Encrypted Backup Solution "Home Paranoia Edition"

The next step is to select your preferred filesystem type (ext3, ext4 and so on). Once the volume-creating process is completed, mount your volume using the TrueCrypt application and start saving your private files to this encrypted container.

Figure 9. Select the newly created standard volume to mount an accessible unencrypted share.

A safe and secure on-line storage location for your newly created encrypted container is essential for backing up data in the cloud. A couple options are available for an on-line storage location, such as Dropbox, Evernote, AWS and SpiderOak. The final choice for secure cloud storage is with the company called SpiderOak, and this is based on the company's "Zero-Knowledge" privacy policy that states: "we never have any knowledge of your password and no way to retrieve or reset it, even in emergencies. It's our way of ensuring that our customer's data is always completely secure—even from us!"

The company also provides two-factor authentication for extra protection of requiring a user name, password and a token. The token will be sent to your mobile phone whenever you need to log in to a Web site or mobile device. The majority of big-name providers are offering two-factor authentication since the traditional password/passphrase does not offer enough protection. Seeing how this solution is deployed on a dedicated desktop and requires the token to authenticate, it provides a true two-channel authentication solution. Of course, using two-factor authentication does not guarantee safety, but it does require the attacker to use sophisticated methods, and attackers generally are lazy and look for easy targets.

Installing SpiderOak is straightforward for all the Debian users out there. It includes downloading and installing the spideroak_4.8.4_i386.deb package from https://spideroak.com/opendownload and using sudo dpkg -i spideroak_4.8.4_i386.deb to install this package on your favorite Ubuntu platform.

Identify a local upload folder as the staging point for your TrueCrypt container. Once you have a shared location that will host your TrueCrypt container, simply open your SpiderOak application and select the backup tab. Then, drill down until you find your TrueCrypt container location, such as home/username/SpiderO/Upload.

The next step is to configure your backup frequency using the overview tab and selecting the change button (Figures 10 and 11).

Figure 10. The backup tab in the SpiderOak application allows you to select your encrypted volume.

Figure 11. A SpiderOak application status and backup menu provides a means to back up your encrypted volume automatically in specified intervals.

Many other configuration options are available using this interface. For this example, use only these two options for a secure cloud backup.

The last couple steps in this encrypted backup solution are to move the TrueCrypt container from the working location to the designated SpiderOak export folder and create a cron job to run the script.

I created a Python script to accomplish the copy function, but I could have created any type of script. This script is used to ensure that the TrueCrypt application is not running, verify whether there were changes to the container and then copy over the container if there were changes. This script requires a configuration file called FolderandFileLoc to function and the Python script BackupScript.py. The configuration file parameters are SpiderOakPath, TrueCryptPath and LogFilepath, a running log to verify whether a copy was successful and the Safefile filename.

Listing 1. SpiderOak/TrueCrypt Backup Script


#!/usr/bin/python 
''' 
SpiderOak, TrueCrypt, dis-mount, Backup Script 
@author: Tim 
''' 
import os 
import string 
import datetime 
import hashlib 
FolderandFileLoc = "FolderandFileLoc" 
SpiderOakPath = " " 
TrueCryptPath = " " 
LogFilepath = " " 
safefile = " " 

def readconfigfile(SpiderOakPath,TrueCryptPath,LogFilepath,safefile, 
 ↪Setupfileopen): 
    # This will read the configuration and assign path location 
    now = datetime.datetime.now() 
    holdstr = ""  
    for line in Setupfileopen: 
        holdstr = str.split(line) 
        if string.find(line,"SpiderOakPath") > -1: 
            SpiderOakPath = holdstr[1] 
        elif string.find(line,"TrueCryptPath") > - 1: 
            TrueCryptPath = holdstr[1] 
        elif string.find(line, "LogFilepath") > -1: 
            LogFilepath = holdstr[1] 
        elif string.find(line,"safefile") > -1: 
            safefile = holdstr[1] 
            
    fo = open(LogFilepath,"a")  
    try:        
        fo = open(LogFilepath,"a") 
        fo.write (str(now) + "- Path Variable SpiderOakPath 
         ↪used -> " + SpiderOakPath + "\n") 
        fo.write (str(now) + "- Path Variable TrueCryptPath 
         ↪used -> " + TrueCryptPath + "\n") 
        fo.write (str(now) + "- Path Variable LogFilepath 
         ↪used -> " + LogFilepath + "\n") 
        fo.write (str(now) + "- Path Variable hold 
         ↪used -> " + safefile + "\n") 
    except: fo.error   
    shutdowntruecrypt(fo,now) 
    copycontainer(fo,SpiderOakPath,TrueCryptPath,
    ↪LogFilepath,safefile,now) 
    fo.close    
    
    
def shutdowntruecrypt(fo,now): 
    # Test to see if the truecypt is running 
    # If not then Shut it down 
    foundstring = 0    
    try: 
        f = os.popen( "ps ax" ) 
    except: os.error 
    
    for line in f: 
        if string.find(line, 'truecrypt') > -1: 
            foundstring = 1 
            break             
    
    if foundstring == 1: 
        try: 
            dismount = os.system("truecrypt -d") 
            if dismount == 0: 
                fo.write (str(now) + "- True Crypt0service found 
                 ↪and the volume is dis-mounted \n"); 
            else: 
                fo.write (str(now) + "- Failed to 
                 ↪dismount service \n "); 
        except: os.error 
    else: 
        fo.write (str(now) + "- mount was not open \n "); 
     
def copycontainer(fo,SpiderOakPath,TrueCryptPath,
↪LogFilepath,safefile,now): 
    #Set Destination and Copy to new location 
         
    Holddestfilesum = TrueCryptPath + safefile 
    Holdorigfilesum = SpiderOakPath + "/" + safefile 
    checksumdest = md5filecheck(Holddestfilesum) 
    checksumorig = md5filecheck(Holdorigfilesum) 
    
    
    runstring = "cp "  # This will only copy over updates 
                       # to this file 
    runstring += TrueCryptPath 
    runstring += safefile       
    runstring += "  " 
    runstring += SpiderOakPath  # This will only send over any 
                                # updates to this file 
    testdiff = os.system("diff " + Holddestfilesum + " 
     ↪" + Holdorigfilesum) 
 
    
    if testdiff !=0: 
        try: 
            os.system(runstring) 
            testdiff = os.system("diff " + Holddestfilesum + " 
             ↪" + Holdorigfilesum) 
            if testdiff != 0 :	    
                fo.write (str(now) + TrueCryptPath + safefile +  
                 ↪" File Copied to " + SpiderOakPath + "\n") 
                fo.write(str(now) +  " ---- Processing Complete ----") 
            else: 
                fo.write(str(now) + TrueCryptPath + safefile + 
                 ↪"File failed to copy " + SpiderOakPath + "\n") 
        except: os.error 
         
    else: 
        fo.write (str(now) + " File has not been changed 
         ↪no copy was performed\n") 
        
       
         
Setupfileopen = open(FolderandFileLoc,"r") 
readconfigfile(SpiderOakPath,TrueCryptPath,LogFilepath,safefile, 
 ↪Setupfileopen) 
Setupfileopen.close() 

The final step is to create a cron job to call the Python script:


0 5 * * * cd /home/t/workspace/BackupScript/src; /usr/bin/python
/home/t/workspace/BackupScript/src/BackupScript.py

This personal encrypted solution is something that works great at home when utilized on a daily basis. Many apps are available on the Internet for managing passwords and data, but this one is easy to implement and provides layers of encryption. I am confident that using the described encrypted containers and storage location provides enough security for private personal data, but it may not be an ideal solution for an enterprise with various regulatory agencies. Use the described methods at your own risk, and ensure that your passwords or passphrases are safeguarded, because your data will be lost with a forgotten password.

______________________

Tim Cordova is a computer geek who had a Commodore 64 at age 9, and has a love for Linux, family, information security and longboard surfing.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState