[geeks] security-conscious backup
Phil Stracchino
phil.stracchino at speakeasy.net
Wed Jul 27 16:02:59 CDT 2005
Jonathan C. Patschke wrote:
> On Wed, 27 Jul 2005, Geoffrey S. Mendelson wrote:
>
>
>>find <sourcedirectory> -exec cat {} \| openssl enc -des3 -k <keyfile>
>> \| gzip -c -9 > /backupdirectory/{} \;
>
>
> You'd probably want to compress before you encrypt, as encrypted data
> doesn't tend to squish well. Alternately, he could script something
> like WinRAR, which supposedly has pretty decent encryption and
> understands compression innately.
<shameless_plug>
Bacula, the open-source backup project I'm working on, is about to
release v1.38.0. Bacula supports Win32 clients, and starting with
v1.38, its Windows client has VSS support (thus, can back up open files
on Windows clients, including the registry) and all three daemons have
TLS support (thus all traffic between clients and servers is encrypted).
The only piece of the security picture missing is encryption of
backed-up data on the backup storage medium, which is about to be
addressed by the just-started Bacula-encryption project.
In other words, not only will Bacula very shortly be able to do
everything wanted here, but it'll do it for free.
Sites: http://www.bacula.org, http://sourceforge.net/projects/bacula
</plug>
Side note: We just learned yesterday our largest-known-to-date adopter
now has over 2,300 Bacula clients being backed up under the control of
350 directors. (Normally, that many director machines wouldn't be
required, but his company apparently has a very strangely segmented
network.)
--
Phil Stracchino phil.stracchino at speakeasy.net
Renaissance Man, Unix generalist, Perl hacker
Mobile: 603-216-7037 Landline: 603-886-3518
More information about the geeks
mailing list