Updated documentation and updated rsync command
This commit is contained in:
parent
a98cfe4f8f
commit
8eb13e481c
48
README.md
48
README.md
@ -125,15 +125,45 @@ backup-ssh-<YYYYMMDD>
|
|||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
## How does `backup.sh` work
|
## How does `backup.sh` work?
|
||||||
TODO: explain backend(rsync) parameters.
|
`backup.sh` uses **rsync** to copy the files, **tar** to compress the backup and **openssl**
|
||||||
### Backup flow
|
to encrypt it. By default, rsync is being used with the following parameters:
|
||||||
Graph with:
|
```sh
|
||||||
1. loop through sources;
|
$> rsync -aPhrq --delete
|
||||||
2. Copy each source in tmp dir;
|
```
|
||||||
3. Compress the archive and encrypt it.
|
|
||||||
### Encryption
|
That is:
|
||||||
TODO: show `file` output of the backup
|
|
||||||
|
- `-a`: **archive mode**, rsync copies files recursively while preserving as much metadata
|
||||||
|
as possible;
|
||||||
|
- `-P`: **progress/partial**, this allows rsync to resume interrupted transfers and to
|
||||||
|
shows progress information;
|
||||||
|
- `-h`: **human readable output**, rsync shows output numbers in a more readable way;
|
||||||
|
- `-r`: **recursive mode**: which forces rsync to copy directories and their content;
|
||||||
|
- `-q`: **quiet mode**: which reduces the amount of information rsync produces;
|
||||||
|
- `--delete`: **delete mode**: which forces rsync to delete any extraneous files at the
|
||||||
|
destination dir.
|
||||||
|
|
||||||
|
|
||||||
|
After that the backup folder is being encrypred using openssl. By default, it is used
|
||||||
|
with the following parameters:
|
||||||
|
```sh
|
||||||
|
$> openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 -salt -k "$PASSWORD" > file.tar.gz.enc
|
||||||
|
```
|
||||||
|
|
||||||
|
This command encrypts the backup using the AES-256-CBC symmetric encryption algorithm with a 256bit
|
||||||
|
key. Here is what each option means:
|
||||||
|
- `enc`: **encrypt mode**: tell openssl to use encryption functionality;
|
||||||
|
- `-aes-256-cbc`: **encryption algorithm**: this option tells openssl which encryption algorithm to use;
|
||||||
|
- `-md sh512`: **hashing algorithm**: this option tells openssl which hashing algorithm to use for key derivation,
|
||||||
|
i.e., converting the text-based password(`$PASSWORD`) into an encryption key;
|
||||||
|
- `-pbkdf2`: **key deriving algorithm**: this option tells openssl which key deriving algorithm to use. In this case
|
||||||
|
we use the _password-based key derivation function 2_ algorithm;
|
||||||
|
- `-iter 100000`: **number of iterations**: this options tells openssl the number of iteration to use for the key derivation
|
||||||
|
function;
|
||||||
|
- `-salt`: **enable salting**: this option tells openssl to add a random salt to the key derivation process in order to
|
||||||
|
avoid rainbow table based attacks.
|
||||||
|
|
||||||
|
|
||||||
## Unit tests
|
## Unit tests
|
||||||
## License
|
## License
|
||||||
|
@ -49,7 +49,7 @@ make_backup() {
|
|||||||
BACKUP_SH_SOURCES_PATH="$1"
|
BACKUP_SH_SOURCES_PATH="$1"
|
||||||
BACKUP_SH_OUTPATH="$2"
|
BACKUP_SH_OUTPATH="$2"
|
||||||
BACKUP_SH_PASS="$3"
|
BACKUP_SH_PASS="$3"
|
||||||
BACKUP_SH_COMMAND="rsync -aPhvrq --delete"
|
BACKUP_SH_COMMAND="rsync -aPhrq --delete"
|
||||||
BACKUP_SH_DATE="$(date +'%Y%m%d')"
|
BACKUP_SH_DATE="$(date +'%Y%m%d')"
|
||||||
BACKUP_SH_FOLDER="backup.sh.tmp"
|
BACKUP_SH_FOLDER="backup.sh.tmp"
|
||||||
BACKUP_SH_OUTPUT="$BACKUP_SH_OUTPATH/$BACKUP_SH_FOLDER"
|
BACKUP_SH_OUTPUT="$BACKUP_SH_OUTPATH/$BACKUP_SH_FOLDER"
|
||||||
|
Loading…
Reference in New Issue
Block a user