Servicios

Web hosting
Ver »
Páginas Web
Ver »
Soporte UNIX
Ver »
UNIX TIPS
Ver »

Secure Encrypted Tape Backups with Solaris 10

Mostrar los algoritmos disponibles para encryptar.
# encrypt -l
Algorithm Keysize: Min Max (bits)
------------------------------------------
aes 128 128
arcfour 8 128
des 64 64
3des 192 192


# mac -l
Algorithm Keysize: Min Max (bits)
------------------------------------------
des_mac 64 64
sha1_hmac 8 512
md5_hmac 8 512

1. Crear una llave de 128 byte para mayor seguridad y utilizarla en el encriptado y desencriptado, como regla dividir Max (bits) / 8 . Apoyarse de urandom para la generacion de la key sea rapida y eficiente. Resguardar en un lugar seguro, permisos de lectura solo del propietario.

# bc
128/8
16

# dd if=/dev/urandom of=$HOME/arcfour16.key bs=16 count=1
1+0 records in
1+0 records out
#

# ls -l arcfour16
-rw-r--r-- 1 root root 16 Mar 13 12:50 arcfour16.key
# chmod 400 arcfour16

# digest -v -a md5 arcfour16.key
md5 (arcfour16) = 90c47c5b0d4d23458c06cecaa97de922
#

Encriptar file usando arcfour.

# encrypt -a arcfour -i tng.tar -k arcfour16.key -o tng.tar.cry

# decrypt -a arcfour -i tng.tar.crypted.arcfour -k arcfour16.key -o tng.tar
# ls -lrt | grep .tar
-rw-r--r-- 1 root root 7192 Mar 13 13:10 tng.tar.crypted.arcfour
-rw-r--r-- 1 root root 7168 Mar 13 13:19 tng.tar

# file tng.tar
tng.tar: USTAR tar archive

# tar tvf tng.tar
tar: blocksize = 14
drwxr-xr-x 207/206 0 Mar 13 12:01 2008 tng/
-r-xr-xr-x 207/206 2253 Mar 13 11:56 2008 tng/dictamen_tng.ksh
-rw-r--r-- 0/0 865 Mar 13 12:01 2008 tng/monitor_tng.ksh
-r-x------ 0/0 90 Mar 13 11:55 2008 tng/tng_log.ksh
#

2. Con la key generada se puede inmediatamente usar para el encryptado de los backups a cinta:

# ufsdump 0f - /var | encrypt -a arcfour \
-k /etc/mykeys/backup.k | dd of=/dev/rmt/0

3. El orde para desencryptar y restaurar la información de la cinta debemos usar la misma key:

# decrypt -a arcfour -k /etc/mykeys/backup.k \
-i /dev/rmt/0 | ufsrestore xvf -

Regresar


Random TIPS

Removing "Drive Not Available" from Solaris

These are steps I followed to remove the LUNS which were unmasked from the system.
Removing the Unused/Unmasked LUNS from Solaris.

1. First Step is identifying the from Format o/p.
2. Remove them from Volume Manager. In my case, they are veritas. so I used vxdisk rm
3. look at the cfgadm -al o/p to find the disks which are failing. they are failing because they are unmasked from this system and still OS sees them.
c3::50060482d53135b8,84 disk connected configured failing
c3::50060482d53135b8,86 disk connected configured failing
c3::50060482d53135b8,87 disk connected configured failing
3. luxadm -e offline /dev/rdsk/ # This will kick the device from failing to unusable. and also removes them from format o/p.
4. cfgadm -o unusable_FCP_dev -c unconfigure c3::50060482d53135b8
# This will remove all unusable LUNS from system for particular controller and target id. don't worry there might be some working devices on that target. This command won't affect them. they'll be in working state only.
5. clean the device files using devfsadm -Cv
6. You should be clear now in both format and cfgadm -al.

free counters