Backup Windows Server with TrueCrypt / VeraCrypt
TrueCrypt is considered dead these days, but back when it was trusted this is a script I wrote to backup Windows Server (2008 and above) with TrueCrypt. It uses a loopback VHD (loopback file/drive) on a removable USB harddrive that it RAW formatted with TrueCrypt. That TrueCrypt volume then contains a large VHD file to the size of your backup volume.
How to configure it:
- Save the bat file on your server
- Format a (USB?) drive as a RAW TrueCrypt volume
- Mount the TrueCrypt partition
- Create a VHD volume with the filename: z:Backups.vhd within the TrueCrypt volume
- Mount the VHD volume as Z Drive
- Configure Windows Server Backup to use the Z Drive as a backup destination
- Unmount the VHD Volume
- Unmount the TrueCrypt volume
- Create the directories: C:backupscripts
How to use it:
With the above completed:
- Configure a scheduled task to run 10 minutes before your nightly backup job to run the backup script (Mount-truecrypt.bat)
- Eg. If your backup is to run at 11pm, configure the script to run at 10:50pm.
- Then after your backup finishes execute another scheduled task to UNmount the VHD and TrueCrypt volume (UNmount-truecrypt.bat)
Your done!
P.S. I’m not actually sure if this works with VeraCrypt but I think they have the same command line flags…. :-P
:: Truecrypt backup script written by Campbell McKenzie - www.cammckenzie.com :: ================================= :: == START Mount-truecrypt.bat == :: ================================= :: "Auto" mount the RAW TrueCrypt disk as drive Z: password 1234 eventcreate /L Application /T INFORMATION /SO Backup /ID 666 /D "Attempting to mount backup disks..." CD C:\Program Files\TrueCrypt TrueCrypt.exe /auto devices /q /lZ /p 1234 if '%errorlevel%' EQU '0' ( eventcreate /L Application /T SUCCESS /SO Backup /ID 666 /D "RAW Disk mounted on Z:\ " goto MountVHD ) else ( goto ERROR-TC ) :MountVHD :: Perform directory listing for Truecrypt Bugs dir z:\ > nul :: Create the scriptlet cd C:\backup\scripts echo sel vdisk file="Z:\Backups.vhd" >mount.diskpart echo attach vdisk >> mount.diskpart echo select partition 1 >> mount.diskpart echo assign letter=X >> mount.diskpart :: Run the cmdlet diskpart /s mount.diskpart if '%errorlevel%' EQU '0' ( eventcreate /L Application /T SUCCESS /SO Backup /ID 666 /D "Loopback VHD Disk mounted on X:\ - Mount Completed" goto TidyUp ) else ( goto ERROR-DP ) :TidyUp del /q mount.diskpart EXIT 0 :ERROR-TC eventcreate /L Application /T ERROR /SO Backup /ID 666 /D "TrueCrypt Mount Failed..." EXIT 1 :ERROR-DP eventcreate /L Application /T ERROR /SO Backup /ID 666 /D "Loopback VHD Disk mount Failed..." EXIT 1 :: REF: http://nicj.net/mounting-vhds-in-windows-7-from-a-command-line-script/ :: =============================== :: == END Mount-truecrypt.bat == :: ===============================
:: ================================== :: == START UNmount-truecrypt.bat == :: ================================== :: UnmountVHD.cmd eventcreate /L Application /T INFORMATION /SO Backup /ID 667 /D "Attempting to unmount backup disks..." cd C:\backup\scripts echo sel vdisk file="z:\Backups.vhd" >unmount.diskpart echo detach vdisk >>unmount.diskpart :: Run the cmdlet diskpart /s unmount.diskpart if '%errorlevel%' EQU '0' ( eventcreate /L Application /T SUCCESS /SO Backup /ID 667 /D "Loopback VHD Disk unmounted successfully..." goto UnmountTrueCrypt ) else ( goto ERROR-DP ) :: Unmount the RAW disk :UnmountTrueCrypt "C:\Program Files\TrueCrypt\TrueCrypt.exe" /d /q /s if '%errorlevel%' EQU '0' ( eventcreate /L Application /T SUCCESS /SO Backup /667 /D "RAW Disk unmounted successfully - Unmount Completed" goto TidyUp ) else ( goto ERROR-TC ) :TidyUp del /q unmount.diskpart EXIT 0 :ERROR-TC eventcreate /L Application /T ERROR /SO Backup /ID 666 /D "TrueCrypt Unmount Failed..." EXIT 1 :ERROR-DP eventcreate /L Application /T ERROR /SO Backup /ID 666 /D "Loopback VHD Disk Unmount Failed..." EXIT 1 :: ================================== :: == END UNmount-truecrypt.bat == :: ==================================
How to debug squid ACLs
For tricky squid ACL troubleshooting situations, it is helpful to be able to see which access control entries a request matches and does not match. This information can be discovered easily using squid’s debugging facility.
Step 1: RTFM
check debug sections avaliable: http://wiki.squid-cache.org/KnowledgeBase/DebugSections
In this case, we can see that squid’s ACLs are managed by section 28.
Step 2: Make squid more chatty
Given the ACL section, we can tell squid to log more information about ACL traversal. We feed him the section (28) and the log level (3, or similar) in squid.conf (near the top usually).
Code:
debug_options 28,3
… and we tell the daemon to re-read the configuration:
service squid reload
Step 3: Test and evaluate
Now check the logs:
tail -f /var/log/squid/cache.log
Note: realistically you probably don’t want to tail the logs, you are best to try your failing web site then open the log with ‘less’ etc and do a search for you website.
In this example my blocklist had downloaded some unfiltered characters and ended up with a zero (”0”) on a line by itself. (Why they ended up there is a different conversation)
2015/01/07 15:51:42.237| ACL::checklistMatches: checking 'zeus_block_list' 2015/01/07 15:51:42.237| aclRegexData::match: checking 'mt0.google.com' 2015/01/07 15:51:42.237| aclRegexData::match: looking for '24b5' 2015/01/07 15:51:42.237| aclRegexData::match: looking for '0' 2015/01/07 15:51:42.238| aclRegexData::match: match '0' found in 'mt0.google.com' 2015/01/07 15:51:42.238| ACL::ChecklistMatches: result for 'zeus_block_list' is 1
Removing the zero from the
zeus_block_list
and reloading squid resolved the issue.
Note that true evaluations are represented by 1, while false evaluations are represented by 0.
Step 4: Post-troubleshooting cleanup
It is important to disable the debug_options when you are finished troubleshooting. They produce a copious amount of logging, and they can generally be a (disk space) liability when you aren’t using them.
To reverse the changes, simply comment out the debug_options line above, and reload squid.
Thanks to FreeBSD forums for the walk-through