Posted by JohanJentell on Mon 27 Nov 2006 at 06:25
This is an easy way to take backups and putting them on a remote site. I invented this script in order to put backups on a reliable remote site where I unfortunatley only have a user account.
The prerequisites for this script is:
This is the entire script. Everything written in capital letters should be replaced by your own information. If you want an explanation of each section of the script, look a bit further down...
touch /tmp/$datetime chmod 0600 /tmp/$datetime find /var/www/ -name "*.html" -print >> /tmp/$datum touch /tmp/backup_sql_$datetime.sql chmod 0600 /tmp/backup_sql_$datetime.sql mysqldump --databases YOUR_DATABASE_NAME -u YOUR_USERNAME -pYOUR_PASSWORD >> /tmp/backup_sql_$datetime.sql echo /tmp/backup_sql_$datetime.sql >> /tmp/$datetime tar cjfT /tmp/backup_$datetime.tar.bz2 /tmp/$datetime 2> /dev/null echo SECRET_PASSWORD| gpg --batch --yes --passphrase-fd 0 --symmetric --cipher-algo AES256 /tmp/backup_$datetime.tar.bz2 scp -2 -p -B -q /tmp/backup_$datetime.tar.bz2.gpg REMOTE_USERNAME@REMOTE_HOST:REMOTE_FOLDER/ ssh -2 -lREMOTE_USERNAME REMOTE_HOST chmod 0600 REMOTE_FOLDER/backup_$datetime.tar.bz2.gpg rm -f /tmp/$datetime /tmp/backup_sql_$datetime.sql /tmp/backup_$datetime.tar.bz2 /tmp/backup_aik_$datetime.tar.bz2.gpg
Ok here goes for explaining it:
touch /tmp/$datetime chmod 0600 /tmp/$datetimeCreates a timestamp of when the backup is created.
touch /tmp/$datetime chmod 0600 /tmp/$datetimeCreates a file in which to list all files to back up.
find /var/www/ -name "*.html" -print >> /tmp/$datumFinds all .html documents in the /var/www folder and add to the backup-list.
touch /tmp/backup_sql_$datetime.sql chmod 0600 /tmp/backup_sql_$datetime.sql mysqldump --databases YOUR_DATABASE_NAME -u YOUR_USERNAME -pYOUR_PASSWORD >> /tmp/backup_sql_$datetime.sql echo /tmp/backup_sql_$datetime.sql >> /tmp/$datetimeTakes a backup of your mysql database and add to the backup-list.
tar cjfT /tmp/backup_$datetime.tar.bz2 /tmp/$datetime 2> /dev/nullCreates a compressed file of all files in the backup-list using the bz2 algorithm (you might need support for bz2).
echo SECRET_PASSWORD| gpg --batch --yes --passphrase-fd 0 --symmetric --cipher-algo AES256 /tmp/backup_$datetime.tar.bz2Encrypts the compressed file using AES encryption.
scp -2 -p -B -q /tmp/backup_$datetime.tar.bz2.gpg REMOTE_USERNAME@REMOTE_HOST:REMOTE_FOLDER/Copy the encrypted file to a remote location
ssh -2 -lREMOTE_USERNAME REMOTE_HOST chmod 0600 REMOTE_FOLDER/backup_$datetime.tar.bz2.gpgMake sure the remote file does not have any read/write privileges to the backupfile.
rm -f /tmp/$datetime /tmp/backup_sql_$datetime.sql /tmp/backup_$datetime.tar.bz2 /tmp/backup_aik_$datetime.tar.bz2.gpgCleans upp all locally used documents during the backup procedure
The bad things with this script: It will allow anyone with local root privileges to see the passwords you have entered into the script file. It will also reveal MySQL and GPG passwords used if someone is monitoring the processes on the local machine.
The good things: It is darn easy to use. Seen from a remote perspective, it is a very safe way of taking backups. All transmissions are using SSH v2. The remote backup using AES-256 and your choice of a strong password should keep your backups safe from evil decrypters during the next 20 years at least (unless any huge technical breakthrough or exploit found in the encryption algorithm)
Thoughts about the script: All STD Error output from tar is piped to /dev/null. This is only because tar otherwise always outputs "removing leading /", which is good that the program does, but is a bit irritating in your logfiles as it looks as something actually went wrong in the script. There should be a nicer solution to this.
This article can be found online at the Debian Administration website at the following bookmarkable URL:
This article is copyright 2006 JohanJentell - please ask for permission to republish or translate.