2014-02-28 // Backup verschlüsselt auf FTP-Server speichern
Viele Hosting-Anbieter stellen kostenlosen FTP-Backupspace zur Verfügung. Da die Daten bei FTP unverschlüsselt übertragen und später gespeichert werden, sollte jeder sicherheitsbewusste Admin seine Backups vorher verschlüsseln. Ich habe da mal etwas vorbereitet
Benötigte Pakete:
openssl
pv
ncftp
Installation unter Debian
aptitude install openssl pv ncftp
Beispiel
dev:~$ ftpbackup backup.gz
BASH Skript
- ftpbackup
#!/bin/bash # FTP Login HOST='ftp.example.com' PORT='21' USER='foo' PASS='bar' # Encryption ENCKEY='!! CHANGE-ME !!' DIGEST='sha256' CIPHER='aes-256-cbc' SUFFIX='.enc' if [ $# -lt 1 ]; then echo -e "Encrypt and upload a file to ftp://$HOST\n" >&2 echo -e "Usage: $(basename "$0") <file>\n" >&2 exit 1 fi if [ ! -f "$1" ]; then echo -e "Error: File '$1' not found.\n" >&2 exit 1 fi checkBinarys() { BINS=("$@") for BIN in "${BINS[@]}"; do hash $BIN 2>/dev/null || { echo -e "Error: Binary '$BIN' is missing.\n" >&2 exit 1 } done } # Check if all needed binarys are present checkBinarys "openssl" "pv" "ncftpput" # Encrypt & Upload openssl "$CIPHER" -salt -md "$DIGEST" -k "$ENCKEY" -in "$1" | pv -bper -s $(stat -c%s "$1") | ncftpput -c -r 1 -u "$USER" -p "$PASS" -P $PORT "$HOST" /"$1$SUFFIX" || { echo -e "\nError: Upload failed.\n" >&2 exit 1 }
Backup wieder entschlüsseln
dev:~$ openssl aes-256-cbc -d -salt -md sha256 -k '!! CHANGE-ME !!' -in backup.gz.enc -out backup.gz
2014-01-17 // Freitag
How the NSA betrayed the world's trust - time to act
Great talk from Mikko!