[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: backup utilities: boxbackup?


On Thu, Oct 27, 2005 at 09:46:25AM -0500, dick_(_at_)_uchicago_(_dot_)_edu wrote:
>i'm currently using bzip2-ed dumps to backup my machines and i
>wonder if there is a better way to do it. by better i mean
>more secure and more automated than adding cron jobs.

>i am interested in encrypted backups, as i would prefer to
>have non-hijackable backups. i did see
>http://www.fluffy.co.uk/boxbackup/ and a couple posts about it
>here on misc_(_at_)__(_dot_)_

>can anybody vouch for the stability/reliability of this backup
>solution (besides the dev, ;) )?


I have a simpler backup encryption scheme running. On the box itself,
I have a file /etc/(subdir)/crypt_key, containing a hexadecimal string,
representing 512 bytes of random stuff (probably overkill but so then).

Then I have a small script .../backup_encrypt that looks like this:
#! /bin/sh
exec /usr/sbin/openssl enc -aes-256-cfb -in /dev/stdin -out /dev/stdout \
  -k `cat /etc/(subdir)/crypt_key`

And then, I pipe the gzip output (in my case I don't want that big CPU
hog named bzip2, and gzip is in base, while bzip2 isn't) into that
backup_encrypt thing.

I have a separate backup of /etc/(subdir)/crypt_key and a few scripts
(e.g. the backup_decrypt counterpart [just add -d after "enc" in the
openssl invocation]) in a few places that are secure enough for me.

Kind regards,