Skip to content

aljungberg/Revetment

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits

test/backup

test/backup

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

backup.py

backup.py

 
 

backup.sh

backup.sh

 
 

install.sh

install.sh

 
 

my-backup-sample.sh

my-backup-sample.sh

 
 

run.sh

run.sh

 
 

Repository files navigation

Revetment

Extra secure, encrypted, deduplicated, compressed backups against any SFTP (SSH) host.

Revetment is a Dockerised version of the Attic backup tool.

  • Single dependency: Docker.
  • Flexible: compatible with any SFTP backup server (rsync.net, the server in your closet).
  • Secure: backup process has root-like read access to all files, yet no write access.
  • Sandboxed: an extra layer of protection to mitigate potential security flaws in sshfs or Attic.
  • Always on encryption: no unencrypted data ever leaves the machine.
  • Attic's regular benefits: variable block size deduplication, 256 bit AES encryption with keyfiles, compression, very fast and space efficient when little data has changed.

The main advantage of using Revetment is that it only depends on Docker (and Bash). When you need to back up old LTS servers, it might not be easy or advisable to install Python 3 and the other Attic dependencies. With Revetment, just add Docker.

The other benefit is security. Normally you must run your backup scripts as root so that any and all files may be backed up. Revetment also requires root but drops the write access and many other root privileges as soon as possible. This means that a compromise in the backup software itself is, although still bad, unlikely to damage the server being backed up.

Usage

Quick and Dirty Install

curl https://raw.githubusercontent.com/aljungberg/Revetment/master/install.sh | bash

The script will (without much finesse) install Revetment and configure crontab. It's meant for Ubuntu machines with Docker already installed. Pull requests welcome for other platforms.

Run at your own risk. It could wipe your system for all I know.

Manual Install

curl https://raw.githubusercontent.com/aljungberg/Revetment/master/backup.sh >backup.sh
curl https://raw.githubusercontent.com/aljungberg/Revetment/master/my-backup-sample.sh >my-backup.sh
pico my-backup.sh   # choose backup parameters
bash my-backup.sh init
# copy ~/.attic/keys/ somewhere safe.

Take a backup

bash my-backup.sh create [archive name]  # defaults to making an archive named by date in YYYY-MM-DD format.

Make it regular

echo '0 2 * * * root HOME=/root/ /bin/bash /root/my-backup.sh create >/var/log/backup.log 2>&1' >>/etc/crontab

Verify a backup

bash my-backup.sh check

Inspect backups

bash my-backup.sh list
bash my-backup.sh list 2015-10-13

Restore a backup

# restore files to the given destination folder
bash my-backup.sh extract <archive name> <destination> [file1 [file2 ...]]

Good habits

  • Remember to verify your backups regularly: use bash my-backup.sh check.
  • Extract some files from every new backup using a different machine than the one taking the backups to confirm that you have the ability to (because you copied the SSH keys and attic keys you need).

About

Extra secure, encrypted, deduplicated, compressed backups against any SFTP (SSH) host.

Topics

docker backup sftp attic

Resources

Readme
Activity

Stars

3 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Languages