From 292a40d3a7e358c168ce55d1de2594427369662e Mon Sep 17 00:00:00 2001
From: deajan <ozy@netpower.fr>
Date: Wed, 24 Apr 2024 00:02:52 +0200
Subject: [PATCH] Document optional NTP server

---
 README.md               | 2 ++
 SECURITY.md             | 7 ++++++-
 npbackup/core/runner.py | 1 +
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e8947e7..cae7db7 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,8 @@ Works on x64 **Linux** , **NAS** solutions based on arm/arm64, **Windows** x64 a
   - Backup process and IO priority settings
   - Upload / download speed limits*
   - Remote connectivity concurrency settings*
+- Per repo / group retention policies
+  - Will also avoid wrong date data destruction via optional NTP queries
 - Comes with full exclusion lists for Linux and Windows
 - First class prometheus support
   - Restic results metric generation
diff --git a/SECURITY.md b/SECURITY.md
index 89d774c..22ccce7 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -49,4 +49,9 @@ to show actual secrets.
 
 When using `--show-config` or right click `show unecrypted`, we should only show unencrypted config if password is set.  
 Envivironmnt variable `NPBACKUP_MANAGER_PASSWORD` will be read to verify access.
-Also, when wrong password is entered, we should wait in order to reduce brute force attacks.
\ No newline at end of file
+Also, when wrong password is entered, we should wait in order to reduce brute force attacks.
+
+# NPF-SEC-00010: Date attacks
+
+When using retention policies, we need to make sure that current system date is good, in order to avoid wrong retention deletions.  
+When set, an external NTP server is used to get the offset. If offset is high enough (10 min), we avoid executing the retention policies.
\ No newline at end of file
diff --git a/npbackup/core/runner.py b/npbackup/core/runner.py
index c555b70..af6ff3e 100644
--- a/npbackup/core/runner.py
+++ b/npbackup/core/runner.py
@@ -1183,6 +1183,7 @@ class NPBackupRunner:
             self.write_logs(f"Forgetting snapshots {snapshots}", level="info")
             result = self.restic_runner.forget(snapshots)
         elif use_policy:
+            # NPF-SEC-00010
             # Let's check if we can get a valid NTP server offset
             # If offset is too big, we won't apply policy
             # Offset should not be higher than 10 minutes, eg 600 seconds