Poor Man’s Backup

           (___)
           ( O )
    /-------\ / 
   / |     ||V  
  *  ||----||   
     ^^    ^^   

Introduction

We’re basically setting up a crontab with two components:

Requirements:

An alternative would be to use rsync remotely from a dedicated backup host. And there’s also:

As for database backups you might add a few mysqldumps to the script or eventually use Mydumper.

Dedibackup

First, check that you can reach your FTP service e.g. Dedibackup auth based on MAC address (note the , and absence of a password afterwards), as long as you enable autologin

lftp -u auto, DEDIBACKUP_SERVER_ADDRESS

and eventually clean your shit up

#glob -a rm -r -f *

GPG v1 symmetric encryption

gpg --version | head -1 # v1 is fine
gpg --version | grep Cipher
echo lala | gpg --no-use-agent --symmetric --cipher-algo TWOFISH --passphrase 'KEY_HERE' --output lala.gpg
file lala.gpg
gpg --no-use-agent --decrypt --cipher-algo TWOFISH --passphrase 'KEY_HERE' < lala.gpg

OpenSSL symmetric encryption

openssl version
echo lala | openssl enc -aes-256-cbc -e -k 'LALA' -out lala.aes
file lala.aes
openssl enc -aes-256-cbc -d -k 'LALA' < lala.aes

Setup

Fetch the script templates as root, rename, tune a few variables and set the executable bit

cd /root/
wget https://pub.nethence.com/bin/BACKUP.txt
cp BACKUP.txt BACKUP
vi BACKUP

secret=NEW-SYMMETRIC-KEY-HERE
server=FTP-SERVER

chmod +x BACKUP

and keep a copy of the key some place outside the server you wanna backup. Also write down your FTP password that you get from the DediBackup console, as you will still be able to reach your backups through normal FTP login if needed from a remote site.

Acceptance

Keep the script up-to-date (only secret and server should differ)

curl -s https://pub.nethence.com/bin/BACKUP.txt | diff -bu - BACKUP

Run a manual backup

time nice /root/BACKUP

Look for resulting files and check that this is multi-core capable (>100%)

ls -lF /data/backup/
top -b | grep gpg

And finally enable the job every night as a root cron.

15 3 * * * time nice /root/BACKUP 2>&1

Resources

lftp

lftp user credentials do not work with -e or -c https://unix.stackexchange.com/questions/469787/lftp-user-credentials-do-not-work-with-e-or-c

gpg

Encrypting and decrypting documents https://www.gnupg.org/gph/en/manual/x110.html

Symmetric Key Encryption with GnuPG http://www.savvyadmin.com/symmetric-key-encryption-with-gnupg/

GPG Encryption Guide - Part 4 (Symmetric Encryption) https://www.tutonics.com/2012/11/gpg-encryption-guide-part-4-symmetric.html

Home directory backup - The quick ‘n’ dirty guide https://www.dedoimedo.com/computers/linux-home-dir-backup-tar-gpg-guide.html

duplicity https://www.digitalocean.com/community/tutorials/how-to-use-duplicity-with-gpg-to-securely-automate-backups-on-ubuntu

Thread: gpg: gpg-agent is not available in this session https://ubuntuforums.org/showthread.php?t=1420156

gpg encrypt file without keyboard interaction [closed] https://stackoverflow.com/questions/9460140/gpg-encrypt-file-without-keyboard-interaction

How can I automate gpg decryption which uses a passphrase while keeping it secret? https://unix.stackexchange.com/questions/400772/how-can-i-automate-gpg-decryption-which-uses-a-passphrase-while-keeping-it-secre

Encrypt tar.gz file on create https://askubuntu.com/questions/95920/encrypt-tar-gz-file-on-create

ssl

How to password protect gzip files on the command line? https://superuser.com/questions/162624/how-to-password-protect-gzip-files-on-the-command-line

How to Encrypt and Decrypt Files and Directories Using Tar and OpenSSL https://www.tecmint.com/encrypt-decrypt-files-tar-openssl-linux/

How should I change encryption according to *** WARNING : deprecated key derivation used https://askubuntu.com/questions/1093591/how-should-i-change-encryption-according-to-warning-deprecated-key-derivat


Nethence | Pub | Lab | Pbraun | SNE Russia | xhtml