Secure Dropbox by using Truecrypt volumes - developed.be

This tutorial explains how to secure your Dropbox files with Truecrypt in Ubuntu (or Linux Mint). It assumes you know Truecrypt already and have a basic understanding of the Unix folderstructure.

Why securing your files in Dropbox?

I use Truecrypt for keeping my personal files. Basically all my important files are in a 50GB volume. My Dropbox folder was located inside the Truecrypt volume.

Like this:

/media/truecrypt1/Dropbox/all_my_files/

I wasn’t satisfied with the system. Who knows what happens with your data when you submit it to Dropbox. A hacker could get access to my account, or a Dropbox-employee or the government (not all stories are conspiracies).

There wasn’t really a point of securing my data with Truecrypt, when everything inside the Truecrypt-volume was copied to “the cloud”.

What even bugged me more were the credentials on my filesystem. Some folders need different credentials (www-root, root-owned files, mysql-files). When Dropbox faces a file it can’t access, it keeps on indexing and consuming cpu.

How does it work?

I came up with the following script:

  • Each week a script creates a bzip-file of every folder I wish to backup.
  • Each bzipfile goes into a different truecrypt volume (with an optimized size)
  • The truecrypt volumes are saved in the Dropbox folder.

Basically my Dropbox folder includes about 100 Truecrypt volumes and that’s it. Each week the Truecrypt volumes are replaced with fresh zip-backups.

It’s clumsy to upload large files to the internet (certainly with Dropbox), so I added a couple of extra check for that.:

  • Incremental backups: Each backups has two additional files containing the last modified date from any file in the folder. When you run the script again, the old last-modified-date will be compared with the current last-modified-date. If there’s an edited file, the backup will be overridden, otherwise it remains the same.
  • Really big files can have their own Truecrypt volume. This is ideal for folder with video’s or old database-backups (they never change). So this way, your video-folder won’t be a 100GB volume, but 100 volumes of 1GB.

This makes sure I have:

  • fresh backups,
  • that are encrypted
  • which can be copied to an external harddisk.
  • and can be send to the cloud without any worries
  • I can backup every folder from my computer and am not limited to the one Dropbox folder. (I could backup /etc/apache2/, which is impossible with the current Dropbox).

This is the bash-script I came up with. I run it every week. You could set it up with cron.

Note that the script needs some configuration (eg: which folders to backup). I provided lot’s of comments for your own variations. Also note that the Truecrypt volumes will be opened and closed automatically and this will be visible on your desktop. I found no workaround to mount a volume “silent”. So, when running the script, you shouldn’t touch any automatically opened windows.

This screams for a GUI, but I haven’t any experience with creating GUI’s in Linux (apart from Mono GUI’s). So a script is all I can give you.

#!/bin/bash
 
#run with sudo!
 
#This script will make create truecrypt volumes of certain dirs or files on your harddisk.
#Afterwards it can copy those truecrypt volumes to your dropbox folder and/or to an external harddisk
 
#This script was created to "easily" encrypt your files on Dropbox
 
#Created by Robin Brackez (www.developed.be) in 2013
#Sponsor GetBasic.be (please leave this info in)
#V1.0
#License: GPL (v2)
 
#each folder you want to save must be in 3 arrays.
#please use no spaces anywhere
#in this example I take a backup of the files in my documents folder and save it in one truecrypt volume
dir_array[0]=/home/robin/documents #the directory you want to backup
name_array[0]=home_documents #the filename of the backup
type_array[0]=dir #wheter to backup the entire dir (dir), or to backup each file individually in the dir (file)
 
#in this example I take a backup of the video dir, but save each file in a separate truecrypt volume
#notice the number in the arrays is +1
dir_array[1]=/home/robin/video  #the directory you want to backup
name_array[1]=video  #the filename of the backup
type_array[1]=file #wheter to backup the entire dir (dir), or to backup each file individually in the dir (file)
#"file" is not recursive. Which means it will only backup the files inside the dir and not the files inside a subdir.
#"dir"  is recursive by default. Which means it will backup the files + the subdirs + the files in the subdirs.
 
#in this example I backup the apache2 configuration
#notice the number in the arrays is +1
dir_array[2]=/etc/apache2/
name_array[2]=apache
type_array[2]=dir
 
#some other dires:
dir_dropbox=/home/robin/Dropbox/backups/ #the directory where the files should come, perferably in your dropbox folder.
file_randomsource=/home/robin/Videos/zehlia.mov #to make the encryption stronger, a file can be used as "random source". This can really be any file on your harddrive.
truecrypt_dir=/media/truecrypt1/ #this is where the truecrypt volumes are mounted. Mostly on Ubuntu, this is /media/truecrypt1/ .If you're unsure, leave this value the way it is and see if it works
extra_backup_dir=/media/robin/external_harddrive/backups/ #if you want to make an extra backup to an external harddisk, set the path to the external harddisk.
large_file=100000000 #constant, leave this 100000000
 
#NOTE: alter line 148 to set up proper permissions!!!
 
echo -n "Enter password for all the truecrypt volumes that will be created (this password is not masked): "
read password
 
 
for index in ${!dir_array[*]}
do
 original_backupname=${name_array[$index]}
 sourcedir=${dir_array[$index]}
 whattobackup=${type_array[$index]}
 
 if [ $whattobackup == 'file' ]
 then
 sourcefile_array=$(ls $sourcedir -1) #select every file in the dir
 else
 sourcefile_array=($sourcedir) #select the entire dir
 fi
 
 for sourcefile in $sourcefile_array
 do
 if [ $whattobackup == 'file' ]
 then
 basedir=${dir_dropbox}${original_backupname}
 backupname=${sourcefile}
 sourcefile=${sourcedir}${sourcefile}
 
 if [[ -d $sourcefile ]]; 
 then #sourcefile is a directory
 #echo "> $sourcefile is a directory, will not continue"
 continue #go to next iteration
 fi
 else
 backupname=${original_backupname}
 basedir=${dir_dropbox}
 fi
 if [[ ! -d ${basedir} ]]; then 
 mkdir ${basedir}
 fi
 truecryptfile=${basedir}/${backupname}.tc
 modified_file=${basedir}/${backupname}.MODIFIED
 created_file=${basedir}/${backupname}.CREATED
 zipfile=/tmp/${backupname}.tar.bz
 
 modified_date=$(find $sourcefile -exec stat \{} --printf="%y\n" \; | sort -n -r | head -1)
 if [[ -f $modified_file ]];  #does the modifief file already exist?
 then
 old_modified_date=$(cat "${modified_file}")
 else
 old_modified_date=0
 fi
 if [[ ! -f ${truecryptfile} ]]; then
 old_modified_date=0 #write again if truecrypt file is missing
 fi
 if [ "${modified_date}" != "${old_modified_date}" ];  #if the filesize of the zip is still the same, no need to override
 then
 echo "> Start with ${backupname}"
 printf "${modified_date}" > $modified_file #write last modified date of any file in the folder to the modified file
 date > $created_file #write current date to created file
# echo "> Create bzip from $whattobackup $sourcefile"
# tar -zcf $zipfile $sourcefile #gzip variant, gzip is faster but results in bigger files
 tar -jcf $zipfile "${sourcefile}"  &> /dev/null
 thesize=$(ls -nl $zipfile | awk '{print $5}')
 if [[ $(($thesize/1)) -lt $(($large_file/1)) ]]; then #smaller than 100MB
# echo "$thesize is smaller than ${large_file}"
 thesize_extended=$(($thesize+1048576)) #an 1 extra MB or it might not fit in
 else #bigger than 100MB
# echo "$thesize is bigger than ${large_file}"
 thesize_extended=$(($thesize+10485760)) #an 10 extra MB or it might not fit in
 fi
 thesize_mb=$(($thesize_extended/1024/1024)) #size in MB
 if [[ -f $truecryptfile ]]; then 
# echo "> remove old truecrypt"
 rm $truecryptfile
 fi
# echo "> create new truecrypt with size $thesize_mb MB"
 truecrypt -t -c -v --hash=SHA-512 --encryption=AES --filesystem=FAT -k "" -p=$password --random-source=$file_randomsource --size=$thesize_extended --volume-type=normal $truecryptfile &
 wait
# echo "> mount new truecrypt volume"
 truecrypt --mount --hash=SHA-512 --encryption=AES -p=$password $truecryptfile &
 wait
# echo "> coping files"
 rsync $modified_file $truecrypt_dir &
 wait #copy modified in truecrypt volume as well
 rsync $created_file $truecrypt_dir &
 wait
 rsync $zipfile $truecrypt_dir & 
 wait
 echo "> dismount new volume..."
 sleep 2
 truecrypt --dismount $truecryptfile &
 wait
 mountp=$(mountpoint ${truecrypt_dir})
 echo ""
 while [[ "${mountp}" == "${truecrypt_dir} is a mountpoint" ]]; do
 echo "> not yet dismouted, wait"
 sleep 2
 mountp=$(mountpoint ${truecrypt_dir})
 done
 if [[ -d $trucrypt_dir ]]; then
 echo "Truecrypt volume was not correctly dismounted. Check if dir $truecrypt_dir exists without being mounted and delete its content and start again."
 rm $truecryptfile
 rm $modified_file
 rm $created_file
 #rm $truecrypt_dir
 exit
 fi
# echo "> cleanup"
# rm $zipfile
 fi
 done
done
#EDIT THE NEXT LINE: every truecrypt file is created by ROOT (hence "sudo). To set it back to your useraccount, edit this command and change "groupname" and "username"
chown -R groupname:username $dir_dropbox #EDIT THIS LINE!
if [[ -d $extra_backup_dir ]]; then
 echo "> Take extra backup to an (external) harddisk or USB-stick"
 cp -R -u -v $dir_dropbox $extra_backup_dir &
 wait
fi
echo "Start Dropbox"
dropbox


Rss Comments

Comments

No comments yet.

Leave a comment