|(Photo credit: Wikipedia)|
Normally for a Linux server I run a script to compress certain directories into a tarball, then I download them later to my backup server to write to tape. Since all my emails on my new email server are stored in an encrypted volume, I wanted to make sure that the files that were stored in the encrypted volume could be backed up in an encrypted tarball that I could download later. That way if someone were to seize my server, the encrypted volume wouldn't be mounted and the backup files would be encrypted as well.
Well there is a handy utility that you can pipe tar into that will do just that, and it's called ccrypt. To install it on Ubuntu just run:
sudo apt-get install ccryptNow to automate the encryption you need to store you encryption passphrase in a text file. I stored mine in a hidden file called .passkey which is kept in my encrypted volume. That way if the server is rebooted, the .passkey file is safe. For this article, let's say that passkey is stored in /var/encrypted.
The command you would run to backup the /var/backup folder would be:
tar -czvf - /var/backup/ | ccrypt -k /var/encrypted/.passkey > backup.tgz.cptYou can also add a date stamp to your encrypted tarball by appending `date '+%d-%B-%Y'` to the file name. In that case your command would look something like this:
tar -czvf - /var/backup/ | ccrypt -k /var/encrypted/.passkey > backup-`date '+%d-%B-%Y'`.tgz.cptNow if you ever need to restore your backup, just run the following to decrypt the file:
ccrypt -d backup.tgz.cptIt will prompt you for the passphrase, then it will output the decrypted tarball to backup.tgz. After that, you can untar like usual.
Now you just need to copy those files off to a safe location, and you have a backup that is still safe from the feds, and hackers.