Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

bleblancUL

20 Posts

783

March 26th, 2014 11:00

Protecting data from a rogue admin?

Hello,

Does anyone know if there is a way to protect data on a DD from a potential rogue admin?

I'm looking into Retention Lock and from what I can tell I would be looking at Compliancebecause apparently it's the only thing that prevents a filesys destroy.

e.g.

When filesys destroy is run on a system with a DD Retention Lock Governance enabled MTree:

  • All data is destroyed, including retention-locked data.
  • All filesys options are returned to their defaults. This means that retention locking is disabled and the minimum and maximum retention periods are set back to their default values on the newly created file system.

Note

  This command is not allowed if DD Retention Lock Compliance is enabled on the system.

Does anyone have any experience with such an issue and have an advise?

-Brian

ionthegeek

2K Posts

March 26th, 2014 12:00

I've done some work with retention lock. Only Retention Lock Compliance would prevent a rogue administrator from destroying filesystems, deleting MTrees, etc..

Once Retention Lock Compliance is enabled on the system it can't be disabled. There are some serious operational restrictions imposed on Retention Lock Compliance systems. Some examples:

  • Security officer signoffs are required for a number of operational changes. For example, adjusting time sync settings or entering SE mode at the command line.
  • Once retention lock is enabled for an MTree, it cannot be disabled.
  • It is no longer possible to delete an MTree.
  • It's not possible to reduce the minimum or maximum lock periods -- these settings can only ever be increased

Note that these restrictions may also interfere with the correct operation of the backup software. Since retention lock can be enabled on an MTree by MTree basis, it might be best to enable retention lock on an MTree specifically created for that purpose, then fastcopy the data you wish to lock into that MTree instead of trying to retention lock a "live" MTree. Unfortunately this approach would mean you would have to periodically clean up old files out of the retention locked MTree once the lock expired since the backup software would have no visibility into this MTree.

Edit: I forgot to add that actually locking files is done by mounting an NFS export of the retention lock-enabled MTree to an external system and updating the access time of the files to a future date using a utility like the Linux / UNIX "touch" command.

MStOnge1

7 Posts

March 26th, 2014 17:00

Rentention Lock is great... or one could simply address the real problem:

1)  retrain the rogue

2) counsel the rogue

3)  terminate the Rogue for non-compliance...

However...retention lock gives the greatest chance of success and data protection...

View More

View All

No Events found!

Top