heiko-barth.de

// Backup verschlüsselt auf FTP-Server speichern

Viele Hosting-Anbieter stellen kostenlosen FTP-Backupspace zur Verfügung. Da die Daten bei FTP unverschlüsselt übertragen und später gespeichert werden, sollte jeder sicherheitsbewusste Admin seine Backups vorher verschlüsseln. Ich habe da mal etwas vorbereitet 8-)

Benötigte Pakete:

  • openssl
  • pv
  • ncftp

Installation unter Debian

aptitude install openssl pv ncftp

Beispiel

dev:~$ ftpbackup backup.gz

BASH Skript

ftpbackup
#!/bin/bash
 
# FTP Login
HOST='ftp.example.com'
PORT='21'
USER='foo'
PASS='bar'
 
# Encryption
ENCKEY='!! CHANGE-ME !!'
DIGEST='sha256'
CIPHER='aes-256-cbc'
SUFFIX='.enc'
 
if [ $# -lt 1 ]; then
        echo -e "Encrypt and upload a file to ftp://$HOST\n" >&2
        echo -e "Usage: $(basename "$0") <file>\n" >&2
        exit 1
fi
 
if [ ! -f "$1" ]; then
        echo -e "Error: File '$1' not found.\n" >&2
        exit 1
fi
 
checkBinarys() {
        BINS=("$@")
        for BIN in "${BINS[@]}"; do
                hash $BIN 2>/dev/null || {
                        echo -e "Error: Binary '$BIN' is missing.\n" >&2
                        exit 1
                }
        done
}
 
# Check if all needed binarys are present
checkBinarys "openssl" "pv" "ncftpput"
 
# Encrypt & Upload
openssl "$CIPHER" -salt -md "$DIGEST" -k "$ENCKEY" -in "$1"             |
pv -bper -s $(stat -c%s "$1")                                           |
ncftpput -c -r 1 -u "$USER" -p "$PASS" -P $PORT "$HOST" /"$1$SUFFIX"    || {
        echo -e "\nError: Upload failed.\n" >&2
        exit 1
}

Backup wieder entschlüsseln

dev:~$ openssl aes-256-cbc -d -salt -md sha256 -k '!! CHANGE-ME !!' -in backup.gz.enc -out backup.gz

Leave a comment…



   __ __   ___   _____  ____ __  __  __  __  ____ 
  / //_/  / _ ) / ___/ /_  / \ \/ / / / / / / __ \
 / ,<    / _  |/ /__    / /_  \  / / /_/ / / /_/ /
/_/|_|  /____/ \___/   /___/  /_/  \____/  \____/
  • E-Mail address will not be published.
  • Formatting:
    //italic//  __underlined__
    **bold**  ''preformatted''
  • Links:
    [[http://example.com]]
    [[http://example.com|Link Text]]
  • Quotation:
    > This is a quote. Don't forget the space in front of the text: "> "
  • Code:
    <code>This is unspecific source code</code>
    <code [lang]>This is specifc [lang] code</code>
    <code php><?php echo 'example'; ?></code>
    Available: html, css, javascript, bash, cpp, …
  • Lists:
    Indent your text by two spaces and use a * for
    each unordered list item or a - for ordered ones.
Web 2.0



RSS   RSS abonieren

Github   Github
QR Code