Security implications for a Backup Script that contains a password

[forgie]

I'm doing a bit of a "backup audit"... in other words, setting up automated backups for every piece of technology that I depend on in any significant way that is automatically backupable. One of these devices is my home modem/router.

I have worked out how to backup the router configuration using a combination of curl commands and basic HTTP authentication. I have written a nice Ruby backup script that downloads the backup, runs it through bzip2, then puts it in a dated folder. I want this script to run every 24 hours. A launchd Daemon set to fire every 24 hours seems like the appropriate way to do it.

There are two security concerns here - one is that the script itself stores the username/password in cleartext. The other is that the downloaded config files have my router username/password in cleartext.

For the script, what's the best security policy? Should I make a new user named "backups", and make the script file only accessible to the "backups" user, then run the launchd Daemon as the "backups" user? Is there a better way?

For the actual backup files themselves, does anyone have any good suggestions? I guess I could make all the backup files only readable by "backups" as well, which would require a sudo or other authentication to access them.

How does one normally solve the problem of username/password credentials as cleartext in a script?

edit: for the moment, I have made the script Root:Wheel, with 700 permissions. launchd Daemons default to run as root, so it runs just fine.

[mac_man_luke]

if run as root surely is fairly secure but may i ask:

Does your router config actually change on a daily basis? why not manually backup when you make changes?

[dotnet]

Do you really need to backup the router configuration every 24 hours? I mean, it only changes if you change it manually, correct? In that case you could run the backup script manually after configuration changes, and have it prompt you for the login credentials. If you're after backing up other things on the router, such as logs, you might consider syslogging them off to another machine in the first place.

If you really need an unattended backup routine you could use a script that starts at first logon to the Mac and keeps running forever, doing its job every 24 hours. It could prompt for username and password on start-up and keep them scrambled in secure memory.

As for sensitive information in the backed up data, you can have the script GPG encrypt it, using a public key the secret counterpart of which isn't on the system or passphrase protected.

Cheers
Steffen.

[forgie]

Quote:

Originally Posted by mac_man_luke

Does your router config actually change on a daily basis? why not manually backup when you make changes?

No, I probably change my router config on average every 2 weeks or so. The problem is that I forget to back it up. I want to have a Time Machine style system that automatically has the latest copy of everything. Ultimately I want the peace of mind of knowing that I always have the latest data in a safe place.

[becsta]

Interesting dilemma.

I'm wondering whether you're able to SSH to the router? If so, you could use a public/private key pair to do the authentication to the router, then download your configs across the SSH session. Of course, you probably shouldn't be running the script as root, but some other user with no password defined, and no shell.

[forgie]

Unfortunately, this router (Billion 7401VGP) doesn't have SSH. I'll be setting something similar up for someone else who does have networking gear that has SSH access though, so that'll be how I do it for them.

As for storing the backup files, what's involved in using GPG? Are there any other easy options (that use pre-existing OSX components) for say, encrypting a file so that you need a specific password to decrypt it?