diff --git a/README.md b/README.md index 0f49130..9ac3172 100644 --- a/README.md +++ b/README.md @@ -2,31 +2,19 @@ Ansible playbook for network vault. -This creates a share vault on the target server which is writeable. - -A second share is read only and keeps snapshots of the data from the rw-share. - -Everey 4 hours, rsnapshot creates cheap copies of the data on the ro-share. -How long the data will be kept depends on settings in rsnapshot.conf - +* This creates a share vault on the target server which is writeable. +* A second share is read only and keeps snapshots of the data from the rw-share. +* Everey 4 hours, rsnapshot creates cheap copies of the data on the ro-share. +* How long the data will be kept depends on settings in rsnapshot.conf ## Use-Case: -Create a immutable, WORM-Like Network-Share that holds REALLY!!! sensitive data like desaster-recovery-plans, password databases, network-plans, all the data you need in worst case and that should not be encrypted by any ransomware. - -When ransomware locks down your systems, this is your machine to go, plug in a console and start recovery. - -When sealing the vault, you can not access it over ssh any more so no ransomware can access the system. - -You should NOT NOT NOT NOT have a KVM-Console connected because this can be used to access the system over the network - -Place this machine on something like an Intel NUC, paint it red and put it into a safe place. - -Create any job to copy your DR-plans there regular. - -It uses cron-apt to update the system and reboots at 6 in the morning to keep kernel up to date - - - +* Create a immutable, WORM-Like Network-Share that holds REALLY!!! sensitive data like desaster-recovery-plans, password databases, network-plans, all the data you need in worst case and that should not be encrypted by any ransomware. +* When ransomware locks down your systems, this is your machine to go, plug in a console and start recovery. +* When sealing the vault, you can not access it over ssh any more so no ransomware can access the system. +* You should NOT NOT NOT NOT have a KVM-Console connected because this can be used to access the system over the network +* Place this machine on something like an Intel NUC, paint it red and put it into a safe place. +* Create any job to copy your DR-plans there regular. +* It uses cron-apt to update the system and reboots at 6 in the morning to keep kernel up to date Varialbes: * networkvault_vault_password -> password for user to access shares