Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a server with a RAID5 array with important data on it, so of course I would like to make offsite backups. I have an external harddisk that is big enough to put these backups on. The problem here is that I want to maintain the same CIA values(confidentiality, Integrety and Availability) when I put this external harddisk somewhere else it'll influence the confidentiality too much if the data is just on there. So encryption of the data might solve my problem but how do I do this?
I want to make regular backups using preferably rsync(or something like that) and I want to keep the file permissions the same so I can just turn the backup around and go back a version. Also I want this to be done within a few hours over a gb connection.
What is the "professional" and secure way to do this?
I've read about encrypted filesystems and encrypted containers for the files but it's hard to pick something and I'd like to know what is usually used.
backups from my laptop to the server with raid5 are already done using a custom rsync script.but there are more systems that use the backup server and they all need to be able to access their data in a secure way.
rsync is using ssh transport by default so is encrypting/decrypting the data transfer. That alone is going to slow things down. If you write to/read from an encrypted filesystem I suspect it would slow things down even further.
What you might want to do is look for another backup utility. Bacula is one I see mentioned frequently though I don't use it. (We use commercial NetBackup which has its own ecryption stuff.) On checking to see if Bacula does encrypted backups I found it does:
isn't Bacula something for scheduled backups? all I want to do is make a manual backup every week, to an external harddisk where I can preferably verify the integrity(checksum?) and also recover files and permissions from.
Thank you all for thinking along!
I'm going to virtualise a server to test this out. Only thing is... the harddrive is connected to my laptop, an ubuntu machine that I use for multiple purposes, I don't need the off site backups to be done too often, but I do want them secure.
Isn't there an easier way where I can just backup everything to an encrypted file that I can open (say with a password?) and that also has checksums for the files? I do want my integrety and confidentiallity to be secure and I might even want to try and also backup my gb's to a shared public drive somewhere and for this I want to make sure it's not tampered with when I do a recovery.
Isn't there an easier way where I can just backup everything to an encrypted file that I can open (say with a password?) and that also has checksums for the files? I do want my integrety and confidentiallity to be secure and I might even want to try and also backup my gb's to a shared public drive somewhere and for this I want to make sure it's not tampered with when I do a recovery.
Almost certainly! Configuring Bacula is no-trivial; it is an enterprise level solution with the power (and associated complexity!) that implies.
tar (and others) could be used for the backup and gpg (and others) could be used to encrypt the tarball. Nice to keep checksums for both the encrypted and unencrypted files.
I'm assuming that the external drive is local to your laptop, and you want a local copy of all your backups on the raid 5 server.
You can create a LUKS encrypted partition on the external drive. Mount the partition, then use whatever method you want to download the backups on the RAID5 server.
When you unmount and disconnect the external drive, it will be encrypted.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.