On Sun, 2004-05-09 at 16:05 -0300, Julian Monteiro wrote: > Hello, > > Some weeks ago I've found this project: > http://www.miek.nl/projects/hdup/hdup.shtml > Is very simple (compared to Amanda and others), and support encryption and remote backup. > > Or look at this site: > http://www.linux-backup.net/App/ > I agree, hdup is very nice. I started using it when mcrypt was a pain to track down and install. These days you can use gpg, which is a standard package and works even better. It can use ssh to transport it across the network securely and gpg to encrypt it for storage on disk without worries someone will break into the backup server and have access to all the data. One thing I figured out is if someone breaks into the server that is doing the backup they can also login via ssh(dsa key auth) and delete the backup files. So it is best to make the files immutable. Another option might be to change the ownership of the files then set the sticky bit on the directory so the user can't overwrite the ownership of the file by owning the directory. If using mcrypt, be sure to backup your encryption keys. If using gpg, don't create the keys on the server. Create them on another machine and transport in the public key only. That way if someone breaks into the machine they can't go to the backup server and read the backups by decrypting. Plus there is no way to recover the secret keys from disk if they were never there. /etc/crontab: # Backup mass chattr +i 0 9 1-31 * * root /usr/local/sbin/bchattr /home nc /usr/local/sbin/bchattr: #!/bin/bash /usr/bin/find $1 -type f -name "*.$2" | /usr/bin/xargs -i /usr/bin/chattr +i {}
