-   Linux - Security (
-   -   Encrypted data backup w/truecrypt (

Roflcopter 04-12-2009 02:21 AM

Encrypted data backup w/truecrypt
I'm trying to perform system backups from three or four client computers to a hard drive on a dedicated Linux server. I've spent about a week researching this, and setting up a test of what I'm trying to do. The backup data must be encrypted (preferably with something strong, e.g. aes256) both as it leaves the client computers (so that the data can't be intercepted on its way to the server) and as it's written to the backup hard drive. The backup space must somehow be mounted as a network drive on the client - this is absolutely necessary.

My solution was to set up Samba and TrueCrypt on Linux, have TrueCrypt use the entire hard drive as a container (only 1 partition on the hard drive, and it's not the same hd that the system is installed on), and mount it. Samba would then share the TrueCrypt mount.

I have some problems that I've unsuccessfully tried to Google that I'd like to ask about:
- How do I encrypt the data as it moves between the client and the server? I've seen many tutorials on using ssh to tunnel port 139, but I know that Windows file sharing uses more ports than that, so I assume that's just for the purpose of bypassing firewalls and moving it to another port? Is there any way to use OpenSSL (I've looked into it but don't really understand how to apply it to this situation)? Should I use OpenVPN (I have no VPN experience or knowledge but if it's the best way I'm willing to learn)
- What does Samba do when the share that it's sharing doesn't exist? I ask because I'm running into trouble where I can unmount the truecrypt container (which is the samba share), but on the client I can still write to the Samba share (which theoretically shouldn't exist). It's likely that my Samba is misconfigured, correct?

I'd appreciate any help. :)


Retrievil_Knievil 04-12-2009 05:41 AM

I also tried to set up a similar system, but decided to go with Bacula in stead, might be overkill for four computers, but really gives you some leverage when it comes to options. It can encrypt/compress data before it leaves the client, and can be configured for a very hassle-less work flow, with minimal interaction from a user.

It has Windows/Mac Clients, and included clients in most Linux distributions. It also can be set up to use a ssh tunnel if you plan to back up remote machines, and need extra security.

I would give it a read, and see if it was something worth looking into. It took me a day to configure everything, including reading and scratching my head, but once I have it set up, I feel like I'm just scratching the surface as to what I can make it do for me...:)

Check it out here? :

All times are GMT -5. The time now is 07:24 AM.