Unsolved
This post is more than 5 years old
20 Posts
0
783
Protecting data from a rogue admin?
Hello,
Does anyone know if there is a way to protect data on a DD from a potential rogue admin?
I'm looking into Retention Lock and from what I can tell I would be looking at Compliancebecause apparently it's the only thing that prevents a filesys destroy.
e.g.
When filesys destroy is run on a system with a DD Retention Lock Governance enabled MTree:
- All data is destroyed, including retention-locked data.
- All filesys options are returned to their defaults. This means that retention locking is disabled and the minimum and maximum retention periods are set back to their default values on the newly created file system.
Note
This command is not allowed if DD Retention Lock Compliance is enabled on the system.
Does anyone have any experience with such an issue and have an advise?
-Brian
ionthegeek
2K Posts
1
March 26th, 2014 12:00
I've done some work with retention lock. Only Retention Lock Compliance would prevent a rogue administrator from destroying filesystems, deleting MTrees, etc..
Once Retention Lock Compliance is enabled on the system it can't be disabled. There are some serious operational restrictions imposed on Retention Lock Compliance systems. Some examples:
Note that these restrictions may also interfere with the correct operation of the backup software. Since retention lock can be enabled on an MTree by MTree basis, it might be best to enable retention lock on an MTree specifically created for that purpose, then fastcopy the data you wish to lock into that MTree instead of trying to retention lock a "live" MTree. Unfortunately this approach would mean you would have to periodically clean up old files out of the retention locked MTree once the lock expired since the backup software would have no visibility into this MTree.
Edit: I forgot to add that actually locking files is done by mounting an NFS export of the retention lock-enabled MTree to an external system and updating the access time of the files to a future date using a utility like the Linux / UNIX "touch" command.
MStOnge1
7 Posts
1
March 26th, 2014 17:00
Rentention Lock is great... or one could simply address the real problem:
1) retrain the rogue
2) counsel the rogue
3) terminate the Rogue for non-compliance...
However...retention lock gives the greatest chance of success and data protection...