Creating encrypted backups of linux systems

Creating encrypted backups of linux systems

I recently bough myself a new external USB hard drive to hold backups of my laptop and one of my desktop computers running Ubuntu and Fedora, respectively. I wanted to run encrypted backups of both computers individually, so that they were protected by separate key phrases.

After reading up on a few different solutions, I came across two great tools for this purpose:

  • “encfs” to create encrypted folders
  • “rdiff-backup” to create the backups

These steps briefly sum up how I got things up and running:

  1. Create a new file system (ext3) on the (external) hard drive
  2. Create the virtual encrypted file system on the hard drive
  3. Mount the encrypted file system
  4. Create the backup, using the encrypted file system as destination

Now, let’s look into the details. When I first plugged the external drive on to my system, it used “mount” to check where it was mounted, and made sure to unmount it before creating the new file system:

Next I created the ext3 file system:

To install the encfs utility I issued this command on my Fedora box, but the apt-get equivalent on the Ubuntu box:

Before writing to the external disk I had to mount it, just like a regular file system:

To load the appropriate kernel module I issued the familiar modprobe command:

Next came the cool part. What happens here is that encfs creates the encrypted folder /mnt/external-drive/encrypted-desktop-backup, and mounts it non-encrypted on /home/kenneho/encrypted-drive:

So in order to add files to the encrypted directory, I simply copy files or folders to the mount point just like I would any other directory. Let’s do just that, but first verify that the folder indeed is mounted:

Now that I’ve made sure the encrypted directory is mounted, I add a file to it and see what happens:

The file I copied to the mounted folder appears encrypted in the encrypted folder. It works! Now I’m ready for running the backup itself using rdiff-backup. Now I’m just going to back up my photos folder:

Done!

To unmount the mounted, unencrypted folder, simply use the fusermount command:

To mount it again I simply use the same command as when I first created the encrypted folder:

In closing, let me add that it’s probably not necessary to use sudo for most of these commands, so try experimenting without using sudo. And for restoring from backup, you can use the “-r” switch to rdiff-backup (see the man page).

Update 2011-06-23: I created a small script to automate the backup process, and added the script to a cron job. The script runs once a day and makes sure I have a up-to-date backup of my linux box. This is the script:

By checking syslog regularely I can see whether the backup job succeeds or not.

Leave a Reply

%d bloggers like this: