[rsbac] Transfer of RSBAC-settings from one machine to another

[Amon Ott]

On Dienstag 08 Februar 2005 10:13, Patrique Wolfrum wrote:
> I am trying to set up a backup-server (for redundancy) for our 
> (RSBAC-protected) main-server. The backup-server has the same 
> HDD-partitioning than his big brother, but the HDD is smaller (the 
> backup-server is a rather normal PC (unlike the main-server which is 
a 
> IBM xSeries server)). I want now to transfer the RSBAC-settings from 
the 
> main-system to the backup-system, and would try to do this via the 
> backup-script of RSBAC. Would this be the correct way to do this, or 
is 
> there a better (perhaps safer) way to accomplish this ?

The backup_all script output run on the second system should produce 
the exact same config, if that system has no default config (always 
booted with rsbac_no_defaults and rsbac_no_syslog).

If it has, you might have an additional boot role 999999 or auditor 
role, if one of them was missing in your original config. Ignore the 
auditor role then and either disable the boot role (set boot_role 
flag to 0) or copy settings from root role.

It is a good idea to make a copy of backup_all, remove all unnecessary 
module specific backups in the copy and run the copy only - the full 
blown backup_all takes a looong time on big systems.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22