¶ Amanda Security
Amanda uses client/server trust, tape/disk storage workflows, and network services. Hardening should focus on host trust files, transport exposure, and backup media controls.
- Keep
amanda.conf host definitions explicit and minimal.
- Protect
.amandahosts and equivalent trust files with strict permissions.
- Restrict which clients can request/serve backups.
- Segment backup network from general user traffic.
¶ 2) Harden network services and ports
- Expose Amanda services only to known backup clients.
- Use host firewall rules for all Amanda-related ports.
- Disable unused Amanda components and authentication methods.
- Monitor connection attempts from unknown sources.
- Encrypt backup sets where supported by your storage workflow.
- Restrict access to tape changers/storage pools and catalog database.
- Implement offsite/immutable copy policy for critical workloads.
- Test catalog and media restore procedures regularly.
¶ Verification commands
amadmin --version 2>/dev/null || amdump --version 2>/dev/null
sudo ss -tulpn | grep -Ei 'amanda|10080|10081|10082|10083'
find /etc/amanda -maxdepth 2 -type f -ls
- Amanda docs: https://amanda.org/docs/
- Amanda source repository: https://github.com/zmanda/amanda
- Debian package/security tracker: https://security-tracker.debian.org/tracker/source-package/amanda