Security overview¶

Bacula charms¶

Please refer to the Bacula security document on Bacula security issues.

In the current version of the Bacula charms (bacula-server, bacula-fd), the following non-default protections are omitted:

bacula-dir and bacula-sd run as root.
The internal firewall and TCP wrappers are not enabled.
TLS is not enabled, meaning transmission between bacula-fd and bacula-server is unencrypted.
Volume encryption is disabled; backups stored in S3 are unencrypted.

The backup integrator charm is a workload-less subordinate charm. There are no security vulnerabilities beyond Juju’s intrinsic ones.