playbook for network vault.
|
||||
|
||||
This creates a share vault on the target server which is writeable.
|
||||
|
||||
A second share is read only and keeps snapshots of the data from the rw-share.
|
||||
|
||||
Everey 4 hours, rsnapshot creates cheap copies of the data on the ro-share.
|
||||
How long the data will be kept depends on settings in rsnapshot.conf
|
||||
|
||||
* This creates a share vault on the target server which is writeable.
|
||||
* A second share is read only and keeps snapshots of the data from the rw-share.
|
||||
* Everey 4 hours, rsnapshot creates cheap copies of the data on the ro-share.
|
||||
* How long the data will be kept depends on settings in rsnapshot.conf
|
||||
|
||||
## Use-Case:
|
||||
Create a immutable, WORM-Like Network-Share that holds REALLY!!! sensitive data like desaster-recovery-plans, password databases, network-plans, all the data you need in worst case and that should not be encrypted by any ransomware.
|
||||
|
||||
When ransomware locks down your systems, this is your machine to go, plug in a console and start recovery.
|
||||
|
||||
When sealing the vault, you can not access it over ssh any more so no ransomware can access the system.
|
||||
|
||||
You should NOT NOT NOT NOT have a KVM-Console connected because this can be used to access the system over the network
|
||||
|
||||
Place this machine on something like an Intel NUC, paint it red and put it into a safe place.
|
||||
|
||||
Create any job to copy your DR-plans there regular.
|
||||
|
||||
It uses cron-apt to update the system and reboots at 6 in the morning to keep kernel up to date
|
||||
|
||||
|
||||
|
||||
* Create a immutable, WORM-Like Network-Share that holds REALLY!!! sensitive data like desaster-recovery-plans, password databases, network-plans, all the data you need in worst case and that should not be encrypted by any ransomware.
|
||||
* When ransomware locks down your systems, this is your machine to go, plug in a console and start recovery.
|
||||
* When sealing the vault, you can not access it over ssh any more so no ransomware can access the system.
|
||||
* You should NOT NOT NOT NOT have a KVM-Console connected because this can be used to access the system over the network
|
||||
* Place this machine on something like an Intel NUC, paint it red and put it into a safe place.
|
||||
* Create any job to copy your DR-plans there regular.
|
||||
* It uses cron-apt to update the system and reboots at 6 in the morning to keep kernel up to date
|
||||
|
||||
Varialbes:
|
||||
* networkvault_vault_password -> password for user to access shares
|
||||
|
|
|
|||
Loading…
Reference in New Issue