(___) ( O ) /-------\ / / | ||V * ||----|| ^^ ^^
we are setting up a crontab with two components
warning: beware of symlinks - the target folders defined in backup.lst
must not be symlinks (parent folder being a symlink is ok)
for alternatives see poor-mans-backup-rsync
apt install ksh lftp
in case you choose GNUPG
apt purge gnupg2 gnupg apt install gnupg1
otherwise openssl should be there already
slackpkg search ksh93 slackpkg search lftp
(PDKSH in da place) pkg_info | grep lftp
first things first, check that you can reach your FTP service
e.g. Dedibackup auth based on MAC address (note the ,
and absence of a password afterwards), as long as you enable autologin
lftp -u auto, DEDIBACKUP_SERVER_ADDRESS
and eventually wipe out your previous backup data
#glob -a rm -r -f *
which gpg || ln -s gpg1 /usr/bin/gpg ls -lF /usr/bin/gpg
version 1 is fine and check for available ciphers for symmetric encryption
gpg --version
now here’s how to encrypt
echo lala | gpg --no-use-agent --symmetric --cipher-algo TWOFISH \ --passphrase 'SYMMETRIC-KEY-HERE' --output lala.gpg file lala.gpg
and how to decrypt
gpg --no-use-agent --decrypt --cipher-algo TWOFISH \ --passphrase 'SYMMETRIC-KEY-HERE' < lala.gpg
openssl version openssl enc -ciphers key=SYMMETRIC-KEY-HERE
now here’s how to encrypt
echo lala | openssl enc -camellia-256-ctr -e -k "$key" -pbkdf2 -out lala.camellia file lala.camellia cat lala.camellia
and how to decrypt
openssl enc -camellia-256-ctr -d -k "$key" -pbkdf2 < lala.camellia
Fetch the script templates as root, rename, tune a few variables and set the executable bit
cd /root/ wget https://pub.nethence.com/bin/backup/backup.ksh.txt wget https://pub.nethence.com/bin/backup/upload.ksh.txt mv backup.ksh.txt backup.ksh mv upload.ksh.txt upload.ksh chmod +x backup.ksh chmod +x upload.ksh vi /root/backup.conf backupdir=/data/backup/$HOSTNAME maxold=5 secret="SYMMETRIC-KEY-HERE" uploaddir=/data/backup # rsync, ftp or none method=ftp # FTP server=FTP-SERVER user=auto pass="" # RSYNC/SSH #rsyncdest=SSH-SERVER:/path/to chmod 600 backup.conf vi /root/backup.lst /etc /root /var
and keep a copy of the key some place outside the server you wanna backup. Also write down your FTP password that you get from the DediBackup console, as you will still be able to reach your backups through normal FTP login if needed from a remote site.
check the configurations again
chmod 600 /root/backup.conf chmod 600 /root/backup.lst cat /root/backup.conf cat /root/backup.lst
attempt a manual backup and check for resulting files
mkdir -p /data/backup/$HOSTNAME/ #mkdir -p /var/backup/$HOSTNAME/ time nice /root/backup.ksh ls -lhF /data/backup/$HOSTNAME/
also attempt a bulk upload.
time nice /root/upload.ksh
and finally enable the job every night as a priviledged cron job as follows.
vi /etc/daily
vi /root/DAILY time nice /root/backup.ksh time nice /root/upload.ksh
crontab -e 51 03 * * * time nice /root/backup.ksh; time nice /root/upload.ksh
attempt to restore from an encrypted archive (decrypt with -d
instead of -e
)
secret=SYMMETRIC-KEY-HERE bkpfile=FILE.tar.lz4.camellia tarfile=${bkpfile%\.camellia} file $bkpfile openssl enc -d -camellia-256-ctr -k "$secret" -pbkdf2 -in $bkpfile -out $tarfile file $tarfile mkdir lala/ tar -I lz4 -xpSf $tarfile -C lala/
eventually check the content of every archive sample, just to make sure you truly got the folder content, in case it’s a symlink.
eventually keep the script up-to-date
curl -s https://pub.nethence.com/bin/backup/backup.ksh.txt | diff -bu - backup.ksh
lftp user credentials do not work with -e or -c https://unix.stackexchange.com/questions/469787/lftp-user-credentials-do-not-work-with-e-or-c
Mirror copying hidden (dot) files regardless. #251 https://github.com/lavv17/lftp/issues/251 –> or consider yafc instead?
How to use tar with lz4? https://stackoverflow.com/questions/24063846/how-to-use-tar-with-lz4
openssl-enc, enc - symmetric cipher routines https://man.netbsd.org/openssl_enc.1
How to password protect gzip files on the command line? https://superuser.com/questions/162624/how-to-password-protect-gzip-files-on-the-command-line
How to Encrypt and Decrypt Files and Directories Using Tar and OpenSSL https://www.tecmint.com/encrypt-decrypt-files-tar-openssl-linux/
How should I change encryption according to *** WARNING : deprecated key derivation used https://askubuntu.com/questions/1093591/how-should-i-change-encryption-according-to-warning-deprecated-key-derivat
How to use OpenSSL to encrypt/decrypt files? https://stackoverflow.com/questions/16056135/how-to-use-openssl-to-encrypt-decrypt-files
Encrypting and decrypting documents https://www.gnupg.org/gph/en/manual/x110.html
Symmetric Key Encryption with GnuPG http://www.savvyadmin.com/symmetric-key-encryption-with-gnupg/
GPG Encryption Guide - Part 4 (Symmetric Encryption) https://www.tutonics.com/2012/11/gpg-encryption-guide-part-4-symmetric.html
Home directory backup - The quick ‘n’ dirty guide https://www.dedoimedo.com/computers/linux-home-dir-backup-tar-gpg-guide.html
Thread: gpg: gpg-agent is not available in this session https://ubuntuforums.org/showthread.php?t=1420156
gpg encrypt file without keyboard interaction [closed] https://stackoverflow.com/questions/9460140/gpg-encrypt-file-without-keyboard-interaction
How can I automate gpg decryption which uses a passphrase while keeping it secret? https://unix.stackexchange.com/questions/400772/how-can-i-automate-gpg-decryption-which-uses-a-passphrase-while-keeping-it-secre
Encrypt tar.gz file on create https://askubuntu.com/questions/95920/encrypt-tar-gz-file-on-create