Features

General Features

The main feature this plugin offers is to act as an assistant in order to help the system administrator to have a more solid and secure environment. This can be divided into the following generic features:

Backup poisoning detection: Mark jobs with unexpected values in the amount of data processed, which could be a result of ransomware activities
Secure configuration assessment: Make suggestions of configuration modifications to help to comply with secure recommendations and best-practices
Failure patterns detection: Detection of potential issues related to running services
Friendly reports generation: Detailed logging of analysis activities while running
Persistent alerts generation: Summarized information that generates Bacula Events when each alert is created or recovered, to be updated with each analysis execution

Services

Below is the list of services/checks that the plugin provides:

Strong password checking
Duplicated password checking
Strong permissions in Bacula configuration
Correct users for running processes
Recent successful catalog backup
Recent successful backup of Bacula configuration
Recent usage of Restore jobs
Recent usage of Verify jobs
Recent usage of Copy/Migration jobs to a different storage tier
Usage of malware protection in jobs
Usage of restricted consoles
Usage of antivirus jobs for every client
Usage of Events in Message resources
Usage of encryption in the environment
Detect cloud devices without encryption
Usage of volume protection in the environment
Director status (errors, FIPS usage, debug flags)
Usage of DirAddress setting to limit Director service to be listening on specific interfaces
Reachability and status of Storage Daemons (errors, FIPS usage, debug flags)
Control of having enough free space on Storage Daemon devices
Control of having enough free space for Deduplication in Dedup enabled Storage Daemons
Detection of any kind of errors in Global Endpoint Deduplication engine (general errors, container errors, vacuum errors…)
Detection of orphan, suspect or missed references in Global Endpoint Deduplication engine
Recent execution of the Global Endpoint Deduplication Vacuum process for Dedup enabled Storage Daemons
Reachability and status of File Daemons (errors, FIPS usage, debug flags)
Usage of security plugin in each Client
Check running Bacula versions among the different daemons and report any unsupported differences
Check recent executions of PostgreSQL vacuum procedures over key tables for Bacula
Check recent executions of PostgreSQL analyze procedures over key tables for Bacula
Check if PostgreSQL configuration values are under or over the recommended thresholds
Backup poisoning detection through deviation analysis
Detection of jobs under a threshold success ratio
Detection of jobs without a recent successful execution
Detection of jobs failed consecutively a specified number of times
Detection of successful Full backup jobs that did not backup any data
Detection of jobs that were not copied to any 2-Tier storage layer
Detection of jobs that were never verified
Detection of jobs where a restore was never attempted
Detection of BWeb users which do not have 2Factor authentication enabled
Detection of Incremental or Differential jobs whose predecessor is no longer in the catalog
Detection of jobs where “will not descend” is reported due to ‘onefs = yes’. This is a possible indication that data which might be expected to be backed up is not being backed up
Report of jobs where viruses or malware is found
Report of recent recorded Bacula events about security (for instance, failed bconsole connections)
Report of jobs with Global Endpoint Deduplication enabled which show a low deduplication ratio

This list of features will be growing with future versions of this plugin.