From ece41c2ed7e512d422dba64f20a1698f7a3b9eaa Mon Sep 17 00:00:00 2001 From: Allon Hadaya Date: Thu, 25 Aug 2016 13:20:04 -0400 Subject: [PATCH 1/3] Fix the "delete oldest files" patterns to match with BACKUP_FILE_ENCRYPTED and BACKUP_PASSPHRASE_FILE_ENCRYPTED. --- template/ubuntu-16.04/backup.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template/ubuntu-16.04/backup.sh b/template/ubuntu-16.04/backup.sh index 4c9ed17..43471ed 100644 --- a/template/ubuntu-16.04/backup.sh +++ b/template/ubuntu-16.04/backup.sh @@ -12,8 +12,8 @@ mkdir ${BACKUP_DIR} cd ${BACKUP_DIR} # Delete the oldest files by only listing out everything older than the newest 7 files -ls *.gz.enc | sort | tail -n +7 | xargs rm -ls *.gz.passphrase.enc | sort | tail -n +7 | xargs rm +ls *.tar.gz.enc | sort | tail -n +7 | xargs rm +ls *.passphrase.enc | sort | tail -n +7 | xargs rm # Backup the MySQL databases mysqldump -u -p production > production.sql From c56ee7081c6b8d879215db8cca0f9e2cdda773dd Mon Sep 17 00:00:00 2001 From: Allon Hadaya Date: Thu, 25 Aug 2016 13:37:57 -0400 Subject: [PATCH 2/3] Make it possible to run the backup script manually using sudo. Note that `sudo realpath ~` is not /root. --- template/ubuntu-16.04/backup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/ubuntu-16.04/backup.sh b/template/ubuntu-16.04/backup.sh index 43471ed..70ef6e8 100644 --- a/template/ubuntu-16.04/backup.sh +++ b/template/ubuntu-16.04/backup.sh @@ -28,7 +28,7 @@ openssl rand 32 -out ${BACKUP_PASSPHRASE_FILE} openssl enc -aes-256-cbc -pass file:${BACKUP_PASSPHRASE_FILE} < ${BACKUP_FILE} > ${BACKUP_FILE_ENCRYPTED} # Encrypt the passphrase -openssl rsautl -encrypt -pubin -inkey ~/public-key.pem < ${BACKUP_PASSPHRASE_FILE} > ${BACKUP_PASSPHRASE_FILE_ENCRYPTED} +openssl rsautl -encrypt -pubin -inkey /root/public-key.pem < ${BACKUP_PASSPHRASE_FILE} > ${BACKUP_PASSPHRASE_FILE_ENCRYPTED} # Clean up rm ${BACKUP_FILE} ${BACKUP_PASSPHRASE_FILE} From 5f27d1bb241fcd6eefdcefa4cc87e4823a778430 Mon Sep 17 00:00:00 2001 From: Allon Hadaya Date: Thu, 25 Aug 2016 13:41:20 -0400 Subject: [PATCH 3/3] Do not leave cleartext mysql dump files behind in the backups directory. --- template/ubuntu-16.04/backup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/ubuntu-16.04/backup.sh b/template/ubuntu-16.04/backup.sh index 70ef6e8..cd83273 100644 --- a/template/ubuntu-16.04/backup.sh +++ b/template/ubuntu-16.04/backup.sh @@ -31,7 +31,7 @@ openssl enc -aes-256-cbc -pass file:${BACKUP_PASSPHRASE_FILE} < ${BACKUP_FILE} > openssl rsautl -encrypt -pubin -inkey /root/public-key.pem < ${BACKUP_PASSPHRASE_FILE} > ${BACKUP_PASSPHRASE_FILE_ENCRYPTED} # Clean up -rm ${BACKUP_FILE} ${BACKUP_PASSPHRASE_FILE} +rm ${BACKUP_FILE} ${BACKUP_PASSPHRASE_FILE} *.sql # Copy offsite #scp ${BACKUP_FILE_ENCRYPTED} ${BACKUP_PASSPHRASE_FILE_ENCRYPTED} @:backups/.