Backing up FreeBSD and other Unix systems securely
Jerry McAllister
jerrymc at msu.edu
Mon May 18 13:58:37 UTC 2009
On Sun, May 17, 2009 at 09:12:57AM -0700, Kelly Jones wrote:
> I tried using Mozy for backups because they offer unlimited space, but
> 1) they don't support FreeBSD, 2) they encrypt file contents, but NOT
> file names, and 3) they don't do true versioned backups. Easy
> workaround for 1): rsync to a Mac/Windows and backup from there, but
> 2) and 3) are more difficult.
Is there any possibility of using your own media locally - such as
tape or a large USB attached disk? If security is such a primary
concern, I can't see sending the data to that type of offsite thing.
Get a couple of large USB SATAs and use dump(8) to back the stuff up
on them. Write them encrypted if you need.
////jerry
>
> My plan:
>
> % Use "dd if=/dev/random of=mykey" to create a random blowfish key
>
> % Blowfish encrypt mykey with a passphrase only I know. Backup the
> encrypted blowfish key to a remote host.
>
> % Keep track of when I last ran the backup program ("touch
> /some/path/timestamp" at start of run) and only backup files that've
> been modified more recently ("find / -newer /some/path/timestamp").
>
> % To backup "foo.txt", first bzip2 it and encrypt w/ my blowfish key.
>
> % Then, take the sha1 hash of the bzip'd/encrypted file, and backup
> foo.txt to remotehost:/some/path/{sha1 hash}.
>
> % To avoid too many files in one dir, I may backup
> b0d0a7da15d5eb94ac76ac4fd81fe6d4fa8e4593 to
> remotehost:/some/path/b0/d0/a7/b0d0a7da15d5eb94ac76ac4fd81fe6d4fa8e4593
> for example.
>
> % In an SQLite3 db, record the filename I'm backing up, its
> timestamp, and its bzip'd/encrypted hash. Store an encrypted copy of
> the db on the remote server.
>
> I like this plan because it does versioned backups, and doesn't backup
> identical files twice. I dislike it because I lose Mozy's unlimited
> disk space.
>
> Questions:
>
> % Does this plan seem secure and reasonable?
>
> % Will backing up the 0-byte file this way make it easy to guess my
> blowfish key?
>
> % Is there software that already does this?
>
> % Can this plan be improved?
>
>
> % Does anyone offer unlimited space for Unix backups?
> (safesnaps.com????)
>
> % Any general thoughts/comments on this plan?
>
> --
> We're just a Bunch Of Regular Guys, a collective group that's trying
> to understand and assimilate technology. We feel that resistance to
> new ideas and technology is unwise and ultimately futile.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list