Backing up FreeBSD and other Unix systems securely

Mon May 18 13:58:37 UTC 2009

On Sun, May 17, 2009 at 09:12:57AM -0700, Kelly Jones wrote:

> I tried using Mozy for backups because they offer unlimited space, but
> 1) they don't support FreeBSD, 2) they encrypt file contents, but NOT
> file names, and 3) they don't do true versioned backups. Easy
> workaround for 1): rsync to a Mac/Windows and backup from there, but
> 2) and 3) are more difficult.

Is there any possibility of using your own media locally - such as
tape or a large USB attached disk?    If security is such a primary 
concern, I can't see sending the data to that type of offsite thing.

Get a couple of large USB SATAs and use dump(8) to back the stuff up
on them.    Write them encrypted if you need.

////jerry

> 
> My plan:
> 
>  % Use "dd if=/dev/random of=mykey" to create a random blowfish key
> 
>  % Blowfish encrypt mykey with a passphrase only I know. Backup the
>  encrypted blowfish key to a remote host.
> 
>  % Keep track of when I last ran the backup program ("touch
>  /some/path/timestamp" at start of run) and only backup files that've
>  been modified more recently ("find / -newer /some/path/timestamp").
> 
>  % To backup "foo.txt", first bzip2 it and encrypt w/ my blowfish key.
> 
>  % Then, take the sha1 hash of the bzip'd/encrypted file, and backup
>  foo.txt to remotehost:/some/path/{sha1 hash}.
> 
>  % To avoid too many files in one dir, I may backup
>  b0d0a7da15d5eb94ac76ac4fd81fe6d4fa8e4593 to
>  remotehost:/some/path/b0/d0/a7/b0d0a7da15d5eb94ac76ac4fd81fe6d4fa8e4593
>  for example.
> 
>  % In an SQLite3 db, record the filename I'm backing up, its
>  timestamp, and its bzip'd/encrypted hash. Store an encrypted copy of
>  the db on the remote server.
> 
> I like this plan because it does versioned backups, and doesn't backup
> identical files twice. I dislike it because I lose Mozy's unlimited
> disk space.
> 
> Questions:
> 
>  % Does this plan seem secure and reasonable?
> 
>  % Will backing up the 0-byte file this way make it easy to guess my
>  blowfish key?
> 
>  % Is there software that already does this?
> 
>  % Can this plan be improved?
> 
> 
>  % Does anyone offer unlimited space for Unix backups?
>  (safesnaps.com????)
> 
>  % Any general thoughts/comments on this plan?
> 
> -- 
> We're just a Bunch Of Regular Guys, a collective group that's trying
> to understand and assimilate technology. We feel that resistance to
> new ideas and technology is unwise and ultimately futile.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"