Secure Rsync can be downloaded below. To install the tool, extract the makefiles to any path
with readand write permissions. Instructions on using the makefiles can be found in the manual,
here. There is no seperate download for the source code,
since, by their nature, makefiles are already open.
In addition to the makefiles, it may be necessary to download and install external dependencies.
|Secure Rsync||v1.1||June 24, 2012||Tarball / Zip / GitHub|
The set of dependencies are the same between Linux, FreeBSD, and Windows. On Linux or FreeBSD, only the ports or packages 'rsync' and 'p7zip' are likely needed. On Windows, the following set of dependencies will likely need to be installed.
|GNU Make||Executes the makefiles||http://gnuwin32.sourceforge.net/packages/make.htm|
|cwRsync & SSH||Provides rsync and SSH functionality to Windows||http://www.itefix.no/i2/cwrsync|
|MD5||Generates MD5 hashes used to verify integrity of the repository||http://www.fourmilab.ch/md5|
|7-Zip||Encrypts and archives files to the repository||http://www.7-zip.org|
- 1. Overview
- 2. External Dependencies
- 3. Running
- 4. Caveats
- 5. Backup Servers
- 6. Licensing
- 7. Alternative Licensing
Secure Rsync allows users to securely backup data using rsync with any 'Unixy' OS, such as
FreeBSD or Linux, as well as Windows.
The tool is configured to point at a directory containing data to be backed up. Initially, the data directory is encrypted to a repository. After the encrypted repository is created, rsync connects to a remote server using SSH and an incremental backup of the repository is performed. Because rsync is working with the encrypted repository, all data eventually stored on the server is also encrypted. When Secure Rsync is run again, the data directory is examined for any changes. Any files which were created, deleted, or modified are considered changed. Changed files are then encrypted or deleted from the repository. When rsync runs, only changes will be transferred to the server.
2. External Dependencies
The following tools are required by Secure Rsync:
|GNU Make||Secure Rsync is composed entirely of makefiles. To execute those makefiles, GNU Make is used.|
|Rsync||Used to synchronize the remote and local repository directories.|
|SSH||Used by rsync to connect to the remote server.|
|7-Zip||Secure encryption and archiving functionality is provided by 7-Zip. This tool is responsible for securely storing data in the repository.|
After a backup is performed, it may be necessary to verify the integrity of the
repositories on both the server and local computer. MD5 is used to verify the
NOTE: it is assumed the remote server provides md5 functionality.
3.1 Configuring the Backup
Many parameters of Secure Rsync are configurable. These parameters can be modified by editting the file 'secure_rsync/defaults.inc'. The table below documents modifiable parameters.
|data_path||Specifies a path containing the data to backup. All files and directories in this location will be encrypted to the repository which is then synced with a server using rsync.||
A location to be populated with the encrypted files derived from the data path. Rsync
works only with the repository path.
NOTE: The repository path must not be a subdirectory of the data path.
|remote_repository_path||The location on the remote server to rsync with the local repository path.||
|server_name||The name of the server to connect to using SSH. This server must support the rsync protocol. The contents of the repository are then synced with the server.||
3.2 Preparing a Command Prompt or Terminal
The makefiles expect the
external dependencies to be available in the
binary search path. Prior to running Secure Rsync, make sure the following executables are
3.3 Setting Up the Backup
Before any backups can be performed, the tool must be setup properly. Once a command prompt or terminal is running, from the Secure Rsync installation directory, the following command should be run:
# For windows: Prompt> setup.bat # For unixy OSs: Prompt> ./setup.sh
Setup will first request a password to be used for encryption be specified. The password set
here is required before any subsequent backups can take place.
After the encryption password has been set, the tool will generate SSH authentication keys. The credentials to login to the server will need to be entered at this point.
Once the encryption password and SSH authentication keys are generated, setup is complete. All setup information is by default stored in 'secure_rsync/conf'. This path may be changed in 'secure_rsync/defaults.inc'.
3.4 Performing the Backup
A backup can be performed only after setup has been run. Using a command prompt or terminal, from the Secure Rsync installation directory, the following command can be run to start the backup process:
# For windows: Prompt> backup.bat # For unixy OSs: Prompt> ./backup.sh
Before the actual backup is performed, the encryption password specified during setup will need to be entered. Once entered, a list of files in the data and repository paths will be collected. The lists will then be compared to decide if files need to be deleted, added, or updated in the repository. Once the data path and repository path are in sync, a connection to the server will be established and rsync executed. Once rsync completes all files in the path will have been synchronized with the server.
3.5 Restoring Data
Data which has been backed up can also be restored. From a command prompt or terminal, in the Secure Rsync installation directory, run the following command to begin the restore process:
# For windows: Prompt> restore.bat # For unixy OSs: Prompt> ./restore.sh
Before data is restored, the encryption password specified during setup will need to be entered. Once entered, the repository on the server will be synchronized to the repository on the local system. After the local repository is in sync with the server, the files in the local repository will be decrypted and synchronized with the data path. Once the restore command completes, the data path on the local system will contain all the data from the server repository.
3.6 Verifying Repositories
It is sometimes necessary to verify the files in the data path match the files stored on the server. From a command prompt or terminal, in the Secure Rsync installation directory, run the following command to begin the verification process:
# For windows: Prompt> verify.bat # For unixy OSs: Prompt> ./verify.sh
Before any verification begins, the encryption password specified during setup will need to be entered. Once entered, the verification process will begin. First, the set of files in the data path and the repository will be compared to verify the set is the same. Next, files in the repository will be decrypted and compared with the unencrypted content found in the data path. Finally, MD5 hashes will be generated on both the local system and on the server and compared. If any of these checks fail, the offending file names will be printed to the console.
3.7 Environment Variables
There are a couple of environment variables which can be used to slightly change the behavior of Secure Rsync. These variables are listed below:
|encryption_password||To avoid password prompts, this variable can be set to the encryption password. There may be security risks involved, however, as the password will be stored as plain text and visible to any process which inherits the environment variable.|
|summary_only||If set to 1, performing a backup or a restore won't actually change any files. Instead, only a summary of the actions which need to be taken will be printed.|
There are a couple of shortcomings to be aware of before using Secure Rsync.
- File names in the data path must not contain any whitespaces or special characters (such as parenthesis, brackets, ampersands, etc.).
- While only new or modified files are actually sent to the server, the entire file must still be transferred, even if the change was small. As such, Secure Rsync may not be efficient when backing up large files with frequent small changes.
- Only SSH connections are supported to the remote server.
5. Backup Servers
Secure Rsync was designed to work with (though is not officially supported by) backup servers hosted by rsync.net. However, any servers which support SSH and the rsync protocol should be compatible with Secure Rsync.
Secure Rsync is free software. Andrew Gottemoller licenses the software on this page to you
under the terms of the GNU General Public License as published by the Free Software Foundation;
you can redistribute it and/or modify it under the terms of the GNU General Public License
either version 3 of the license, or (at your option) any later version.
There is NO WARRANTY for Secure Rsync, express or implied, including the implied warranties of MERCHANTIABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU Public License along with Secure Rsync. If not, see <http://gnu.org/licenses/>.
7. Alternative Licensing
A special license for Secure Rsync is available if you are unable to meet the conditions of the license described above. For more information, please contact me.