Backup Windows Server with TrueCrypt / VeraCrypt

Posted in Operating Systems, Windows, Security, Tools, Tips, Encryption on Wednesday, May 27, 2015 by

TrueCrypt is considered dead these days, but back when it was trusted this is a script I wrote to backup Windows Server (2008 and above) with TrueCrypt. It uses a loopback VHD (loopback file/drive) on a removable USB harddrive that it RAW formatted with TrueCrypt. That TrueCrypt volume then contains a large VHD file to the size of your backup volume.

How to configure it:

  1. Save the bat file on your server
  2. Format a (USB?) drive as a RAW TrueCrypt volume
  3. Mount the TrueCrypt partition
  4. Create a VHD volume with the filename: z:Backups.vhd within the TrueCrypt volume
  5. Mount the VHD volume as Z Drive
  6. Configure Windows Server Backup to use the Z Drive as a backup destination
  7. Unmount the VHD Volume
  8. Unmount the TrueCrypt volume
  9. Create the directories: C:backupscripts

How to use it:
With the above completed:

  1. Configure a scheduled task to run 10 minutes before your nightly backup job to run the backup script (Mount-truecrypt.bat)
  2. Eg. If your backup is to run at 11pm, configure the script to run at 10:50pm.
  3. Then after your backup finishes execute another scheduled task to UNmount the VHD and TrueCrypt volume (UNmount-truecrypt.bat)

Your done!

P.S. I’m not actually sure if this works with VeraCrypt but I think they have the same command line flags…. :-P

:: Truecrypt backup script written by Campbell McKenzie - www.cammckenzie.com 

:: =================================
:: ==  START Mount-truecrypt.bat  ==
:: =================================

:: "Auto" mount the RAW TrueCrypt disk as drive Z: password 1234

eventcreate /L Application /T INFORMATION /SO Backup /ID 666 /D "Attempting to mount backup disks..."

CD C:\Program Files\TrueCrypt
TrueCrypt.exe /auto devices /q /lZ /p 1234
if '%errorlevel%' EQU '0' (
    eventcreate /L Application /T SUCCESS /SO Backup /ID 666 /D "RAW Disk mounted on Z:\ "
    goto MountVHD
) else ( goto ERROR-TC )

:MountVHD
:: Perform directory listing for Truecrypt Bugs
dir z:\ > nul
:: Create the scriptlet
cd C:\backup\scripts

echo sel vdisk file="Z:\Backups.vhd" >mount.diskpart
echo attach vdisk >> mount.diskpart
echo select partition 1 >> mount.diskpart
echo assign letter=X >> mount.diskpart

:: Run the cmdlet
diskpart /s mount.diskpart
if '%errorlevel%' EQU '0' (
    eventcreate /L Application /T SUCCESS /SO Backup /ID 666 /D "Loopback VHD Disk mounted on X:\ - Mount Completed"
    goto TidyUp
) else ( goto ERROR-DP )

:TidyUp 
del /q mount.diskpart
EXIT 0 

:ERROR-TC
eventcreate /L Application /T ERROR /SO Backup /ID 666 /D "TrueCrypt Mount Failed..."
EXIT 1

:ERROR-DP
eventcreate /L Application /T ERROR /SO Backup /ID 666 /D "Loopback VHD Disk mount Failed..."
EXIT 1

:: REF: http://nicj.net/mounting-vhds-in-windows-7-from-a-command-line-script/
:: ===============================
:: ==  END Mount-truecrypt.bat  ==
:: ===============================
:: ==================================
:: ==  START UNmount-truecrypt.bat ==
:: ==================================

:: UnmountVHD.cmd
eventcreate /L Application /T INFORMATION /SO Backup /ID 667 /D "Attempting to unmount backup disks..."

cd C:\backup\scripts

echo sel vdisk file="z:\Backups.vhd" >unmount.diskpart
echo detach vdisk >>unmount.diskpart
:: Run the cmdlet
diskpart /s unmount.diskpart
if '%errorlevel%' EQU '0' (
    eventcreate /L Application /T SUCCESS /SO Backup /ID 667 /D "Loopback VHD Disk unmounted successfully..."
    goto UnmountTrueCrypt
) else ( goto ERROR-DP )

:: Unmount the RAW disk
:UnmountTrueCrypt
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /d /q /s
if '%errorlevel%' EQU '0' (
    eventcreate /L Application /T SUCCESS /SO Backup /667 /D "RAW Disk unmounted successfully - Unmount Completed"
    goto TidyUp
) else ( goto ERROR-TC )

:TidyUp 
del /q unmount.diskpart
EXIT 0

:ERROR-TC
eventcreate /L Application /T ERROR /SO Backup /ID 666 /D "TrueCrypt Unmount Failed..."
EXIT 1

:ERROR-DP
eventcreate /L Application /T ERROR /SO Backup /ID 666 /D "Loopback VHD Disk Unmount Failed..."
EXIT 1

:: ==================================
:: ==  END UNmount-truecrypt.bat ==
:: ==================================

How to debug squid ACLs

Posted in Operating Systems, Linux, Services, Tips on Wednesday, January 7, 2015 by

For tricky squid ACL troubleshooting situations, it is helpful to be able to see which access control entries a request matches and does not match. This information can be discovered easily using squid’s debugging facility.

Step 1: RTFM

check debug sections avaliable: http://wiki.squid-cache.org/KnowledgeBase/DebugSections

In this case, we can see that squid’s ACLs are managed by section 28.

Step 2: Make squid more chatty

Given the ACL section, we can tell squid to log more information about ACL traversal. We feed him the section (28) and the log level (3, or similar) in squid.conf (near the top usually).

Code:

debug_options 28,3

… and we tell the daemon to re-read the configuration: 

service squid reload

Step 3: Test and evaluate

Now check the logs:

tail -f /var/log/squid/cache.log

Note: realistically you probably don’t want to tail the logs, you are best to try your failing web site then open the log with ‘less’ etc and do a search for you website.

In this example my blocklist had downloaded some unfiltered characters and ended up with a zero (”0”) on a line by itself. (Why they ended up there is a different conversation)

2015/01/07 15:51:42.237| ACL::checklistMatches: checking 'zeus_block_list'
2015/01/07 15:51:42.237| aclRegexData::match: checking 'mt0.google.com'
2015/01/07 15:51:42.237| aclRegexData::match: looking for '24b5'
2015/01/07 15:51:42.237| aclRegexData::match: looking for '0'
2015/01/07 15:51:42.238| aclRegexData::match: match '0' found in 'mt0.google.com'
2015/01/07 15:51:42.238| ACL::ChecklistMatches: result for 'zeus_block_list' is 1

Removing the zero from the 

zeus_block_list

and reloading squid resolved the issue.

Note that true evaluations are represented by 1, while false evaluations are represented by 0.

Step 4: Post-troubleshooting cleanup

It is important to disable the debug_options when you are finished troubleshooting. They produce a copious amount of logging, and they can generally be a (disk space) liability when you aren’t using them.

To reverse the changes, simply comment out the debug_options line above, and reload squid.

Thanks to FreeBSD forums for the walk-through

Clear Infortrend iSCSI SAN ‘ATTEN’ Light

Posted in Tips, Hardware on Friday, December 5, 2014 by

Via the webconsole, click: Event, then read all the events, while taking note of them and actioning them as required.
Finally click: Clear All Events

Dump all PHP variables

Posted in Operating Systems, Linux, Security, Tips on Thursday, December 4, 2014 by 
<?php
$everything = get_defined_vars();
ksort($everything);
echo '<pre>';
print_r($everything);
echo '</pre>';
?>

Run MySQL in the foreground

Posted in Operating Systems, Unix, Linux, Windows, Services, MySql, Tips on Wednesday, December 3, 2014 by

Well actually it’s not in the foreground but to a log file, but if you tail / follow the logfile you could pretend it was the foreground :-)

mysqld_safe --log-error=/var/log/mysql.err

And perhaps you have imported a database for forensic investigation and you don’t know the database password, you can just skip the authentication:

mysqld_safe --skip-grant-tables --log-error=/var/log/mysql.err
Next Page »
« Previous Page