add encrypted backup hard drive page
authorKenyon Ralph <kenyon@kenyonralph.com>
Sat, 25 Jun 2011 08:01:57 +0000 (01:01 -0700)
committerKenyon Ralph <kenyon@kenyonralph.com>
Sat, 25 Jun 2011 08:01:57 +0000 (01:01 -0700)
Encrypted_backup.mdwn [new file with mode: 0644]

diff --git a/Encrypted_backup.mdwn b/Encrypted_backup.mdwn
new file mode 100644 (file)
index 0000000..13ff9e2
--- /dev/null
@@ -0,0 +1,127 @@
+Documentation on my encrypted backup hard drive.
+
+[[!toc levels=3]]
+
+## Hardware
+
+* [Western Digital My Book Essential 750 GB USB 2.0 Desktop External Hard Drive WDH1U7500N](http://www.amazon.com/gp/product/B000XRI034)
+* Western Digital's page: <http://wdc.com/en/products/products.asp?driveid=771>
+
+    kenyon@grunt ~ !9920 % sudo smartctl --all /dev/sdf
+    smartctl 5.39 2009-12-09 r2995 [x86_64-unknown-linux-gnu] (local build)
+    Copyright (C) 2002-9 by Bruce Allen, http://smartmontools.sourceforge.net
+
+    === START OF INFORMATION SECTION ===
+    Model Family:     Western Digital Caviar Green family
+    Device Model:     WDC WD7500AACS-00D6B1
+    Serial Number:    WD-WCAU42310983
+    Firmware Version: 01.01A01
+    User Capacity:    750,156,374,016 bytes
+    Device is:        In smartctl database [for details use: -P show]
+    ATA Version is:   8
+    ATA Standard is:  Exact ATA specification draft version not indicated
+    Local Time is:    Sun Jan 31 00:46:01 2010 PST
+    SMART support is: Available - device has SMART capability.
+    SMART support is: Enabled
+
+    === START OF READ SMART DATA SECTION ===
+    SMART overall-health self-assessment test result: PASSED
+
+## Software
+* Linux 2.6.32-5-amd64 #1 SMP Wed May 18 23:13:22 UTC 2011 x86_64 GNU/Linux
+* Debian GNU/Linux squeeze
+* Important packages: [[!debpkg dmsetup]], [[!debpkg cryptsetup]]
+
+### Encryption
+* cryptsetup 1.1.0-rc2
+
+I did `sudo modprobe dm-mod dm-crypt aes` and added those modules to `/etc/modules`.
+
+#### Creation ===
+    sudo cryptsetup --verbose --verify-passphrase --key-size 256 luksFormat /dev/sdf1
+    sudo cryptsetup --verbose luksOpen /dev/sdf1 bak
+
+#### Use ===
+Added to `/etc/fstab`:
+
+    LABEL=bak       /bak            ext4    user,noatime,noauto 0   0
+
+    sudo cryptsetup --verbose luksOpen /dev/sdf1 bak
+    sudo mount /bak
+
+Add entry to `/etc/crypttab`:
+
+    bak UUID=4a69dabf-929e-4f71-ab71-a9823c9633a9 none luks,noauto
+
+After making the `crypttab` entry:
+
+    sudo cryptdisks_start bak && sudo mount /bak
+
+### File system
+#### Creation ===
+After `sudo cryptsetup --verbose luksOpen /dev/sdf1 bak`, I did
+
+    sudo mkfs.ext4 -v -L bak /dev/mapper/bak
+
+#### Disconnecting ===
+Before disconnecting the drive from the system, do this:
+
+    sudo umount /bak && sudo cryptdisks_stop bak
+
+### Backup
+Run this script: `$MYGITREPO_DIR/sysadmin/hosts/grunt/external-backup`
+
+    #!/bin/sh
+    if mount -l -v -t ext4 | grep -q '/bak type ext4'
+    then
+        echo "$(date)" >> /data/backups/external-backups.log
+        exec sudo time rsync \
+            --archive \
+            --delete \
+            --delete-excluded \
+            --exclude=/data/backups/hourly.[1-9] \
+            --exclude=/data/backups/daily.* \
+            --exclude=/data/backups/weekly.* \
+            --exclude=/data/backups/monthly.* \
+            --exclude=/dev \
+            --exclude=/media \
+            --exclude=/mnt \
+            --exclude=/proc \
+            --exclude=/sys \
+            --exclude=/tmp \
+            --exclude=.cache \
+            --exclude=.ccache \
+            --exclude=Cache \
+            --exclude=lost+found \
+            --exclude=/var/cache \
+            --exclude=/var/db/ccache \
+            --exclude=/var/tmp \
+            --fuzzy \
+            --hard-links \
+            --human-readable \
+            --ignore-errors \
+            --progress \
+            --relative \
+            --sparse \
+            --stats \
+            --verbose \
+            /boot \
+            /etc \
+            /lib \
+            /opt \
+            /raptor \
+            /root \
+            /var \
+            /data \
+            /bak/grunt
+    else
+        echo 'bak seems to not be mounted.'
+        exit 1
+    fi
+
+## References
+* cryptsetup, luks: <http://code.google.com/p/cryptsetup/>
+* <http://www.debian-administration.org/article/Encrypting_an_existing_Debian_lenny_installation>
+* <http://madduck.net/docs/cryptdisk/>
+
+[[!tag Debian Linux]]