Kenyon Ralph/ Encrypted backup

Documentation on my encrypted backup hard drive.

  1. Hardware
  2. Software
    1. Encryption
      1. Creation
      2. Use
    2. File system
      1. Creation
      2. Disconnecting
    3. Backup
  3. References

Hardware

  • Western Digital My Book Essential 750 GB USB 2.0 Desktop External Hard Drive WDH1U7500N

  • Western Digital's page: http://wdc.com/en/products/products.asp?driveid=771

    kenyon@grunt ~ !9920 % sudo smartctl --all /dev/sdf smartctl 5.39 2009-12-09 r2995 [x86_64-unknown-linux-gnu] (local build) Copyright (C) 2002-9 by Bruce Allen, http://smartmontools.sourceforge.net

    === START OF INFORMATION SECTION === Model Family: Western Digital Caviar Green family Device Model: WDC WD7500AACS-00D6B1 Serial Number: WD-WCAU42310983 Firmware Version: 01.01A01 User Capacity: 750,156,374,016 bytes Device is: In smartctl database [for details use: -P show] ATA Version is: 8 ATA Standard is: Exact ATA specification draft version not indicated Local Time is: Sun Jan 31 00:46:01 2010 PST SMART support is: Available - device has SMART capability. SMART support is: Enabled

    === START OF READ SMART DATA SECTION === SMART overall-health self-assessment test result: PASSED

Software

  • Linux 2.6.32-5-amd64 #1 SMP Wed May 18 23:13:22 UTC 2011 x86_64 GNU/Linux
  • Debian GNU/Linux squeeze
  • Important packages: dmsetup, cryptsetup

Encryption

  • cryptsetup 1.1.0-rc2

I did sudo modprobe dm-mod dm-crypt aes and added those modules to /etc/modules.

Creation

sudo cryptsetup --verbose --verify-passphrase --key-size 256 luksFormat /dev/sdf1
sudo cryptsetup --verbose luksOpen /dev/sdf1 bak

Use

Added to /etc/fstab:

LABEL=bak       /bak            ext4    user,noatime,noauto 0   0

sudo cryptsetup --verbose luksOpen /dev/sdf1 bak
sudo mount /bak

Add entry to /etc/crypttab:

bak UUID=4a69dabf-929e-4f71-ab71-a9823c9633a9 none luks,noauto

After making the crypttab entry:

sudo cryptdisks_start bak && sudo mount /bak

File system

Creation

After sudo cryptsetup --verbose luksOpen /dev/sdf1 bak, I did

sudo mkfs.ext4 -v -L bak /dev/mapper/bak

Disconnecting

Before disconnecting the drive from the system, do this:

sudo umount /bak && sudo cryptdisks_stop bak

Backup

Run this script: $MYGITREPO_DIR/sysadmin/hosts/grunt/external-backup

#!/bin/sh
if mount -l -v -t ext4 | grep -q '/bak type ext4'
then
    echo "$(date)" >> /data/backups/external-backups.log
    exec sudo time rsync \
        --archive \
        --delete \
        --delete-excluded \
        --exclude=/data/backups/hourly.[1-9] \
        --exclude=/data/backups/daily.* \
        --exclude=/data/backups/weekly.* \
        --exclude=/data/backups/monthly.* \
        --exclude=/dev \
        --exclude=/media \
        --exclude=/mnt \
        --exclude=/proc \
        --exclude=/sys \
        --exclude=/tmp \
        --exclude=.cache \
        --exclude=.ccache \
        --exclude=Cache \
        --exclude=lost+found \
        --exclude=/var/cache \
        --exclude=/var/db/ccache \
        --exclude=/var/tmp \
        --fuzzy \
        --hard-links \
        --human-readable \
        --ignore-errors \
        --progress \
        --relative \
        --sparse \
        --stats \
        --verbose \
        /boot \
        /etc \
        /lib \
        /opt \
        /raptor \
        /root \
        /var \
        /data \
        /bak/grunt
else
    echo 'bak seems to not be mounted.'
    exit 1
fi

References