DigitalInfinity/network-vault
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

udpates README.md

Browse Source
This commit is contained in:
Alexander Gabriel 2021-06-12 00:22:03 +01:00
parent 664f5c046b
commit ad24c3baa8
1 changed files with 11 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
README.md
View File

@ -2,31 +2,19 @@
Ansible playbook for network vault.
This creates a share vault on the target server which is writeable.
A second share is read only and keeps snapshots of the data from the rw-share.
Everey 4 hours, rsnapshot creates cheap copies of the data on the ro-share.
How long the data will be kept depends on settings in rsnapshot.conf
* This creates a share vault on the target server which is writeable.
* A second share is read only and keeps snapshots of the data from the rw-share.
* Everey 4 hours, rsnapshot creates cheap copies of the data on the ro-share.
* How long the data will be kept depends on settings in rsnapshot.conf
## Use-Case:
Create a immutable, WORM-Like Network-Share that holds REALLY!!! sensitive data like desaster-recovery-plans, password databases, network-plans, all the data you need in worst case and that should not be encrypted by any ransomware.
When ransomware locks down your systems, this is your machine to go, plug in a console and start recovery.
When sealing the vault, you can not access it over ssh any more so no ransomware can access the system.
You should NOT NOT NOT NOT have a KVM-Console connected because this can be used to access the system over the network
Place this machine on something like an Intel NUC, paint it red and put it into a safe place.
Create any job to copy your DR-plans there regular.
It uses cron-apt to update the system and reboots at 6 in the morning to keep kernel up to date
* Create a immutable, WORM-Like Network-Share that holds REALLY!!! sensitive data like desaster-recovery-plans, password databases, network-plans, all the data you need in worst case and that should not be encrypted by any ransomware.
* When ransomware locks down your systems, this is your machine to go, plug in a console and start recovery.
* When sealing the vault, you can not access it over ssh any more so no ransomware can access the system.
* You should NOT NOT NOT NOT have a KVM-Console connected because this can be used to access the system over the network
* Place this machine on something like an Intel NUC, paint it red and put it into a safe place.
* Create any job to copy your DR-plans there regular.
* It uses cron-apt to update the system and reboots at 6 in the morning to keep kernel up to date
Varialbes:
* networkvault_vault_password -> password for user to access shares