[geeks] security-conscious backup
Geoffrey S. Mendelson
gsm at mendelson.com
Wed Jul 27 12:00:31 CDT 2005
On Wed, Jul 27, 2005 at 12:21:44PM -0400, Patrick Giagnocavo 717-201-3366 wrote:
> Does anyone have suggestions for this scenario?
> I have a customer who does tax-related work for his clients. He wants
> to backup over the internet to a Solaris 10 machine I have.
> The files he places on my system should not be accessed by anyone
> other than him (i.e. not even root should have the ability to decrypt
> and read the files). His machines are all Windows and I want to avoid
> having him buy a lowend Linux machine (which he would backup to, then a
> cron script would encrypt and upload).
How much space does the files he has take up?
Lets assume it's relatively small or you would not want to do it
over the internet, say 1,000 files of 10 meg each.
IMHO the best way to do it is to install Microsoft Services for UNIX (SFU).
It's a free product. Then you set up a cron job that every so often gathers
changed files (by date and time) and makes a copy of them on a staging disk.
The file should be encrypted on the fly as in
for example if you want to do all the files in a directory that have been
changed in the last 24 hours:
find <sourcedirectory> -exec cat {} \| openssl enc -des3 -k <keyfile>
\| gzip -c -9 > /backupdirectory/{} \;
rsync........
line split after <keyfile> for readability
The order was picked so that you could use standard gzip tools on the files
without have the ability to read them.
Geoff.
--
Geoffrey S. Mendelson, Jerusalem, Israel gsm at mendelson.com N3OWJ/4X1GM
IL Voice: (077)-424-1667 IL Fax: 972-2-648-1443 U.S. Voice: 1-215-821-1838
VoN Skype: mendelsonfamily. Looking for work as a CTO or consultant in
handheld gaming, large systems development, handheld device construction, etc.
Support amateur (ham) radio, boycott Google!!!
More information about the geeks
mailing list