remove moinmoin header formatting that I missed
[KenyonWiki.git] / Encrypted_backup.mdwn
1 Documentation on my encrypted backup hard drive.
2
3 [[!toc levels=3]]
4
5 ## Hardware
6
7 * [Western Digital My Book Essential 750 GB USB 2.0 Desktop External Hard Drive WDH1U7500N](http://www.amazon.com/gp/product/B000XRI034)
8 * Western Digital's page: <http://wdc.com/en/products/products.asp?driveid=771>
9
10     kenyon@grunt ~ !9920 % sudo smartctl --all /dev/sdf
11     smartctl 5.39 2009-12-09 r2995 [x86_64-unknown-linux-gnu] (local build)
12     Copyright (C) 2002-9 by Bruce Allen, http://smartmontools.sourceforge.net
13
14     === START OF INFORMATION SECTION ===
15     Model Family:     Western Digital Caviar Green family
16     Device Model:     WDC WD7500AACS-00D6B1
17     Serial Number:    WD-WCAU42310983
18     Firmware Version: 01.01A01
19     User Capacity:    750,156,374,016 bytes
20     Device is:        In smartctl database [for details use: -P show]
21     ATA Version is:   8
22     ATA Standard is:  Exact ATA specification draft version not indicated
23     Local Time is:    Sun Jan 31 00:46:01 2010 PST
24     SMART support is: Available - device has SMART capability.
25     SMART support is: Enabled
26
27     === START OF READ SMART DATA SECTION ===
28     SMART overall-health self-assessment test result: PASSED
29
30 ## Software
31 * Linux 2.6.32-5-amd64 #1 SMP Wed May 18 23:13:22 UTC 2011 x86_64 GNU/Linux
32 * Debian GNU/Linux squeeze
33 * Important packages: [[!debpkg dmsetup]], [[!debpkg cryptsetup]]
34
35 ### Encryption
36 * cryptsetup 1.1.0-rc2
37
38 I did `sudo modprobe dm-mod dm-crypt aes` and added those modules to `/etc/modules`.
39
40 #### Creation
41     sudo cryptsetup --verbose --verify-passphrase --key-size 256 luksFormat /dev/sdf1
42     sudo cryptsetup --verbose luksOpen /dev/sdf1 bak
43
44 #### Use
45 Added to `/etc/fstab`:
46
47     LABEL=bak       /bak            ext4    user,noatime,noauto 0   0
48
49     sudo cryptsetup --verbose luksOpen /dev/sdf1 bak
50     sudo mount /bak
51
52 Add entry to `/etc/crypttab`:
53
54     bak UUID=4a69dabf-929e-4f71-ab71-a9823c9633a9 none luks,noauto
55
56 After making the `crypttab` entry:
57
58     sudo cryptdisks_start bak && sudo mount /bak
59
60 ### File system
61 #### Creation
62 After `sudo cryptsetup --verbose luksOpen /dev/sdf1 bak`, I did
63
64     sudo mkfs.ext4 -v -L bak /dev/mapper/bak
65
66 #### Disconnecting
67 Before disconnecting the drive from the system, do this:
68
69     sudo umount /bak && sudo cryptdisks_stop bak
70
71 ### Backup
72 Run this script: `$MYGITREPO_DIR/sysadmin/hosts/grunt/external-backup`
73
74     #!/bin/sh
75     if mount -l -v -t ext4 | grep -q '/bak type ext4'
76     then
77         echo "$(date)" >> /data/backups/external-backups.log
78         exec sudo time rsync \
79             --archive \
80             --delete \
81             --delete-excluded \
82             --exclude=/data/backups/hourly.[1-9] \
83             --exclude=/data/backups/daily.* \
84             --exclude=/data/backups/weekly.* \
85             --exclude=/data/backups/monthly.* \
86             --exclude=/dev \
87             --exclude=/media \
88             --exclude=/mnt \
89             --exclude=/proc \
90             --exclude=/sys \
91             --exclude=/tmp \
92             --exclude=.cache \
93             --exclude=.ccache \
94             --exclude=Cache \
95             --exclude=lost+found \
96             --exclude=/var/cache \
97             --exclude=/var/db/ccache \
98             --exclude=/var/tmp \
99             --fuzzy \
100             --hard-links \
101             --human-readable \
102             --ignore-errors \
103             --progress \
104             --relative \
105             --sparse \
106             --stats \
107             --verbose \
108             /boot \
109             /etc \
110             /lib \
111             /opt \
112             /raptor \
113             /root \
114             /var \
115             /data \
116             /bak/grunt
117     else
118         echo 'bak seems to not be mounted.'
119         exit 1
120     fi
121
122 ## References
123 * cryptsetup, luks: <http://code.google.com/p/cryptsetup/>
124 * <http://www.debian-administration.org/article/Encrypting_an_existing_Debian_lenny_installation>
125 * <http://madduck.net/docs/cryptdisk/>
126
127 [[!tag Debian Linux]]