Quoting Timothy Wilson (wilson at visi.com): > On Tue, 20 Mar 2001, Austad, Jay wrote: > > > rsync is another option, however, with rsync if someone does compromise your > > webserver, they are going to have a better chance of getting a shell on your > > tape server if you have rsync set up to do it's thing automatically, because > > the .known_hosts file for sshd on the tape server will allow the webserver > > to login with no password. Even if you use an account that has a shell of > > /bin/false, it's not the most comforting thought in the world. > > My understanding of the suggestion was to set up another Linux box inside > the network that would be backed up via the BackupExec agent. The > inside-the-firewall box would rsync nightly with the Web server via ssh. Do > I have that straight. Yeah. IT might cheaper to put a tape on the DMZ. -- Bob Tanner <tanner at real-time.com> | Phone : (952)943-8700 http://www.mn-linux.org | Fax : (952)943-8500 Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9