Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: sugarcube on January 16, 2010, 09:42:06 PM
-
Hi
not sure if I am posting in the correct forum. Please move post if nessesary.
I'm using SME-Server 7.4 and backuppc as the backup tool. The backups go to a dedicated hard disk, mounted at /opt on the server file system. Every month I copy the entire disk to another external disk. Here comes the problem: the external disk must be encrypted as I plan to store it out of office. I have used truecrypt in these cases, but cannot use it on my SME server, because I get the following message, if I try to mount the external disk.
[root@sme-server ~]# truecrypt --filesystem=none /dev/sdc1
Warning: Your system uses an old version of the Linux kernel.
Due to a bug in the Linux kernel, your system may stop responding when writing data to a TrueCrypt volume. This problem can be solved by upgrading the kernel to version 2.6.24 or later.
Enter password for /dev/sdc1:
Enter keyfile [none]:
Protect hidden volume (if any)? (y=Yes/n=No) [No]:
Error: fuse: device not found, try 'modprobe fuse' first
[root@sme-server ~]#
I believe, that this message points to two problems:
1. It seems that I need to do a kernel upgrade. I am running kernel 2.6.9-78.0.22.EL. Do I need to upgrade to 2.6.24 and does anyone know how to do it.
2. I need to install fuse. I followed the instructions in http://wiki.contribs.org/FUSE_-_Filesystem_in_Userspace (http://wiki.contribs.org/FUSE_-_Filesystem_in_Userspace) and all went well, but "modprobe fuse" always results in a "FATAL: Module fuse not found." message. I must be missing sth.
Can anyone point me in the right direction, especially upgrading the kernel is something I have not done before manually.
-
Hi, welcome here
unfortunately you can't upgrade kernel or, better, the only way to upgrade kernel is to find one for centos 4.x or to compile it yourself. in both cases you'll be with an unsupported kernel.
After a little googling, i've found some src.rpm.. can't be compiled on SME/Centos because of many dependencies
trying with original Truecypt sources, no luck
from Truecrypt's readme:
II. Linux and Mac OS X
======================
Requirements for Building TrueCrypt for Linux and Mac OS X:
-----------------------------------------------------------
- GNU Make
- GNU C++ Compiler 4.0 or compatible
- Apple Xcode (Mac OS X only)
- pkg-config
- wxWidgets 2.8 shared library and header files installed or
wxWidgets 2.8 library source code (available at http://www.wxwidgets.org)
- FUSE library and header files (available at http://fuse.sourceforge.net
and http://code.google.com/p/macfuse)
- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20
header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20)
located in a standard include path or in a directory defined by the
environment variable 'PKCS11_INC'.
Instructions for Building TrueCrypt for Linux and Mac OS X:
-----------------------------------------------------------
1) Change the current directory to the root of the TrueCrypt source code.
2) If you have no wxWidgets shared library installed, run the following
command to configure the wxWidgets static library for TrueCrypt and to
build it:
$ make WX_ROOT=/usr/src/wxWidgets wxbuild
The variable WX_ROOT must point to the location of the source code of the
wxWidgets library. Output files will be placed in the './wxrelease/'
directory.
3) To build TrueCrypt, run the following command:
$ make
or if you have no wxWidgets shared library installed:
$ make WXSTATIC=1
4) If successful, the TrueCrypt executable should be located in the directory
'Main'.
By default, a universal executable supporting both graphical and text user
interface is built. To build a console-only executable, which requires no GUI
library, use the 'NOGUI' parameter:
$ make NOGUI=1 WX_ROOT=/usr/src/wxWidgets wxbuild
$ make NOGUI=1 WXSTATIC=1
I think it's not possible :-)
-
not sure if I am posting in the correct forum. Please move post if nessesary.
Moving to Contribs section. Thanks.
-
I think it's not possible
Well, not quite what I hoped for, but I'll wait for SME 8 now.
Thanks anyway Stefano
-
Well, not quite what I hoped for, but I'll wait for SME 8 now.
Thanks anyway Stefano
unfortunately I think that it will be hard too.. truecrypt needs wxwidgets also for NOGUI compilation.. and wxwidgets have many dependencies, so you'd have to install many (useless) packages..
-
Hi,
Maybe you can user another solution ?
http://www.crypt.gen.nz/papers/backup_encryption.html
Best
-
I have found a nice solution to the problem now.
I installed VirtualBox on the server and now use a VM (Ubuntu) with direct disk access to encrypt my backup disk.
In Headless mode I do not even have to stand up from my desk to backup the drive.
Thanks again for supporting.
-
another option I've used is EncFS
I believe it only requires fuse
-
I tested direct disk access with truecrypt and VirtualBox now and it is terribly slow - much slower as expected. So that is a no go!
@christian: AFAIK EncFS is encrypting files. I do need encryption of whole drives, as my backups sum up to 1,800,000 files / 380GB and huge amounts of hard links. And more, my intention is to dd/gzip the whole backupdisk as i need a monthly image of it.
I will now try to encrypt the drive with dm-crypt-luks and report back with results
-
AFAIK EncFS is encrypting files. I do need encryption of whole drives, as my backups sum up to 1,800,000 files / 380GB and huge amounts of hard links. And more, my intention is to dd/gzip the whole backupdisk as i need a monthly image of it.
and also directories. Basically you end up with two directories: one that has everything encrypted and the other with everything in plain view. When EncFS is mounted to the plain view directory you see your data otherwise it is empty.
e.g.
encfs encryptedDir plainviewDir #mount directory
fusermount -u plainviewDir #unmount
If you really would prefer truecrypt it may still be possible by exporting the screen to an X based machine. I've done this for mythtv to access mythtvsetup. check the mythtv how-to for an example. You will still need a load of dependencies on the sme server but not X.