|
@@ -3,10 +3,10 @@
|
3
|
3
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
4
|
4
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
5
|
5
|
<head>
|
6
|
|
-<!-- 2016-10-31 Mon 16:23 -->
|
|
6
|
+<!-- 2018-02-20 Tue 11:20 -->
|
7
|
7
|
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
8
|
8
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
9
|
|
-<title></title>
|
|
9
|
+<title>‎</title>
|
10
|
10
|
<meta name="generator" content="Org mode" />
|
11
|
11
|
<meta name="author" content="Bob Mottram" />
|
12
|
12
|
<meta name="description" content="Turn the Beaglebone Black into a personal communications server"
|
|
@@ -71,6 +71,7 @@
|
71
|
71
|
pre.src-fortran:before { content: 'Fortran'; }
|
72
|
72
|
pre.src-gnuplot:before { content: 'gnuplot'; }
|
73
|
73
|
pre.src-haskell:before { content: 'Haskell'; }
|
|
74
|
+ pre.src-hledger:before { content: 'hledger'; }
|
74
|
75
|
pre.src-java:before { content: 'Java'; }
|
75
|
76
|
pre.src-js:before { content: 'Javascript'; }
|
76
|
77
|
pre.src-latex:before { content: 'LaTeX'; }
|
|
@@ -188,7 +189,7 @@
|
188
|
189
|
@licstart The following is the entire license notice for the
|
189
|
190
|
JavaScript code in this tag.
|
190
|
191
|
|
191
|
|
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
|
|
192
|
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
|
192
|
193
|
|
193
|
194
|
The JavaScript code in this tag is free software: you can
|
194
|
195
|
redistribute it and/or modify it under the terms of the GNU
|
|
@@ -256,31 +257,31 @@ for the JavaScript code in this tag.
|
256
|
257
|
</colgroup>
|
257
|
258
|
<tbody>
|
258
|
259
|
<tr>
|
259
|
|
-<td class="org-left"><a href="#org5101793">Backup keys</a></td>
|
|
260
|
+<td class="org-left"><a href="#org9e30c71">Backup keys</a></td>
|
260
|
261
|
</tr>
|
261
|
262
|
|
262
|
263
|
<tr>
|
263
|
|
-<td class="org-left"><a href="#orgbd04f75">Backup to USB</a></td>
|
|
264
|
+<td class="org-left"><a href="#org51128a3">Backup to USB</a></td>
|
264
|
265
|
</tr>
|
265
|
266
|
|
266
|
267
|
<tr>
|
267
|
|
-<td class="org-left"><a href="#org3944959">Restore from USB</a></td>
|
|
268
|
+<td class="org-left"><a href="#org471bcb9">Restore from USB</a></td>
|
268
|
269
|
</tr>
|
269
|
270
|
|
270
|
271
|
<tr>
|
271
|
|
-<td class="org-left"><a href="#org4ffab21">Distributed/remote backups</a></td>
|
|
272
|
+<td class="org-left"><a href="#orgbd325f2">Distributed/remote backups</a></td>
|
272
|
273
|
</tr>
|
273
|
274
|
|
274
|
275
|
<tr>
|
275
|
|
-<td class="org-left"><a href="#org52a7ed8">Restore from a friend</a></td>
|
|
276
|
+<td class="org-left"><a href="#orged9af55">Restore from a friend</a></td>
|
276
|
277
|
</tr>
|
277
|
278
|
</tbody>
|
278
|
279
|
</table>
|
279
|
280
|
</div>
|
280
|
281
|
|
281
|
|
-<div id="outline-container-org5101793" class="outline-2">
|
282
|
|
-<h2 id="org5101793">Backup keys</h2>
|
283
|
|
-<div class="outline-text-2" id="text-org5101793">
|
|
282
|
+<div id="outline-container-org9e30c71" class="outline-2">
|
|
283
|
+<h2 id="org9e30c71">Backup keys</h2>
|
|
284
|
+<div class="outline-text-2" id="text-org9e30c71">
|
284
|
285
|
<p>
|
285
|
286
|
As part of the Freedombone installation the GPG key used to encrypt backups will have been added to the <i>.gnupg</i> keyring in your home directory. Ensure that you have a copy of all your keys by plugging in a LUKS encrypted USB drive and then running the commands:
|
286
|
287
|
</p>
|
|
@@ -303,9 +304,9 @@ A pro-tip for the best possible security is to create multiple USB drives contai
|
303
|
304
|
</p>
|
304
|
305
|
</div>
|
305
|
306
|
</div>
|
306
|
|
-<div id="outline-container-orgbd04f75" class="outline-2">
|
307
|
|
-<h2 id="orgbd04f75">Backup to USB</h2>
|
308
|
|
-<div class="outline-text-2" id="text-orgbd04f75">
|
|
307
|
+<div id="outline-container-org51128a3" class="outline-2">
|
|
308
|
+<h2 id="org51128a3">Backup to USB</h2>
|
|
309
|
+<div class="outline-text-2" id="text-org51128a3">
|
309
|
310
|
<p>
|
310
|
311
|
First and foremost - <b>encrypt your USB drives</b>! Even if you think you have "<i>nothing to hide</i>" if you accidentally lose a USB thumb drive (it's easy to lose small objects) and it's not encrypted then potentially someone might be able to obtain enough information about you to commit identity fraud, take out loans, open bank accounts, etc. Use LUKS encryption. In Ubuntu you can do this using the <i>Disk Utility</i> application. Some instructions <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">can be found here</a>.
|
311
|
312
|
</p>
|
|
@@ -336,9 +337,9 @@ When the backup ends remove the USB drive and keep it somewhere safe. Even if it
|
336
|
337
|
</p>
|
337
|
338
|
</div>
|
338
|
339
|
</div>
|
339
|
|
-<div id="outline-container-org3944959" class="outline-2">
|
340
|
|
-<h2 id="org3944959">Restore from USB</h2>
|
341
|
|
-<div class="outline-text-2" id="text-org3944959">
|
|
340
|
+<div id="outline-container-org471bcb9" class="outline-2">
|
|
341
|
+<h2 id="org471bcb9">Restore from USB</h2>
|
|
342
|
+<div class="outline-text-2" id="text-org471bcb9">
|
342
|
343
|
<p>
|
343
|
344
|
Log into the system and become the root user:
|
344
|
345
|
</p>
|
|
@@ -361,15 +362,15 @@ Enter the LUKS password for the USB drive. When the restore is complete you can
|
361
|
362
|
</p>
|
362
|
363
|
</div>
|
363
|
364
|
</div>
|
364
|
|
-<div id="outline-container-org4ffab21" class="outline-2">
|
365
|
|
-<h2 id="org4ffab21">Distributed/remote backups</h2>
|
366
|
|
-<div class="outline-text-2" id="text-org4ffab21">
|
|
365
|
+<div id="outline-container-orgbd325f2" class="outline-2">
|
|
366
|
+<h2 id="orgbd325f2">Distributed/remote backups</h2>
|
|
367
|
+<div class="outline-text-2" id="text-orgbd325f2">
|
367
|
368
|
<p>
|
368
|
369
|
Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.
|
369
|
370
|
</p>
|
370
|
371
|
|
371
|
372
|
<p>
|
372
|
|
-Firstly you will need to have a user account on one or more of your friends servers. They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access. They can create a user account for you with the control panel on a Freedombone system or with the <b>adduser <username></b> command on any other system when logged in as root and then give you the username and password via a secure method, such as on paper, via an encrypted email, Tox or via an XMPP chat using OTR. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
|
|
373
|
+Firstly you will need to have a user account on one or more of your friends servers. They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access. They can create a user account for you with the control panel on a Freedombone system or with the <b>adduser <username></b> command on any other system when logged in as root and then give you the username and password via a secure method, such as on paper, via an encrypted email, Tox or via an XMPP chat using OpenPGP/OMEMO. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will not be easy. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
|
373
|
374
|
</p>
|
374
|
375
|
|
375
|
376
|
<div class="org-src-container">
|
|
@@ -386,12 +387,13 @@ You can then enter the usernames, domains and ssh logins for one or more remote
|
386
|
387
|
</p>
|
387
|
388
|
</div>
|
388
|
389
|
</div>
|
389
|
|
-<div id="outline-container-org52a7ed8" class="outline-2">
|
390
|
|
-<h2 id="org52a7ed8">Restore from a friend</h2>
|
391
|
|
-<div class="outline-text-2" id="text-org52a7ed8">
|
392
|
|
-</div><div id="outline-container-org9783b56" class="outline-3">
|
393
|
|
-<h3 id="org9783b56">With a completely new Freedombone installation</h3>
|
394
|
|
-<div class="outline-text-3" id="text-org9783b56">
|
|
390
|
+<div id="outline-container-orged9af55" class="outline-2">
|
|
391
|
+<h2 id="orged9af55">Restore from a friend</h2>
|
|
392
|
+<div class="outline-text-2" id="text-orged9af55">
|
|
393
|
+</div>
|
|
394
|
+<div id="outline-container-orgf5b5789" class="outline-3">
|
|
395
|
+<h3 id="orgf5b5789">With a completely new Freedombone installation</h3>
|
|
396
|
+<div class="outline-text-3" id="text-orgf5b5789">
|
395
|
397
|
<p>
|
396
|
398
|
This is the ultimate disaster recovery scenario in which you are beginning completely from scratch with new hardware and a new Freedombone installation (configured with the same username and domain names). It is assumed that the old hardware was destroyed, but that you have the backup key stored on a USB thumb drive.
|
397
|
399
|
</p>
|
|
@@ -418,9 +420,9 @@ Finally select <i>Restore from remote backup</i> and enter the domain name of th
|
418
|
420
|
</p>
|
419
|
421
|
</div>
|
420
|
422
|
</div>
|
421
|
|
-<div id="outline-container-orgf7adedb" class="outline-3">
|
422
|
|
-<h3 id="orgf7adedb">On an existing Freedombone installation</h3>
|
423
|
|
-<div class="outline-text-3" id="text-orgf7adedb">
|
|
423
|
+<div id="outline-container-orgda018d1" class="outline-3">
|
|
424
|
+<h3 id="orgda018d1">On an existing Freedombone installation</h3>
|
|
425
|
+<div class="outline-text-3" id="text-orgda018d1">
|
424
|
426
|
<p>
|
425
|
427
|
This is for more common situations in which maybe some data became corrupted and you want to restore it.
|
426
|
428
|
</p>
|