Submitted by arjones85 on Mon, 05/30/2011 - 13:19
Hi all,
I just wanted to check on the status of my feature request a while back about encrypting backups before they are uploaded offsite. Just curious if this has made it to the table yet to be considered?
Status:
Active
Comments
Submitted by JamieCameron on Mon, 05/30/2011 - 13:28 Comment #1
Sorry, no .. we don't have any support for backup encryption yet.
The best way to do it right now would be to have Virtualmin backup to a local directory, and then write a post-backup script that does the encryption and then uploads to the remote destination.
Submitted by JamieCameron on Tue, 06/14/2011 - 11:25 Comment #3
We haven't done any work on it yet ..
Submitted by arjones85 on Sat, 06/25/2011 - 12:33 Comment #4
Hey Jamie,
I went ahead and wrote my own bash script that does it. I changed the backups to write to a local folder, then to call this script with either "full" or "incremental" after the backups are finished depending on which backup ran. It creates a tar of the whole folder, and uses standard GPG keys to encrypt the tar file. It then does an md5sum check between the local backup and the offsite backup it uploaded, deletes the local copies, and also deletes any files older than 7 days on the offsite location.
Works great for what I specifically need. Feel free to adopt it to add this feature if you think itll be helpful :-)
Note that you will more than likely need to edit the fields that are being gawked out for the remote backup server, as the server I use for remote backups is running freebsd, and the "md5" command spits back different fields than Redhat's md5sum.
#!/bin/bash
today=`date +%Y-%m-%d`
fullpath="/root/backup/full"
incrementalpath="/root/backup/incremental"
if [ "$1" == "full" ]
then
tar -cvf /root/$today-full.tar $fullpath
mv /root/$today-full.tar $fullpath/$today-full.tar
if [ $? -eq 0 ]
then
gpg -r keyname --output $fullpath/$today-full.tar.enc --encrypt $fullpath/$today-full.tar
md5=`md5sum $fullpath/$today-full.tar.enc | gawk '{print $1}'`
scp $fullpath/$today-full.tar.enc username@backup.server.com:/usr/home/username/backup/full/
md5up=`ssh username@backup.server.com "md5 /usr/home/username/backup/full/'$today'-full.tar.enc" | gawk '{print $4}'`
if [ "$md5" != "$md5up" ]
then
echo "$today-full.tar.enc failed md5 check" | /bin/mail -s "Server Backup Failure" "alert@email.com"
else
ssh username@backup.server.com 'find /usr/home/username/backup/full/ -type f -mtime +7 -delete'
rm -f /root/backup/full/*
fi
else
echo "$today-full.tar.enc failed tar creation" | /bin/mail -s "Server Backup Failure" "alert@email.com"
fi
fi
if [ "$1" == "incremental" ]
then
tar -cvf /root/$today-incremental.tar $incrementalpath
mv /root/$today-incremental.tar $incrementalpath/$today-incremental.tar
if [ $? -eq 0 ]
then
gpg -r keyname --output $incrementalpath/$today-incremental.tar.enc --encrypt $incrementalpath/$today-incremental.tar
md5=`md5sum $incrementalpath/$today-incremental.tar.enc | gawk '{print $1}'`
scp $incrementalpath/$today-incremental.tar.enc username@backup.server.com:/usr/home/username/backup/incremental/
md5up=`ssh username@backup.server.com "md5 /usr/home/username/backup/incremental/'$today'-incremental.tar.enc" | gawk '{print $4}'`
if [ "$md5" != "$md5up" ]
then
echo "$today-incremental.tar.enc failed md5 check" | /bin/mail -s "Server Backup Failure" "alert@email.com"
else
ssh username@backup.server.com 'find /usr/home/username/backup/incremental/ -type f -mtime +7 -delete'
rm -f /root/backup/incremental/*
fi
else
echo "$today-incremental.tar.enc failed tar creation" | /bin/mail -s "Server Backup Failure" "alert@email.com"
fi
fi
Submitted by helpmin on Sat, 06/25/2011 - 12:26 Comment #5
Did you also look at the duply/duplicity combo?
Submitted by arjones85 on Sat, 06/25/2011 - 12:34 Comment #6
I've never heard of duply. I just decided to roll my own :-)
Submitted by bigwombat on Sun, 06/26/2011 - 01:14 Comment #7
It would be an awesome feature if Virtualmin did this out of the box :)