Encrypted ufsdump backup script

Solaris 10 comes with four encryption algorithms built in: AES, arcfour, DES and 3DES. To create a basic AES encryption key for use with this script (and the related restore.enc script) use:

# mkdir /etc/keys 
# dd if=/dev/random of=/etc/keys/backup_aes.key bs=16 count=1 

See the Solaris man pages for cryptoadm, encrypt, decrypt, dd and random and the Solaris 10 System Administration Guide: Security Services for much more detailed information.

#!/usr/bin/ksh
#
# Encrypted Backups with ufsdump
# Tested on a single Solaris 10 server
# This script has not been used for ufsdumps of remote systems
#
# Global variables
#
HOST_LIST="jupiter"
DIR_LIST="/ /var /export/home /data1"
MAILLIST=admins@example.co.uk
LOGDIR=/var/tmp/enc/backup_logs
LOGFILE=enc_backup.log
KEY=/etc/keys/backup_aes.key
totsize=0
archive=0
TAPE_DRV=/dev/rmt/0n
TAPE_SRV=jupiter

echo "Encrypted Solaris Backup"
echo ""
echo "Backup on"
date
echo ""
for host in $HOST_LIST
do
echo Backing up $host
for dir in $DIR_LIST
do
    if [ -d "$dir" ] 
    then
         dirsize=`df -k $dir | tail +2 | awk '{print $3}'`
         totsize=`expr $totsize + $dirsize`
         echo "     Archive $archive ${host}:${dir} = $dirsize Kb ... running total = $totsize Kb"
         ufsdump 0f - $dir | encrypt -a aes -k ${KEY} -o ${TAPE_DRV}
         archive=`expr $archive + 1`
    else
         echo "     no $dir on $host . Moving on ..."
    fi
done
done

echo "Total Backup Size = $totsize Kb approx `expr $totsize / 1024 / 1024` Gb"
echo ""
echo "End of backup at"
date
echo ""
echo "Rewind and offline the tape"

mt -f ${TAPE_DRV} rewoffl

mailx -s "Encrypted Solaris Backup Log" $MAILLIST < ${LOGDIR}/${LOGFILE}