LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 04-12-2009, 03:21 AM   #1
Roflcopter
LQ Newbie
 
Registered: Dec 2008
Distribution: Windows XP / Ubuntu 8.10 / Fedora 10
Posts: 22

Rep: Reputation: 16
Encrypted data backup w/truecrypt


I'm trying to perform system backups from three or four client computers to a hard drive on a dedicated Linux server. I've spent about a week researching this, and setting up a test of what I'm trying to do. The backup data must be encrypted (preferably with something strong, e.g. aes256) both as it leaves the client computers (so that the data can't be intercepted on its way to the server) and as it's written to the backup hard drive. The backup space must somehow be mounted as a network drive on the client - this is absolutely necessary.

My solution was to set up Samba and TrueCrypt on Linux, have TrueCrypt use the entire hard drive as a container (only 1 partition on the hard drive, and it's not the same hd that the system is installed on), and mount it. Samba would then share the TrueCrypt mount.

I have some problems that I've unsuccessfully tried to Google that I'd like to ask about:
- How do I encrypt the data as it moves between the client and the server? I've seen many tutorials on using ssh to tunnel port 139, but I know that Windows file sharing uses more ports than that, so I assume that's just for the purpose of bypassing firewalls and moving it to another port? Is there any way to use OpenSSL (I've looked into it but don't really understand how to apply it to this situation)? Should I use OpenVPN (I have no VPN experience or knowledge but if it's the best way I'm willing to learn)
- What does Samba do when the share that it's sharing doesn't exist? I ask because I'm running into trouble where I can unmount the truecrypt container (which is the samba share), but on the client I can still write to the Samba share (which theoretically shouldn't exist). It's likely that my Samba is misconfigured, correct?

I'd appreciate any help.

Thanks.
 
Old 04-12-2009, 06:41 AM   #2
Retrievil_Knievil
Member
 
Registered: Mar 2004
Location: Stavanger, Norway
Distribution: Gentoo, Slackware/SLAX, Knoppix, CentOS, IPCop & DSL
Posts: 138

Rep: Reputation: 21
I also tried to set up a similar system, but decided to go with Bacula in stead, might be overkill for four computers, but really gives you some leverage when it comes to options. It can encrypt/compress data before it leaves the client, and can be configured for a very hassle-less work flow, with minimal interaction from a user.

It has Windows/Mac Clients, and included clients in most Linux distributions. It also can be set up to use a ssh tunnel if you plan to back up remote machines, and need extra security.

I would give it a read, and see if it was something worth looking into. It took me a day to configure everything, including reading and scratching my head, but once I have it set up, I feel like I'm just scratching the surface as to what I can make it do for me...

Check it out here? :

http://www.bacula.org/en/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
TrueCrypt 5.1a Not enough data available or broken pipe error yasker Slackware 5 01-17-2009 02:23 PM
Truecrypt encrypted USB drive on Linux irairaira Linux - Newbie 9 01-09-2009 02:09 AM
Encrypted Ubuntu with TrueCrypt penguinHugger Linux - General 5 12-19-2008 04:08 PM
Tool to decrypt old encrypted harddrive and backup data before reformat bapigoo9 Linux - Software 5 12-02-2008 02:32 AM
LXer: TrueCrypt HOWTO — Truly Portable Data Encryption LXer Syndicated Linux News 0 05-26-2007 02:46 AM


All times are GMT -5. The time now is 08:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration