Jun 26, 2013

Encrypt Your Linux Tarball Backups

Tux, the Linux penguin
(Photo credit: Wikipedia)
Again with my anti-NSA server... This time I had to figure out how to back it up. Now Linode.com, where I am hosting it, does have a backup solution for an extra $100 per month... Um, no thanks.

Normally for a Linux server I run a script to compress certain directories into a tarball, then I download them later to my backup server to write to tape. Since all my emails on my new email server are stored in an encrypted volume, I wanted to make sure that the files that were stored in the encrypted volume could be backed up in an encrypted tarball that I could download later. That way if someone were to seize my server, the encrypted volume wouldn't be mounted and the backup files would be encrypted as well.

Well there is a handy utility that you can pipe tar into that will do just that, and it's called ccrypt. To install it on Ubuntu just run:
sudo apt-get install ccrypt
Now to automate the encryption you need to store you encryption passphrase in a text file. I stored mine in a hidden file called .passkey which is kept in my encrypted volume. That way if the server is rebooted, the .passkey file is safe. For this article, let's say that passkey is stored in /var/encrypted.

The command you would run to backup the /var/backup folder would be:
tar -czvf - /var/backup/ | ccrypt -k /var/encrypted/.passkey > backup.tgz.cpt
You can also add a date stamp to your encrypted tarball by appending `date '+%d-%B-%Y'` to the file name. In that case your command would look something like this:
tar -czvf - /var/backup/ | ccrypt -k /var/encrypted/.passkey > backup-`date '+%d-%B-%Y'`.tgz.cpt
Now if you ever need to restore your backup, just run the following to decrypt the file:
ccrypt -d backup.tgz.cpt
It will prompt you for the passphrase, then it will output the decrypted tarball to backup.tgz. After that, you can untar like usual.

Now you just need to copy those files off to a safe location, and you have a backup that is still safe from the feds, and hackers.
Enhanced by Zemanta

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam