My bareOS is 17.2 does it encrypt my default? On Monday, December 21, 2020 at 4:34:02 PM UTC [email protected] wrote:
> Personally I would not use data encryption at the client if not required. > Use the newer versions of Bareos where it uses PSK (pre shared keys) using > the password to set up an encrypted tunnel over which the data rides. Thus > it lands on your SD unencrypted but the data is encrypted over the wire. > > If you need encrypt the data at rest use LVM or Fuse encryption for disk > volumes, and LTO encryption for tape. This will encrypt the data at rest, > but avoid managing keys for clients. Also makes restores not dependent on > those SSL certs only for the disk volume and tape which is all managed on > the server and can be easily replicated by the admin team. (I keep all my > tape secret in 1password encrypted note and GPG encrypted file, and only > needed if I lose my catalog dump/backup, which is treated differently than > my client backups). > > > The only reason I see today to use File Damon Encryption as documented in > that page is if you need to promise the client you cannot access their > data. That is _only_ true if only the client has the private key, AND to > double what MK said there is huge risk that the client will lose that key > and not have it recoverable when you need to do a restore. > > > If you rely on encryption using PSK which should be automatic if any > recent bareos version it’s much less error prone. > Eg Look for: Connected Client: mlds at mlds:9102, encryption: > PSK-AES256-CBC-SHA > > In your job logs. I do this all without managing certificates on the FD. > > > Brock Palen > [email protected] > www.mlds-networks.com > Websites, Linux, Hosting, Joomla, Consulting > > > > > On Dec 21, 2020, at 8:21 AM, Spadajspadaj <[email protected]> wrote: > > > > bareos-fd.conf is a configuration file for bareos-filedaemon. Bareos > filedaemon is the program running on the client which you are backing up. > > > > As per the documentation (which you already found), all data is > encrypted on client prior to being sent to server (or to Storage Daemon, to > be precise). > > > > But please, read the documentation again (and again if need be) so you > understand how it's working so you don't accidentaly lose your keys (and > hence any possibility of decrypting the backed up data!). > > > > > > > > Best regards, > > > > MK > > > > On 21/12/2020 14:14, Gonçalo Sousa wrote: > >> Can someone help me please > >> > >> On Monday, December 7, 2020 at 4:04:51 PM UTC Gonçalo Sousa wrote: > >> > >> I am trying to implement data encryption on bareOS following this > documentation: > https://docs.bareos.org/TasksAndConcepts/DataEncryption.html > >> > >> I have already created/generated the .cert, .pem and .key files on the > BareOS server. > >> > >> My question is where do I configure them, on the example only mentions > bareos-fd.conf > >> Is this file located on /etc/bareos/bareos-dir.d/client/ ? > >> > >> All the keys, pem and cert files must be located on the BareOS server > right? > >> All the configuration is only made on the BareOS right? > >> -- > >> You received this message because you are subscribed to the Google > Groups "bareos-users" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > >> To view this discussion on the web visit > https://groups.google.com/d/msgid/bareos-users/955a1789-27f7-4f96-84a5-808aac6a2698n%40googlegroups.com > . > > > > -- > > You received this message because you are subscribed to the Google > Groups "bareos-users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/bareos-users/f370d739-65fb-5ed9-25da-30e78304258c%40gmail.com > . > > -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/d352fd1d-b75e-4089-acda-c9a8bc411effn%40googlegroups.com.
