LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-03-2012, 10:12 AM   #1
Steviepower
Member
 
Registered: May 2010
Location: Eindhoven
Distribution: ubuntu/debian
Posts: 152

Rep: Reputation: 25
Question Professional way to make secure backups


Hello,

I have a server with a RAID5 array with important data on it, so of course I would like to make offsite backups. I have an external harddisk that is big enough to put these backups on. The problem here is that I want to maintain the same CIA values(confidentiality, Integrety and Availability) when I put this external harddisk somewhere else it'll influence the confidentiality too much if the data is just on there. So encryption of the data might solve my problem but how do I do this?

I want to make regular backups using preferably rsync(or something like that) and I want to keep the file permissions the same so I can just turn the backup around and go back a version. Also I want this to be done within a few hours over a gb connection.

What is the "professional" and secure way to do this?

I've read about encrypted filesystems and encrypted containers for the files but it's hard to pick something and I'd like to know what is usually used.

backups from my laptop to the server with raid5 are already done using a custom rsync script.but there are more systems that use the backup server and they all need to be able to access their data in a secure way.

thanks in advance!
 
Old 04-03-2012, 12:21 PM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,003
Blog Entries: 5

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
rsync is using ssh transport by default so is encrypting/decrypting the data transfer. That alone is going to slow things down. If you write to/read from an encrypted filesystem I suspect it would slow things down even further.

What you might want to do is look for another backup utility. Bacula is one I see mentioned frequently though I don't use it. (We use commercial NetBackup which has its own ecryption stuff.) On checking to see if Bacula does encrypted backups I found it does:

http://www.bacula.org/en/dev-manual/...ncryption.html
 
Old 04-03-2012, 02:08 PM   #3
Steviepower
Member
 
Registered: May 2010
Location: Eindhoven
Distribution: ubuntu/debian
Posts: 152

Original Poster
Rep: Reputation: 25
isn't Bacula something for scheduled backups? all I want to do is make a manual backup every week, to an external harddisk where I can preferably verify the integrity(checksum?) and also recover files and permissions from.
 
Old 04-03-2012, 11:05 PM   #4
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Servers: Debian Squeeze and Wheezy. Desktop: Slackware64 14.0. Netbook: Slackware 13.37
Posts: 8,546
Blog Entries: 28

Rep: Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176
Quote:
Originally Posted by Steviepower View Post
isn't Bacula something for scheduled backups?
Yes it is but you can configure it with no schedules and run jobs either manually (from the Bat GUI or the bconsole shell) or by script.
 
Old 04-04-2012, 02:06 AM   #5
Steviepower
Member
 
Registered: May 2010
Location: Eindhoven
Distribution: ubuntu/debian
Posts: 152

Original Poster
Rep: Reputation: 25
Thank you all for thinking along!
I'm going to virtualise a server to test this out. Only thing is... the harddrive is connected to my laptop, an ubuntu machine that I use for multiple purposes, I don't need the off site backups to be done too often, but I do want them secure.

Isn't there an easier way where I can just backup everything to an encrypted file that I can open (say with a password?) and that also has checksums for the files? I do want my integrety and confidentiallity to be secure and I might even want to try and also backup my gb's to a shared public drive somewhere and for this I want to make sure it's not tampered with when I do a recovery.
 
Old 04-04-2012, 05:11 AM   #6
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Servers: Debian Squeeze and Wheezy. Desktop: Slackware64 14.0. Netbook: Slackware 13.37
Posts: 8,546
Blog Entries: 28

Rep: Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176
Quote:
Originally Posted by Steviepower View Post
Isn't there an easier way where I can just backup everything to an encrypted file that I can open (say with a password?) and that also has checksums for the files? I do want my integrety and confidentiallity to be secure and I might even want to try and also backup my gb's to a shared public drive somewhere and for this I want to make sure it's not tampered with when I do a recovery.
Almost certainly! Configuring Bacula is no-trivial; it is an enterprise level solution with the power (and associated complexity!) that implies.

tar (and others) could be used for the backup and gpg (and others) could be used to encrypt the tarball. Nice to keep checksums for both the encrypted and unencrypted files.
 
Old 04-04-2012, 05:16 AM   #7
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
I'm assuming that the external drive is local to your laptop, and you want a local copy of all your backups on the raid 5 server.

You can create a LUKS encrypted partition on the external drive. Mount the partition, then use whatever method you want to download the backups on the RAID5 server.

When you unmount and disconnect the external drive, it will be encrypted.
 
1 members found this post helpful.
Old 04-04-2012, 09:35 AM   #8
Steviepower
Member
 
Registered: May 2010
Location: Eindhoven
Distribution: ubuntu/debian
Posts: 152

Original Poster
Rep: Reputation: 25
Yes that is exactly what I need! Going to try http://tipstrickshowtos.blogspot.com...into-your.html later.

All I need now is to verify that what is on the file system is also what is on the disk... are there any easy tools for that?
 
Old 04-05-2012, 02:38 PM   #9
Steviepower
Member
 
Registered: May 2010
Location: Eindhoven
Distribution: ubuntu/debian
Posts: 152

Original Poster
Rep: Reputation: 25
I've tried this with a usb drive on ubuntu and it worked great! now trying the same with the harddisk connected to the server and I'm running into: http://www.linuxquestions.org/questi...-error-938345/

 
Old 05-30-2012, 04:30 AM   #10
Steviepower
Member
 
Registered: May 2010
Location: Eindhoven
Distribution: ubuntu/debian
Posts: 152

Original Poster
Rep: Reputation: 25
okay, did it using my laptop over the network.
 
  


Reply

Tags
backup, encryption, rsync


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Advice For: Secure and Automated Backups LinuxLearn Linux - Security 10 03-17-2010 05:44 AM
LXer: Spideroak: Secure Offsite Backups For Linux LXer Syndicated Linux News 0 01-23-2009 07:10 AM
need to make backups of cisco routers jrmontg Linux - Networking 1 04-26-2005 09:12 AM
unattended, *secure* ssh backups offline Linux - Security 1 10-10-2004 09:32 PM
How to make backups of copy protected CD's. nrunge Linux - Software 1 08-03-2004 01:46 AM


All times are GMT -5. The time now is 04:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration