Friday, November 30, 2007

Encrypted Offsite Backup - Part I

For a couple of years now I've been performing offsite backups using the following process.

1. If not already loaded, boot into my Windows XP partition on my laptop
2. Copy all important files to a directory inside of the My Documents folder
3. Zip everything up using 7zip
4. Encrypt the zip file created in step 3 using AxCrypt
5. Copy the file to my backup server in another state using scp

The process didn't usually bother me too much because I'd kick off the zipping and copying processes before heading to bed so they'd just run at night. The problem with that process is obvious, it requires me manually initiating the process. As I've become painfully aware of most of us IT guys neglect our backups until it is too late. In my situation I've got a mixed home network running Debian, Ubuntu, Windows XP, uNSLUng and another distro or two when the urge strikes me. Well it came time to pony up and get with the program so I figured out a solution that once set up would give me secure offsite backups but also eliminate the time of doing the copying and zipping manually.

The solution involves using encfs to encrypt the data before copying it to the offsite machines using a mount created with sshfs. Below is the bash function I created that does the action for me, I'll be updating to use a key later but for now it just runs through cron and prompts me for the password.

function offsiteBackup

## set variables

## remove encryption/decryption directories to make sure everything is gone
echo "Cleaning up from previous backups"
rm -rf $DIRBASE
mkdir -p "$DIRENC"
mkdir -p "$DIRDEC"

## mount the encryption and decryption directories
echo "Directories mounted"

## copy all files that will be backed up
## NOTE: since the remote machines were mounted using sshfs only
##        the cp command is necessary.
echo "Copying files backup files from remote locations"
cp /media/remote1/settings.xml $DIRDEC
cp /media/remote1/mystuff $DIRDEC

echo "Files copied to the backup unencrypted directory"

## umount the decrypted directory
fusermount -u $DIRDEC

## create the zipped archive backup file
tar -czvf backup.tar.gz $DIRENC

## remove encryption/decryption directories to make sure everything is gone
echo "Removing backup directories"
rm -rf $DIRBASE


In Part II I'll be investigating if this same process can be followed with the Windows boxes using cygwin or some other alternative but for now this should get the Linux junkies started.

Special thanks for Tom Lowry at the University of Arizona Computer Science department for this post that got me started.

No comments: