Updated documentation

This commit is contained in:
Marco Cetica 2023-10-10 14:44:31 +02:00
parent d4572f353f
commit dab5ff3a94
No known key found for this signature in database
GPG Key ID: 7C7F63D4B26A4D5B
3 changed files with 50 additions and 33 deletions

View File

@ -2,14 +2,14 @@ all:
install
install:
mkdir -p /usr/local/share/man/man1 /usr/local/bin /usr/local/etc
mkdir -p /usr/local/bin /usr/local/etc
cp -R backup.sh /usr/local/bin/backup.sh
cp -R sources.bk /usr/local/etc/sources.bk
cp -R backup.sh.1 /usr/local/share/man/man1/backup.sh.1
cp -R backup.sh.1 /usr/share/man/man1/backup.sh.1
chmod 755 /usr/local/bin/backup.sh
chmod 644 /usr/local/etc/sources.bk
uninstall:
rm -rf /usr/local/bin/backup.sh
rm -ff /usr/local/etc/sources.bk
rm -rf /usr/local/share/man/man1/backup.sh.1
rm -rf /usr/share/man/man1/backup.sh.1

View File

@ -18,7 +18,7 @@ Alternatively, you can install the script, the default sources file and the man
$> sudo make install
```
This will copy `backup.sh` into `/usr/local/bin/backup.sh`, `sources.bk` into `/usr/local/etc/sources.bk` and
`backup.sh.1` into `/usr/local/share/man/man1/backup.sh.1`. To uninstall the program along with the sample _sources file_ and the manual page,
`backup.sh.1` into `/usr/share/man/man1/backup.sh.1`. To uninstall the program along with the sample _sources file_ and the manual page,
you can issue `sudo make uninstall`.
At this point you still need to install the following dependencies:

View File

@ -1,4 +1,4 @@
.\" Automatically generated by Pandoc 3.1
.\" Automatically generated by Pandoc 2.17.1.1
.\"
.\" Define V font for inline verbatim, using C font in formats
.\" that render this, and otherwise B font.
@ -14,11 +14,11 @@
. ftr VB CB
. ftr VBI CBI
.\}
.TH "backup.sh" "1" "March 14, 2023" "Marco Cetica" "General Commands Manual"
.TH "backup.sh" "1" "October 10, 2023" "Marco Cetica" "General Commands Manual"
.hy
.SH NAME
.PP
\f[B]backup.sh\f[R] is a POSIX compliant, modular and lightweight backup
\f[B]backup.sh\f[R] - POSIX compliant, modular and lightweight backup
utility to save and encrypt your files.
.SH SYNOPSIS
.IP
@ -38,7 +38,7 @@ utility to save and encrypt your files.
This tool is intended to be used on small scale UNIX environment such as
VPS, small servers and workstations.
\f[B]backup.sh\f[R] uses \f[I]rsync\f[R], \f[I]tar\f[R] and
\f[I]openssl\f[R] to copy, compress and encrypt the backup.
\f[I]gpg\f[R] to copy, compress and encrypt the backup.
.SH OPTIONS
.PP
\f[B]backup.sh\f[R] supports two options: \f[I]backup creation\f[R] and
@ -137,7 +137,7 @@ Elapsed time: 10 seconds.
.fi
.PP
After that, you will find the final backup archive in
\f[V]/home/john/backup-<HOSTNAME>-<YYYMMDD>.tar.gz.enc\f[R].
\f[V]/home/john/backup-<HOSTNAME>-<YYYYMMDD>.tar.gz.enc\f[R].
.PP
You can also use \f[B]backup.sh\f[R] from a crontab rule:
.IP
@ -172,7 +172,7 @@ For instance:
.IP
.nf
\f[C]
$> ./backup.sh --extract backup-<hostname>-<YYYMMDD>.tar.gz.enc badpw1234
$> ./backup.sh --extract backup-<hostname>-<YYYYMMDD>.tar.gz.enc badpw1234
\f[R]
.fi
.PP
@ -190,8 +190,7 @@ backup-ssh-<YYYYMMDD>
.SS How does backup.sh work?
.PP
\f[B]backup.sh\f[R] uses \f[I]rsync\f[R] to copy the files,
\f[I]tar\f[R] to compress the backup and \f[I]openssl\f[R] to encrypt
it.
\f[I]tar\f[R] to compress the backup and \f[I]gpg\f[R] to encrypt it.
By default, rsync is being used with the following parameters:
.IP
.nf
@ -213,36 +212,54 @@ That is:
\f[R]
.fi
.PP
After that the backup folder is being encrypred using openssl.
After that the backup folder is being encrypted using gpg.
By default, it is used with the following parameters:
.IP
.nf
\f[C]
$> openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 -salt -k \[dq]$PASSWORD\[dq] > file.tar.gz.enc
$> gpg -a \[rs]
--symmetric \[rs]
--cipher-algo=AES256 \[rs]
--no-symkey-cache \[rs]
--pinentry-mode=loopback \[rs]
--batch --passphrase-fd 3 3<<< \[dq]$PASSWORD\[dq] \[rs]
--output \[dq]$OUTPUT\[dq] \[rs]
\[dq]$INPUT\[dq]
\f[R]
.fi
.PP
This command encrypts the backup using the AES-256-CBC symmetric
encryption algorithm with a 256bit key.
Here is what each option means:
.IP
.nf
\f[C]
- enc: encrypt mode: tell openssl to use encryption functionality;
- aes-256-cbc: encryption algorithm: this option tells openssl which encryption algorithm to use;
- md sh512: hashing algorithm: this option tells openssl which hashing algorithm to use for key derivation,
i.e., converting the text-based password(\[ga]$PASSWORD\[ga]) into an encryption key;
- pbkdf2: key deriving algorithm: this option tells openssl which key deriving algorithm to use. In this case
we use the _password-based key derivation function 2_ algorithm;
- iter 100000: number of iterations: this options tells openssl the number of iteration to use for the key derivation
function;
- salt: enable salting: this option tells openssl to add a random salt to the key derivation process in order to
avoid rainbow table based attacks.
\f[R]
.fi
This command encrypts the backup using the AES-256 symmetric encryption
algorithm with a 256bit key.
Here is what each flag do: - \f[V]--symmetric\f[R]: Use symmetric
encryption;
.PD 0
.P
.PD
- \f[V]--cipher-algo=AES256\f[R]: Use AES256 algorithm;
.PD 0
.P
.PD
- \f[V]--no-symkey-cache\f[R]: Do not save password on GPG\[cq]s cache;
.PD 0
.P
.PD
- \f[V]--pinentry-mode=loopback --batch\f[R]: Do not prompt the user;
.PD 0
.P
.PD
- \f[V]--passphrase-fd 3 3<< \[dq]$PASSWORD\[dq]\f[R]: Read password
without revealing it on \f[V]ps\f[R];
.PD 0
.P
.PD
- \f[V]--output\f[R]: Specify output file;
.PD 0
.P
.PD
- \f[V]$INPUT\f[R]: Specify input file.
.SH EXAMPLES
.PP
Below there are some examples that demostrate \f[B]backup.sh\f[R]\[cq]s
Below there are some examples that demonstrate \f[B]backup.sh\f[R]\[cq]s
usage.
.IP "1." 3
Create a backup of \f[V]/etc/ssh\f[R], \f[V]/var/www\f[R] and