head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.10 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.8 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.6 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.4 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.2 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q1:1.2.0.4 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.2 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.1.0.6 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.4 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.2 pkgsrc-2008Q2-base:1.1; locks; strict; comment @# @; 1.3 date 2009.05.15.10.29.06; author adam; state dead; branches; next 1.2; 1.2 date 2008.11.21.14.09.31; author adam; state Exp; branches; next 1.1; 1.1 date 2008.07.13.15.26.36; author tonnerre; state Exp; branches; next ; desc @@ 1.3 log @Changes 3.0.1: * Bug fixes. * Check for job_canceled() in fd_plugin code. * Update Win32 table creation to have new DB version 11 format * Remove illegal Options in Exclude of default Win32/64 bacula-dir.conf * Remove "Reposition" message when restoring * Update projects file * Modify insertion of read Volumes in SD to be done before the drive reservation. This ensures that a Volume to be read will not be reserved for writing. Significant enhancement. Changes 3.0.0: * Fix Win32 make clean to clean correctly * Separate object/binaries in Win32 and Win64 builds. More to be done. * Add bconsole to Win64 installer. * Enhance Job messages from SD when the FD->SD protocol is incorrect and the SD hangs up. Previously this looked like a comm error. * Fixed problem in xattr and acl code trying to send empty acl or xattr streams. * Fix for bug #1261 where we send out a null stream when a file only an acl and xattr support is also turned on. * Added some warnings to configure when using libtool and static in one configure. * Fix small memory leak in fileregexp bsr code * Correct bacula32.def entry point as specified by James. * Add code to FD plugin driver to make a copy of the plugin filename to be saved to avoid save_file from zaping it. * Directly mark all files saved by plugin as being seen for Accurate. * more... @ text @$NetBSD: patch-ab,v 1.2 2008/11/21 14:09:31 adam Exp $ --- manual/catmaintenance.tex.orig 2008-11-21 12:54:44.000000000 +0100 +++ manual/catmaintenance.tex @@@@ -641,6 +641,33 @@@@ Only you can decide what is appropriate you with a starting point. We hope it helps. + +\label{BackingUpBaculaSecurityConsiderations} +\section{Security considerations} +\index[general]{Backing Up Your Bacula Database - Security Considerations } +\index[general]{Database!Backing Up Your Bacula Database - Security Considerations } + +We provide make_catalog_backup as an example of what can be used to backup +your Bacula database. We expect you to take security precautions relevant +to your situation. make_catalog_backup is designed to take a password on +the command line. This is fine on machines with only trusted users. It is +not acceptable on machines without trusted users. Most database systems +provide a alternative method, which does not place the password on the +command line. + +The make_catalog_backup contains some warnings about how to use it. Please +read those tips. + +To help you get started, we know PostgreSQL has a password file, +\elink{ +.pgpass}{http://www.postgresql.org/docs/8.2/static/libpq-pgpass.html}, and +we know MySQL has +\elink{ .my.cnf}{http://dev.mysql.com/doc/refman/4.1/en/password-security.html}. + +Only you can decide what is appropriate for your situation. We have provided +you with a starting point. We hope it helps. + + \label{BackingUPOtherDBs} \section{Backing Up Third Party Databases} \index[general]{Backing Up Third Party Databases } @ 1.2 log @Changes 2.4.3: * Apply 2.4.2-cancel-non-running-jobs.patch to be able to cancel a non created job faster. * Fix typo in configure.in that breaks --with-db-password option * Remove all double quotes from SQLite creating script and replace by single quotes as suggested by John Huttley. * Fix SQL case problem that may cause the failure of DiskToCatalog. * Copy missing storage name into edit buffer. As far as I can tell this never caused a bug. * Remove catalog dependency for bcopy * Modify catalog scripts to have an easier packaging integration, using default variables. Make difference between SQLite3 and SQLite in db_get_type() job when reading from one autochanger and writing to another. * Add more information to SD acquire.c INFO messages. * Fix NULL Volume name error when reading and the drive must be switched. * Fix a Verify InitCatalog problem where in certain cases a garbage filename may be entered in the verification database. * Add space after version before date in bat about dialog. * Fix seg fault in Dir during estimate command with no level value given. * Add message to migration job when the target job is already migrated. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Add patches "solving" the issue of bacula exposing passwords et cetera through the command line parameters of various tools (CVE-2007-5626). @ text @d3 1 a3 1 --- manual/catmaintenance.tex.orig 2007-01-05 18:20:40.000000000 +0100 d5 3 a7 12 @@@@ -545,6 +545,8 @@@@ Job { Storage = DLTDrive Messages = Standard Pool = Default + # WARNING!!! Passing the password via the command line is insecure. + # see comments in make_catalog_backup for details. RunBeforeJob = "/home/kern/bacula/bin/make_catalog_backup" RunAfterJob = "/home/kern/bacula/bin/delete_catalog_backup" Write Bootstrap = "/home/kern/bacula/working/BackupCatalog.bsr" @@@@ -573,6 +575,33 @@@@ you to quickly recover the database back you do not have a bootstrap file, it is still possible to recover your database backup, but it will be more work and take longer. @