fusionauth / security-scripts Goto Github PK

The backup script in template/ubuntu-16.04/backup.sh uses /tmp/backups as the destination of backup files (as well as intermediate files).

BACKUP_DIR=/tmp/backups

On some distros /tmp is cleared either on boot or by regular cron jobs: http://serverfault.com/questions/377348/when-does-tmp-get-cleared

On other systems /tmp is backed by RAM and may be lost on crashes.

This is not the default behaviour on Ubuntu, but should a different directory be chosen in case this script is used on a distro that does clear tmp OR if a user happens to configure their Ubuntu server to clear tmp?

Perhaps this is actually a philosophical point: backups are not temporary by definition. They are persistent (at least for the duration of the retention policy).

How about /root/backups? Is there an even better option? Is /tmp actually the right place; why?

I'm curious to hear your thoughts!

the default number of rounds is 5000. Increasing this number adds to the time it would take to brute-force or find a collision, while adding very little time to user login time. The chance of finding a collision is very low but this is an easy step to reduce it even more.

password    [success=1 default=ignore]  pam_unix.so obscure try_first_pass sha512 rounds=200000