Updated documentation
This commit is contained in:
parent
d4572f353f
commit
dab5ff3a94
6
Makefile
6
Makefile
@ -2,14 +2,14 @@ all:
|
||||
install
|
||||
|
||||
install:
|
||||
mkdir -p /usr/local/share/man/man1 /usr/local/bin /usr/local/etc
|
||||
mkdir -p /usr/local/bin /usr/local/etc
|
||||
cp -R backup.sh /usr/local/bin/backup.sh
|
||||
cp -R sources.bk /usr/local/etc/sources.bk
|
||||
cp -R backup.sh.1 /usr/local/share/man/man1/backup.sh.1
|
||||
cp -R backup.sh.1 /usr/share/man/man1/backup.sh.1
|
||||
chmod 755 /usr/local/bin/backup.sh
|
||||
chmod 644 /usr/local/etc/sources.bk
|
||||
|
||||
uninstall:
|
||||
rm -rf /usr/local/bin/backup.sh
|
||||
rm -ff /usr/local/etc/sources.bk
|
||||
rm -rf /usr/local/share/man/man1/backup.sh.1
|
||||
rm -rf /usr/share/man/man1/backup.sh.1
|
||||
|
@ -18,7 +18,7 @@ Alternatively, you can install the script, the default sources file and the man
|
||||
$> sudo make install
|
||||
```
|
||||
This will copy `backup.sh` into `/usr/local/bin/backup.sh`, `sources.bk` into `/usr/local/etc/sources.bk` and
|
||||
`backup.sh.1` into `/usr/local/share/man/man1/backup.sh.1`. To uninstall the program along with the sample _sources file_ and the manual page,
|
||||
`backup.sh.1` into `/usr/share/man/man1/backup.sh.1`. To uninstall the program along with the sample _sources file_ and the manual page,
|
||||
you can issue `sudo make uninstall`.
|
||||
|
||||
At this point you still need to install the following dependencies:
|
||||
|
75
backup.sh.1
75
backup.sh.1
@ -1,4 +1,4 @@
|
||||
.\" Automatically generated by Pandoc 3.1
|
||||
.\" Automatically generated by Pandoc 2.17.1.1
|
||||
.\"
|
||||
.\" Define V font for inline verbatim, using C font in formats
|
||||
.\" that render this, and otherwise B font.
|
||||
@ -14,11 +14,11 @@
|
||||
. ftr VB CB
|
||||
. ftr VBI CBI
|
||||
.\}
|
||||
.TH "backup.sh" "1" "March 14, 2023" "Marco Cetica" "General Commands Manual"
|
||||
.TH "backup.sh" "1" "October 10, 2023" "Marco Cetica" "General Commands Manual"
|
||||
.hy
|
||||
.SH NAME
|
||||
.PP
|
||||
\f[B]backup.sh\f[R] is a POSIX compliant, modular and lightweight backup
|
||||
\f[B]backup.sh\f[R] - POSIX compliant, modular and lightweight backup
|
||||
utility to save and encrypt your files.
|
||||
.SH SYNOPSIS
|
||||
.IP
|
||||
@ -38,7 +38,7 @@ utility to save and encrypt your files.
|
||||
This tool is intended to be used on small scale UNIX environment such as
|
||||
VPS, small servers and workstations.
|
||||
\f[B]backup.sh\f[R] uses \f[I]rsync\f[R], \f[I]tar\f[R] and
|
||||
\f[I]openssl\f[R] to copy, compress and encrypt the backup.
|
||||
\f[I]gpg\f[R] to copy, compress and encrypt the backup.
|
||||
.SH OPTIONS
|
||||
.PP
|
||||
\f[B]backup.sh\f[R] supports two options: \f[I]backup creation\f[R] and
|
||||
@ -137,7 +137,7 @@ Elapsed time: 10 seconds.
|
||||
.fi
|
||||
.PP
|
||||
After that, you will find the final backup archive in
|
||||
\f[V]/home/john/backup-<HOSTNAME>-<YYYMMDD>.tar.gz.enc\f[R].
|
||||
\f[V]/home/john/backup-<HOSTNAME>-<YYYYMMDD>.tar.gz.enc\f[R].
|
||||
.PP
|
||||
You can also use \f[B]backup.sh\f[R] from a crontab rule:
|
||||
.IP
|
||||
@ -172,7 +172,7 @@ For instance:
|
||||
.IP
|
||||
.nf
|
||||
\f[C]
|
||||
$> ./backup.sh --extract backup-<hostname>-<YYYMMDD>.tar.gz.enc badpw1234
|
||||
$> ./backup.sh --extract backup-<hostname>-<YYYYMMDD>.tar.gz.enc badpw1234
|
||||
\f[R]
|
||||
.fi
|
||||
.PP
|
||||
@ -190,8 +190,7 @@ backup-ssh-<YYYYMMDD>
|
||||
.SS How does backup.sh work?
|
||||
.PP
|
||||
\f[B]backup.sh\f[R] uses \f[I]rsync\f[R] to copy the files,
|
||||
\f[I]tar\f[R] to compress the backup and \f[I]openssl\f[R] to encrypt
|
||||
it.
|
||||
\f[I]tar\f[R] to compress the backup and \f[I]gpg\f[R] to encrypt it.
|
||||
By default, rsync is being used with the following parameters:
|
||||
.IP
|
||||
.nf
|
||||
@ -213,36 +212,54 @@ That is:
|
||||
\f[R]
|
||||
.fi
|
||||
.PP
|
||||
After that the backup folder is being encrypred using openssl.
|
||||
After that the backup folder is being encrypted using gpg.
|
||||
By default, it is used with the following parameters:
|
||||
.IP
|
||||
.nf
|
||||
\f[C]
|
||||
$> openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 -salt -k \[dq]$PASSWORD\[dq] > file.tar.gz.enc
|
||||
$> gpg -a \[rs]
|
||||
--symmetric \[rs]
|
||||
--cipher-algo=AES256 \[rs]
|
||||
--no-symkey-cache \[rs]
|
||||
--pinentry-mode=loopback \[rs]
|
||||
--batch --passphrase-fd 3 3<<< \[dq]$PASSWORD\[dq] \[rs]
|
||||
--output \[dq]$OUTPUT\[dq] \[rs]
|
||||
\[dq]$INPUT\[dq]
|
||||
\f[R]
|
||||
.fi
|
||||
.PP
|
||||
This command encrypts the backup using the AES-256-CBC symmetric
|
||||
encryption algorithm with a 256bit key.
|
||||
Here is what each option means:
|
||||
.IP
|
||||
.nf
|
||||
\f[C]
|
||||
- enc: encrypt mode: tell openssl to use encryption functionality;
|
||||
- aes-256-cbc: encryption algorithm: this option tells openssl which encryption algorithm to use;
|
||||
- md sh512: hashing algorithm: this option tells openssl which hashing algorithm to use for key derivation,
|
||||
i.e., converting the text-based password(\[ga]$PASSWORD\[ga]) into an encryption key;
|
||||
- pbkdf2: key deriving algorithm: this option tells openssl which key deriving algorithm to use. In this case
|
||||
we use the _password-based key derivation function 2_ algorithm;
|
||||
- iter 100000: number of iterations: this options tells openssl the number of iteration to use for the key derivation
|
||||
function;
|
||||
- salt: enable salting: this option tells openssl to add a random salt to the key derivation process in order to
|
||||
avoid rainbow table based attacks.
|
||||
\f[R]
|
||||
.fi
|
||||
This command encrypts the backup using the AES-256 symmetric encryption
|
||||
algorithm with a 256bit key.
|
||||
Here is what each flag do: - \f[V]--symmetric\f[R]: Use symmetric
|
||||
encryption;
|
||||
.PD 0
|
||||
.P
|
||||
.PD
|
||||
- \f[V]--cipher-algo=AES256\f[R]: Use AES256 algorithm;
|
||||
.PD 0
|
||||
.P
|
||||
.PD
|
||||
- \f[V]--no-symkey-cache\f[R]: Do not save password on GPG\[cq]s cache;
|
||||
.PD 0
|
||||
.P
|
||||
.PD
|
||||
- \f[V]--pinentry-mode=loopback --batch\f[R]: Do not prompt the user;
|
||||
.PD 0
|
||||
.P
|
||||
.PD
|
||||
- \f[V]--passphrase-fd 3 3<< \[dq]$PASSWORD\[dq]\f[R]: Read password
|
||||
without revealing it on \f[V]ps\f[R];
|
||||
.PD 0
|
||||
.P
|
||||
.PD
|
||||
- \f[V]--output\f[R]: Specify output file;
|
||||
.PD 0
|
||||
.P
|
||||
.PD
|
||||
- \f[V]$INPUT\f[R]: Specify input file.
|
||||
.SH EXAMPLES
|
||||
.PP
|
||||
Below there are some examples that demostrate \f[B]backup.sh\f[R]\[cq]s
|
||||
Below there are some examples that demonstrate \f[B]backup.sh\f[R]\[cq]s
|
||||
usage.
|
||||
.IP "1." 3
|
||||
Create a backup of \f[V]/etc/ssh\f[R], \f[V]/var/www\f[R] and
|
||||
|
Loading…
Reference in New Issue
Block a user