-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BTW, forgot to mention, I've used symmetric encryption on clients with AxCrypt utility (does AES128 encryption and compression) http://sourceforge.net/projects/axcrypt with success. However I moved to Bacula/GnuPG combo because I can manage it centrally. You do not need to use Bacula with AxCrypt, but you can if you wanted. For example you can use Bacula to backup the X drive (see script). I think you could also use "Client Run Before Job" to encrypt all files with AxCrypt, back up only the .axx files with Bacula and delete .axx with "Client Run After Job" once the backup completes on the client. There are many possibilities on how to accomplish this.
Here is the procedure if anybody needs it. 1. Install AxCrypt on each Win32 client (no Linux ports yet) 2. Install a .bat on each client. It will encrypt directories specified there and transfer all encrypted files via the FTP or File Shares. 3. Automate execution by using scheduled tasks or by running the script on the startup or shutdown via Windows Group Policy. Here is the batch that I wrote to do this. (I only have the original in front of me, I did some minor revisions to it, but it will work) ======================== BACKUP.BAT ============================ REM --- Encrypted Backup Script 1.0 REM --- Created by Vladimir Doisan August 23, 2005 REM --- Free to Use/Modify/Distribute under GPL REM --- This script uses AxCrypt (http://axcrypt.sourceforge.net/) to REM --- encrypt files on users' workstation and to upload them to the REM --- shared directory on a file server. This requires installation of REM --- AxCrypt on each workstation. REM --- The password for the encrypted files is stored in this script in REM --- open text. This is a security risk! REM --- Connect to shared Folder on the NET USE X: \\FQDN_OR_IP_ADDRESS\backup REM ***** BACKUP MY_DOCUMENTS FOLDER FOR THE CURRENT USER ***** REM --- Enter User's My Document Folder cd "C:\Documents and Settings\%UserName%\My Documents" REM --- Encrypts files in a directory (-z), creates a copy of original (-c), does all sub-dirs (-m) REM --- Do not have to enter the pass again. It will be cached in RAM "%ProgramFiles%\Axon Data\AxCrypt\1.6.2\AxCrypt" -m -c -e -k "THIS_IS_MY_STRONG_PASS_CHANGE_ME!" -z * REM --- copies all encrypted files (.axx) within current folder to X:\"UserName", does sub-folders (/e) REM --- does not ask to overwrite files (/Y), copies hidden files (/H), Contonues copy even on errors (/C) REM --- /D copies only newer files, /I assumes the destination is a directory xcopy *.axx "x:\%UserName%\My Documents" /E /H /C /D /I /Y REM --- deletes everything with .axx recurcive & force deletion of read-only files (JIC) del *.axx /S /F REM ***** BACKUP DESKTOP FOLDER FOR THE CURRENT USER ***** REM --- Enter User's Desktop Folder cd "C:\Documents and Settings\%UserName%\Desktop" "%ProgramFiles%\Axon Data\AxCrypt\1.6.2\AxCrypt" -m -c -z * xcopy *.axx x:\%UserName%\Desktop /E /H /C /D /I /Y del *.axx /S /F REM --- Removes shared drive NET USE X: /DELETE ======================== BACKUP.BAT ============================ Hope this helps. Good luck. Vladimir Doisan wrote: > Hi Lech Karol > The only sure way to encrypt data right now is to encrypt it on the > server (you could have 3rd party encryption on the client, but it gets > messy). Basically when I finish backing up the clients with Bacula, I > execute "RunAfter" script which uses GnuPG with public key to encrypt > the volume. After it is encrypted, I simply transfer it via FTP, or you > could write it to the tape. > I wrote a guide on how to do it on Gentoo Linux, however all configs & > explanations will work for any system. > http://gentoo-wiki.com/HOWTO_Encrypted_Backup_System_Using_Bacula_and_GnuPG > > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFAC6PNR4PQ6HVpW0RAnX3AJ9DG5PxOkecl4y0Hxkmvl/ZXLlfzQCg29yf Ntu0CbHaj7kJ2fA38P8tyhc= =0Ev9 -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
