Document optional NTP server

README.md

@@ -38,6 +38,8 @@ Works on x64 **Linux** , **NAS** solutions based on arm/arm64, **Windows** x64 a
   - Backup process and IO priority settings
   - Upload / download speed limits*
   - Remote connectivity concurrency settings*
+- Per repo / group retention policies
+  - Will also avoid wrong date data destruction via optional NTP queries
 - Comes with full exclusion lists for Linux and Windows
 - First class prometheus support
   - Restic results metric generation

SECURITY.md

@@ -49,4 +49,9 @@ to show actual secrets.
 
 When using `--show-config` or right click `show unecrypted`, we should only show unencrypted config if password is set.  
 Envivironmnt variable `NPBACKUP_MANAGER_PASSWORD` will be read to verify access.
-Also, when wrong password is entered, we should wait in order to reduce brute force attacks.
+Also, when wrong password is entered, we should wait in order to reduce brute force attacks.
+
+# NPF-SEC-00010: Date attacks
+
+When using retention policies, we need to make sure that current system date is good, in order to avoid wrong retention deletions.  
+When set, an external NTP server is used to get the offset. If offset is high enough (10 min), we avoid executing the retention policies.

npbackup/core/runner.py

@@ -1183,6 +1183,7 @@ class NPBackupRunner:
             self.write_logs(f"Forgetting snapshots {snapshots}", level="info")
             result = self.restic_runner.forget(snapshots)
         elif use_policy:
+            # NPF-SEC-00010
             # Let's check if we can get a valid NTP server offset
             # If offset is too big, we won't apply policy
             # Offset should not be higher than 10 minutes, eg 600 seconds