cross-posted from: https://lemmy.zip/post/1088852
Archived version: https://archive.ph/cR91h
Archived version: https://ghostarchive.org/archive/F2HRY
Often the server needs access to make backups, so when you get in and get root, you sometimes also have access to delete the backups.
It depends on how it’s set up. If the server pushes the backups somewhere else and has write access, then the hacker can delete them. But if another account logs in to the server and makes a backup and downloads it, it’s impossible for the hacker to access the backup.
Depends on if you planned for the scenario or not.
Part of a good backup solution involves ensuring that it’s literally impossible for the “root” / “administrator” whatever user on the production system to delete the backups. For instance, were this AWS, it would be done by creating a separate AWS account and use IAM roles to provide access to a S3 bucket with the “DeleteObject” permission explicitly denied. Perhaps, even deny everything except something like PutObject, and ensure the target S3 bucket is versioned, so even overwriting the contents with garbage is recovered by restoring a previous version.
But most businesses don’t think like that.
