maybe fix formatting
[KenyonWiki.git] / Encrypted_backup.mdwn
1 Documentation on my encrypted backup hard drive.
2
3 [[!toc levels=3]]
4
5 ## Hardware
6
7 * [Western Digital My Book Essential 750 GB USB 2.0 Desktop External Hard Drive WDH1U7500N](http://www.amazon.com/gp/product/B000XRI034)
8 * Western Digital's page: <http://wdc.com/en/products/products.asp?driveid=771>
9
10
11     kenyon@grunt ~ !9920 % sudo smartctl --all /dev/sdf
12     smartctl 5.39 2009-12-09 r2995 [x86_64-unknown-linux-gnu] (local build)
13     Copyright (C) 2002-9 by Bruce Allen, http://smartmontools.sourceforge.net
14
15     === START OF INFORMATION SECTION ===
16     Model Family:     Western Digital Caviar Green family
17     Device Model:     WDC WD7500AACS-00D6B1
18     Serial Number:    WD-WCAU42310983
19     Firmware Version: 01.01A01
20     User Capacity:    750,156,374,016 bytes
21     Device is:        In smartctl database [for details use: -P show]
22     ATA Version is:   8
23     ATA Standard is:  Exact ATA specification draft version not indicated
24     Local Time is:    Sun Jan 31 00:46:01 2010 PST
25     SMART support is: Available - device has SMART capability.
26     SMART support is: Enabled
27
28     === START OF READ SMART DATA SECTION ===
29     SMART overall-health self-assessment test result: PASSED
30
31 ## Software
32 * Linux 2.6.32-5-amd64 #1 SMP Wed May 18 23:13:22 UTC 2011 x86_64 GNU/Linux
33 * Debian GNU/Linux squeeze
34 * Important packages: [[!debpkg dmsetup]], [[!debpkg cryptsetup]]
35
36 ### Encryption
37 * cryptsetup 1.1.0-rc2
38
39 I did `sudo modprobe dm-mod dm-crypt aes` and added those modules to `/etc/modules`.
40
41 #### Creation
42     sudo cryptsetup --verbose --verify-passphrase --key-size 256 luksFormat /dev/sdf1
43     sudo cryptsetup --verbose luksOpen /dev/sdf1 bak
44
45 #### Use
46 Added to `/etc/fstab`:
47
48     LABEL=bak       /bak            ext4    user,noatime,noauto 0   0
49
50     sudo cryptsetup --verbose luksOpen /dev/sdf1 bak
51     sudo mount /bak
52
53 Add entry to `/etc/crypttab`:
54
55     bak UUID=4a69dabf-929e-4f71-ab71-a9823c9633a9 none luks,noauto
56
57 After making the `crypttab` entry:
58
59     sudo cryptdisks_start bak && sudo mount /bak
60
61 ### File system
62 #### Creation
63 After `sudo cryptsetup --verbose luksOpen /dev/sdf1 bak`, I did
64
65     sudo mkfs.ext4 -v -L bak /dev/mapper/bak
66
67 #### Disconnecting
68 Before disconnecting the drive from the system, do this:
69
70     sudo umount /bak && sudo cryptdisks_stop bak
71
72 ### Backup
73 Run this script: `$MYGITREPO_DIR/sysadmin/hosts/grunt/external-backup`
74
75     #!/bin/sh
76     if mount -l -v -t ext4 | grep -q '/bak type ext4'
77     then
78         echo "$(date)" >> /data/backups/external-backups.log
79         exec sudo time rsync \
80             --archive \
81             --delete \
82             --delete-excluded \
83             --exclude=/data/backups/hourly.[1-9] \
84             --exclude=/data/backups/daily.* \
85             --exclude=/data/backups/weekly.* \
86             --exclude=/data/backups/monthly.* \
87             --exclude=/dev \
88             --exclude=/media \
89             --exclude=/mnt \
90             --exclude=/proc \
91             --exclude=/sys \
92             --exclude=/tmp \
93             --exclude=.cache \
94             --exclude=.ccache \
95             --exclude=Cache \
96             --exclude=lost+found \
97             --exclude=/var/cache \
98             --exclude=/var/db/ccache \
99             --exclude=/var/tmp \
100             --fuzzy \
101             --hard-links \
102             --human-readable \
103             --ignore-errors \
104             --progress \
105             --relative \
106             --sparse \
107             --stats \
108             --verbose \
109             /boot \
110             /etc \
111             /lib \
112             /opt \
113             /raptor \
114             /root \
115             /var \
116             /data \
117             /bak/grunt
118     else
119         echo 'bak seems to not be mounted.'
120         exit 1
121     fi
122
123 ## References
124 * cryptsetup, luks: <http://code.google.com/p/cryptsetup/>
125 * <http://www.debian-administration.org/article/Encrypting_an_existing_Debian_lenny_installation>
126 * <http://madduck.net/docs/cryptdisk/>
127
128 [[!tag Debian Linux]]