nope, formatting this codeblock is buggy
[KenyonWiki.git] / Encrypted_backup.mdwn
1 Documentation on my encrypted backup hard drive.
2
3 [[!toc levels=3]]
4
5 ## Hardware
6 * [Western Digital My Book Essential 750 GB USB 2.0 Desktop External Hard Drive WDH1U7500N](http://www.amazon.com/gp/product/B000XRI034)
7 * Western Digital's page: <http://wdc.com/en/products/products.asp?driveid=771>
8
9     kenyon@grunt ~ !9920 % sudo smartctl --all /dev/sdf
10     smartctl 5.39 2009-12-09 r2995 [x86_64-unknown-linux-gnu] (local build)
11     Copyright (C) 2002-9 by Bruce Allen, http://smartmontools.sourceforge.net
12
13     === START OF INFORMATION SECTION ===
14     Model Family:     Western Digital Caviar Green family
15     Device Model:     WDC WD7500AACS-00D6B1
16     Serial Number:    WD-WCAU42310983
17     Firmware Version: 01.01A01
18     User Capacity:    750,156,374,016 bytes
19     Device is:        In smartctl database [for details use: -P show]
20     ATA Version is:   8
21     ATA Standard is:  Exact ATA specification draft version not indicated
22     Local Time is:    Sun Jan 31 00:46:01 2010 PST
23     SMART support is: Available - device has SMART capability.
24     SMART support is: Enabled
25
26     === START OF READ SMART DATA SECTION ===
27     SMART overall-health self-assessment test result: PASSED
28
29 ## Software
30 * Linux 2.6.32-5-amd64 #1 SMP Wed May 18 23:13:22 UTC 2011 x86_64 GNU/Linux
31 * Debian GNU/Linux squeeze
32 * Important packages: [[!debpkg dmsetup]], [[!debpkg cryptsetup]]
33
34 ### Encryption
35 * cryptsetup 1.1.0-rc2
36
37 I did `sudo modprobe dm-mod dm-crypt aes` and added those modules to `/etc/modules`.
38
39 #### Creation
40     sudo cryptsetup --verbose --verify-passphrase --key-size 256 luksFormat /dev/sdf1
41     sudo cryptsetup --verbose luksOpen /dev/sdf1 bak
42
43 #### Use
44 Added to `/etc/fstab`:
45
46     LABEL=bak       /bak            ext4    user,noatime,noauto 0   0
47
48     sudo cryptsetup --verbose luksOpen /dev/sdf1 bak
49     sudo mount /bak
50
51 Add entry to `/etc/crypttab`:
52
53     bak UUID=4a69dabf-929e-4f71-ab71-a9823c9633a9 none luks,noauto
54
55 After making the `crypttab` entry:
56
57     sudo cryptdisks_start bak && sudo mount /bak
58
59 ### File system
60 #### Creation
61 After `sudo cryptsetup --verbose luksOpen /dev/sdf1 bak`, I did
62
63     sudo mkfs.ext4 -v -L bak /dev/mapper/bak
64
65 #### Disconnecting
66 Before disconnecting the drive from the system, do this:
67
68     sudo umount /bak && sudo cryptdisks_stop bak
69
70 ### Backup
71 Run this script: `$MYGITREPO_DIR/sysadmin/hosts/grunt/external-backup`
72
73     #!/bin/sh
74     if mount -l -v -t ext4 | grep -q '/bak type ext4'
75     then
76         echo "$(date)" >> /data/backups/external-backups.log
77         exec sudo time rsync \
78             --archive \
79             --delete \
80             --delete-excluded \
81             --exclude=/data/backups/hourly.[1-9] \
82             --exclude=/data/backups/daily.* \
83             --exclude=/data/backups/weekly.* \
84             --exclude=/data/backups/monthly.* \
85             --exclude=/dev \
86             --exclude=/media \
87             --exclude=/mnt \
88             --exclude=/proc \
89             --exclude=/sys \
90             --exclude=/tmp \
91             --exclude=.cache \
92             --exclude=.ccache \
93             --exclude=Cache \
94             --exclude=lost+found \
95             --exclude=/var/cache \
96             --exclude=/var/db/ccache \
97             --exclude=/var/tmp \
98             --fuzzy \
99             --hard-links \
100             --human-readable \
101             --ignore-errors \
102             --progress \
103             --relative \
104             --sparse \
105             --stats \
106             --verbose \
107             /boot \
108             /etc \
109             /lib \
110             /opt \
111             /raptor \
112             /root \
113             /var \
114             /data \
115             /bak/grunt
116     else
117         echo 'bak seems to not be mounted.'
118         exit 1
119     fi
120
121 ## References
122 * cryptsetup, luks: <http://code.google.com/p/cryptsetup/>
123 * <http://www.debian-administration.org/article/Encrypting_an_existing_Debian_lenny_installation>
124 * <http://madduck.net/docs/cryptdisk/>
125
126 [[!tag Debian Linux]]