You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

111 lines
6.2 KiB

7 years ago
#+TITLE:
#+AUTHOR: Bob Mottram
#+EMAIL: bob@freedombone.net
7 years ago
#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber
#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server
#+OPTIONS: ^:nil toc:nil
#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
#+BEGIN_CENTER
[[file:images/logo.png]]
#+END_CENTER
6 years ago
#+BEGIN_EXPORT html
6 years ago
<center>
6 years ago
<h1>Backups</h1>
6 years ago
</center>
#+END_EXPORT
7 years ago
#+BEGIN_CENTER
#+ATTR_HTML: :border -1
| [[Backup keys]] |
| [[Backup to USB]] |
| [[Restore from USB]] |
| [[Distributed/remote backups]] |
| [[Restore from a friend]] |
7 years ago
#+END_CENTER
* Backup keys
6 years ago
As part of the Freedombone installation the GPG key used to encrypt backups will have been added to the /.gnupg/ keyring in your home directory. Ensure that you have a copy of all your keys by plugging in a LUKS encrypted USB drive and then running the commands:
#+BEGIN_SRC bash
ssh username@domainname -p 2222
#+END_SRC
Select /Administrator controls/ then /Backup and Restore/ then /Backup GPG key to USB drive (master keydrive)/.
Keep this USB drive in some safe place, since it will enable you to restore from previous backups.
A pro-tip for the best possible security is to create multiple USB drives containing key fragments (fragment keydrive), and then to distribute them amongst your friends. In the worst case just ask for the drives back and you'll be able to reconstruct the backup key. You can do this by selecting /fragment keydrive/ and then repeating the process with a number of different USB drives (typically 4 or more).
7 years ago
* Backup to USB
First and foremost - *encrypt your USB drives*! Even if you think you have "/nothing to hide/" if you accidentally lose a USB thumb drive (it's easy to lose small objects) and it's not encrypted then potentially someone might be able to obtain enough information about you to commit identity fraud, take out loans, open bank accounts, etc. Use LUKS encryption. In Ubuntu you can do this using the /Disk Utility/ application. Some instructions [[https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage][can be found here]].
7 years ago
Insert a USB thumb drive into the front socket of the Beaglebone Black.
Log into the system and become the root user, then run the /backup/ command.
#+BEGIN_SRC bash
7 years ago
ssh username@domainname -p 2222
7 years ago
#+END_SRC
Select /Administrator controls/ then /Backup and Restore/ and then /Backup data to USB drive/.
Type in the LUKS password for the USB drive, then the backup will begin.
7 years ago
When the backup ends remove the USB drive and keep it somewhere safe. Even if it gets lost or falls into the wrong hands the content is encrypted and so is unlikely to become a source of leaks.
* Restore from USB
Log into the system and become the root user:
7 years ago
#+BEGIN_SRC bash
7 years ago
ssh username@domainname -p 2222
7 years ago
#+END_SRC
Select /Administrator controls/ then if this is a new Freedombone installation then you will first need to restore your backup keys. That can be done by selecting /Backup and Restore/ then /Restore GPG key from USB keydrive/. When that's done remove the keydrive and plug in the backup drive.
7 years ago
Select /Backup and Restore/ then /Restore data from USB drive/.
7 years ago
Enter the LUKS password for the USB drive. When the restore is complete you can remove the USB drive.
* Distributed/remote backups
Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.
Firstly you will need to have a user account on one or more of your friends servers. They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access. They can create a user account for you with the control panel on a Freedombone system or with the *adduser <username>* command on any other system when logged in as root and then give you the username and password via a secure method, such as on paper, via an encrypted email, Tox or via an XMPP chat using OTR. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
#+BEGIN_SRC bash
ssh username@domainname -p 2222
#+END_SRC
Select /Administrator controls/ then /Backup and Restore/ then /Configure remote backups/.
You can then enter the usernames, domains and ssh logins for one or more remote servers. The system will try to backup to these remote locations once per day.
* Restore from a friend
** With a completely new Freedombone installation
6 years ago
This is the ultimate disaster recovery scenario in which you are beginning completely from scratch with new hardware and a new Freedombone installation (configured with the same username and domain names). It is assumed that the old hardware was destroyed, but that you have the backup key stored on a USB thumb drive.
First log in and if you don't already have one then create a new friends list:
7 years ago
#+BEGIN_SRC bash
ssh username@domainname -p 2222
7 years ago
#+END_SRC
Select /Administrator controls/ then /Backup and Restore/ then /Restore GPG key from USB (master keydrive)/. Select the username then plug in your keydrive and restore the key.
7 years ago
Now select /Configure remote backups/ and configure the locations and logins for the remote server.
7 years ago
Finally select /Restore from remote backup/ and enter the domain name of the remote server that you wish to restore from.
7 years ago
** On an existing Freedombone installation
This is for more common situations in which maybe some data became corrupted and you want to restore it.
Log in as root:
#+BEGIN_SRC bash
ssh username@domainname -p 2222
#+END_SRC
Select /Administrator controls/ then /Backup and Restore/ then /Restore from remote backup/ and enter the domain name of the remote server that you wish to restore from.
6 years ago
#+BEGIN_EXPORT html
6 years ago
<center>
Return to the <a href="index.html">home page</a>
</center>
#+END_EXPORT