Hi Vladimir, Thanks for sharing that solution. Much appreciated.
Erich On Sep 7, 2006, at 9:37 AM, Vladimir Doisan wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > BTW, forgot to mention, I've used symmetric encryption on clients with > AxCrypt utility (does AES128 encryption and compression) > http://sourceforge.net/projects/axcrypt with success. However I > moved to > Bacula/GnuPG combo because I can manage it centrally. > You do not need to use Bacula with AxCrypt, but you can if you wanted. > For example you can use Bacula to backup the X drive (see script). I > think you could also use "Client Run Before Job" to encrypt all files > with AxCrypt, back up only the .axx files with Bacula and delete .axx > with "Client Run After Job" once the backup completes on the client. > There are many possibilities on how to accomplish this. > > Here is the procedure if anybody needs it. > 1. Install AxCrypt on each Win32 client (no Linux ports yet) > 2. Install a .bat on each client. It will encrypt directories > specified > there and transfer all encrypted files via the FTP or File Shares. > 3. Automate execution by using scheduled tasks or by running the > script > on the startup or shutdown via Windows Group Policy. > > Here is the batch that I wrote to do this. (I only have the > original in > front of me, I did some minor revisions to it, but it will work) > > ======================== BACKUP.BAT ============================ > REM --- Encrypted Backup Script 1.0 > REM --- Created by Vladimir Doisan August 23, 2005 > REM --- Free to Use/Modify/Distribute under GPL > REM --- This script uses AxCrypt (http://axcrypt.sourceforge.net/) to > REM --- encrypt files on users' workstation and to upload them to the > REM --- shared directory on a file server. This requires > installation of > REM --- AxCrypt on each workstation. > > REM --- The password for the encrypted files is stored in this > script in > REM --- open text. This is a security risk! > > REM --- Connect to shared Folder on the > NET USE X: \\FQDN_OR_IP_ADDRESS\backup > > REM ***** BACKUP MY_DOCUMENTS FOLDER FOR THE CURRENT USER ***** > > REM --- Enter User's My Document Folder > cd "C:\Documents and Settings\%UserName%\My Documents" > > REM --- Encrypts files in a directory (-z), creates a copy of original > (-c), does all sub-dirs (-m) > REM --- Do not have to enter the pass again. It will be cached in RAM > "%ProgramFiles%\Axon Data\AxCrypt\1.6.2\AxCrypt" -m -c -e -k > "THIS_IS_MY_STRONG_PASS_CHANGE_ME!" -z * > > REM --- copies all encrypted files (.axx) within current folder to > X:\"UserName", does sub-folders (/e) > REM --- does not ask to overwrite files (/Y), copies hidden files (/ > H), > Contonues copy even on errors (/C) > REM --- /D copies only newer files, /I assumes the destination is a > directory > xcopy *.axx "x:\%UserName%\My Documents" /E /H /C /D /I /Y > > REM --- deletes everything with .axx recurcive & force deletion of > read-only files (JIC) > del *.axx /S /F > > REM ***** BACKUP DESKTOP FOLDER FOR THE CURRENT USER ***** > REM --- Enter User's Desktop Folder > cd "C:\Documents and Settings\%UserName%\Desktop" > > "%ProgramFiles%\Axon Data\AxCrypt\1.6.2\AxCrypt" -m -c -z * > > xcopy *.axx x:\%UserName%\Desktop /E /H /C /D /I /Y > > del *.axx /S /F > > REM --- Removes shared drive > NET USE X: /DELETE > ======================== BACKUP.BAT ============================ > > Hope this helps. > Good luck. > > > Vladimir Doisan wrote: >> Hi Lech Karol >> The only sure way to encrypt data right now is to encrypt it on the >> server (you could have 3rd party encryption on the client, but it >> gets >> messy). Basically when I finish backing up the clients with Bacula, I >> execute "RunAfter" script which uses GnuPG with public key to encrypt >> the volume. After it is encrypted, I simply transfer it via FTP, >> or you >> could write it to the tape. >> I wrote a guide on how to do it on Gentoo Linux, however all >> configs & >> explanations will work for any system. >> http://gentoo-wiki.com/ >> HOWTO_Encrypted_Backup_System_Using_Bacula_and_GnuPG >> >> >> >> --------------------------------------------------------------------- >> ---- >> Using Tomcat but need to do more? Need to support web services, >> security? >> Get stuff done quickly with pre-integrated technology to make your >> job easier >> Download IBM WebSphere Application Server v.1.0.1 based on Apache >> Geronimo >> http://sel.as-us.falkag.net/sel? >> cmd=lnk&kid=120709&bid=263057&dat=121642 >> _______________________________________________ >> Bacula-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/bacula-users >> >> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.4 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFAC6PNR4PQ6HVpW0RAnX3AJ9DG5PxOkecl4y0Hxkmvl/ZXLlfzQCg29yf > Ntu0CbHaj7kJ2fA38P8tyhc= > =0Ev9 > -----END PGP SIGNATURE----- > > > ---------------------------------------------------------------------- > --- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Bacula-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/bacula-users > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Bacula-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-users
