diff --git a/Makefile b/Makefile index e421f82..68a4c2b 100644 --- a/Makefile +++ b/Makefile @@ -2,14 +2,14 @@ all: install install: - mkdir -p /usr/local/share/man/man1 /usr/local/bin /usr/local/etc + mkdir -p /usr/local/bin /usr/local/etc cp -R backup.sh /usr/local/bin/backup.sh cp -R sources.bk /usr/local/etc/sources.bk - cp -R backup.sh.1 /usr/local/share/man/man1/backup.sh.1 + cp -R backup.sh.1 /usr/share/man/man1/backup.sh.1 chmod 755 /usr/local/bin/backup.sh chmod 644 /usr/local/etc/sources.bk uninstall: rm -rf /usr/local/bin/backup.sh rm -ff /usr/local/etc/sources.bk - rm -rf /usr/local/share/man/man1/backup.sh.1 + rm -rf /usr/share/man/man1/backup.sh.1 diff --git a/README.md b/README.md index ac216a9..eb7c8d9 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Alternatively, you can install the script, the default sources file and the man $> sudo make install ``` This will copy `backup.sh` into `/usr/local/bin/backup.sh`, `sources.bk` into `/usr/local/etc/sources.bk` and -`backup.sh.1` into `/usr/local/share/man/man1/backup.sh.1`. To uninstall the program along with the sample _sources file_ and the manual page, +`backup.sh.1` into `/usr/share/man/man1/backup.sh.1`. To uninstall the program along with the sample _sources file_ and the manual page, you can issue `sudo make uninstall`. At this point you still need to install the following dependencies: diff --git a/backup.sh.1 b/backup.sh.1 index 85af0a7..cc20020 100644 --- a/backup.sh.1 +++ b/backup.sh.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pandoc 3.1 +.\" Automatically generated by Pandoc 2.17.1.1 .\" .\" Define V font for inline verbatim, using C font in formats .\" that render this, and otherwise B font. @@ -14,11 +14,11 @@ . ftr VB CB . ftr VBI CBI .\} -.TH "backup.sh" "1" "March 14, 2023" "Marco Cetica" "General Commands Manual" +.TH "backup.sh" "1" "October 10, 2023" "Marco Cetica" "General Commands Manual" .hy .SH NAME .PP -\f[B]backup.sh\f[R] is a POSIX compliant, modular and lightweight backup +\f[B]backup.sh\f[R] - POSIX compliant, modular and lightweight backup utility to save and encrypt your files. .SH SYNOPSIS .IP @@ -38,7 +38,7 @@ utility to save and encrypt your files. This tool is intended to be used on small scale UNIX environment such as VPS, small servers and workstations. \f[B]backup.sh\f[R] uses \f[I]rsync\f[R], \f[I]tar\f[R] and -\f[I]openssl\f[R] to copy, compress and encrypt the backup. +\f[I]gpg\f[R] to copy, compress and encrypt the backup. .SH OPTIONS .PP \f[B]backup.sh\f[R] supports two options: \f[I]backup creation\f[R] and @@ -137,7 +137,7 @@ Elapsed time: 10 seconds. .fi .PP After that, you will find the final backup archive in -\f[V]/home/john/backup--.tar.gz.enc\f[R]. +\f[V]/home/john/backup--.tar.gz.enc\f[R]. .PP You can also use \f[B]backup.sh\f[R] from a crontab rule: .IP @@ -172,7 +172,7 @@ For instance: .IP .nf \f[C] -$> ./backup.sh --extract backup--.tar.gz.enc badpw1234 +$> ./backup.sh --extract backup--.tar.gz.enc badpw1234 \f[R] .fi .PP @@ -190,8 +190,7 @@ backup-ssh- .SS How does backup.sh work? .PP \f[B]backup.sh\f[R] uses \f[I]rsync\f[R] to copy the files, -\f[I]tar\f[R] to compress the backup and \f[I]openssl\f[R] to encrypt -it. +\f[I]tar\f[R] to compress the backup and \f[I]gpg\f[R] to encrypt it. By default, rsync is being used with the following parameters: .IP .nf @@ -213,36 +212,54 @@ That is: \f[R] .fi .PP -After that the backup folder is being encrypred using openssl. +After that the backup folder is being encrypted using gpg. By default, it is used with the following parameters: .IP .nf \f[C] -$> openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 100000 -salt -k \[dq]$PASSWORD\[dq] > file.tar.gz.enc +$> gpg -a \[rs] + --symmetric \[rs] + --cipher-algo=AES256 \[rs] + --no-symkey-cache \[rs] + --pinentry-mode=loopback \[rs] + --batch --passphrase-fd 3 3<<< \[dq]$PASSWORD\[dq] \[rs] + --output \[dq]$OUTPUT\[dq] \[rs] + \[dq]$INPUT\[dq] \f[R] .fi .PP -This command encrypts the backup using the AES-256-CBC symmetric -encryption algorithm with a 256bit key. -Here is what each option means: -.IP -.nf -\f[C] -- enc: encrypt mode: tell openssl to use encryption functionality; -- aes-256-cbc: encryption algorithm: this option tells openssl which encryption algorithm to use; -- md sh512: hashing algorithm: this option tells openssl which hashing algorithm to use for key derivation, - i.e., converting the text-based password(\[ga]$PASSWORD\[ga]) into an encryption key; -- pbkdf2: key deriving algorithm: this option tells openssl which key deriving algorithm to use. In this case - we use the _password-based key derivation function 2_ algorithm; -- iter 100000: number of iterations: this options tells openssl the number of iteration to use for the key derivation - function; -- salt: enable salting: this option tells openssl to add a random salt to the key derivation process in order to - avoid rainbow table based attacks. -\f[R] -.fi +This command encrypts the backup using the AES-256 symmetric encryption +algorithm with a 256bit key. +Here is what each flag do: - \f[V]--symmetric\f[R]: Use symmetric +encryption; +.PD 0 +.P +.PD +- \f[V]--cipher-algo=AES256\f[R]: Use AES256 algorithm; +.PD 0 +.P +.PD +- \f[V]--no-symkey-cache\f[R]: Do not save password on GPG\[cq]s cache; +.PD 0 +.P +.PD +- \f[V]--pinentry-mode=loopback --batch\f[R]: Do not prompt the user; +.PD 0 +.P +.PD +- \f[V]--passphrase-fd 3 3<< \[dq]$PASSWORD\[dq]\f[R]: Read password +without revealing it on \f[V]ps\f[R]; +.PD 0 +.P +.PD +- \f[V]--output\f[R]: Specify output file; +.PD 0 +.P +.PD +- \f[V]$INPUT\f[R]: Specify input file. .SH EXAMPLES .PP -Below there are some examples that demostrate \f[B]backup.sh\f[R]\[cq]s +Below there are some examples that demonstrate \f[B]backup.sh\f[R]\[cq]s usage. .IP "1." 3 Create a backup of \f[V]/etc/ssh\f[R], \f[V]/var/www\f[R] and