Backup shell script to backup selected directories and upload securely (gpg) to FTP server

by on April 9, 2008 · 10 comments

This script requires GNU Privacy Guard - cryptographic software on Linux / UNIX systems. GnuPG encrypts messages using asymmetric keypairs individually generated by GnuPG users. The resulting public keys can be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ 'owner' identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.

GnuPG does not use patented or otherwise restricted software or algorithms, including the IDEA encryption algorithm which has been present in PGP almost from the beginning. Instead, it uses a variety of other, non-patented algorithms such as CAST5, Triple DES, AES, Blowfish and Twofish. It is still possible to use IDEA in GnuPG by downloading a plugin for it, however this may require getting a license for some uses in some countries in which IDEA is patented.

GnuPG is a hybrid encryption software program in that it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key which is only used once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version.

Shell Script

  1. #!/bin/bash
  2. # Shell script (BASH) to backup the selected directory on server and upload to
  3. # another ftp server securely. This script uses the gpg command to
  4. # encrypt the .tar.gz file before upload take place.
  5. #
  6. # In order to run this script you must have following tools installed:
  7. # - /usr/bin/ncftpput
  8. # - /bin/tar
  9. # - /usr/bin/mail
  10. # - /usr/bin/gpg
  11. #
  12. # Script also mails back the ftp operation failed or not
  13. #
  14. # Installation:
  15. # Customize the script according to your need. You need to setup ftp
  16. # server, password etc. Next, you need to setup gpg user name and
  17. # import public key so that you can encrypt the files. Usually following two
  18. # commands needed for gpg:
  19. # gpg --import userkey
  20. # gpg --edit-key KEY_ID|USER_ID
  21. # Command>trust
  22. #
  23. # --------------------------------------------------------------------
  24. # This is a free shell script under GNU GPL version 2.0 or above
  25. # Copyright (C) 2005 nixCraft project.
  26. # Feedback/comment/suggestions : http://cyberciti.biz/fb/
  27. # -------------------------------------------------------------------------
  28. # This script is part of nixCraft shell script collection (NSSC)
  29. # Visit http://bash.cyberciti.biz/ for more information.
  30. # -------------------------------------------------------------------------
  31.  
  32. # Dirs to backup, Separate multiple directories using space
  33. # for example /home /www /data2
  34. BACKUP="/home"
  35.  
  36. # Remote ftp server
  37. FTPH="ftp.backup.com"
  38.  
  39. # Remote ftp user name
  40. FTPU="ftpusername"
  41.  
  42. # Remote ftp user password
  43. FTPP="secret"
  44.  
  45. # Local gpg user_id
  46. GPGU="nixcraft"
  47.  
  48. # Remote directory, blank for default remote dir
  49. # If dir does not exist it will be created automatically by ncftpput :)
  50. FTPD="backup/"
  51.  
  52. # Temporary directory to store tar.gz file and process it
  53. TMPD="/tmp"
  54.  
  55. # Mail message
  56. # Admin email me@mycorp.com or pager@yourmobile.com
  57. MTO="support@mycorp.com"
  58. # Mail subject
  59. MSUB="Backup $(hostname) report"
  60. # Admin info, URL email id; change it according to your need :)
  61. ADMIN_INFO="For support visit http://cyberciti.biz/fb/ or write an email to nobody@cyberciti.biz"
  62.  
  63. # Only change if your UNIX stores bin in diffrent location
  64. NCFTP="/usr/bin/ncftpput"
  65. TAR="/bin/tar" # must be gnu tar
  66. MAILC="/usr/bin/mail"
  67. GPG="/usr/bin/gpg"
  68.  
  69. #######################################################################
  70. # Do not change anything below
  71. #######################################################################
  72. FILE="$(hostname).$(date +"%d-%m-%Y").tar.gz"
  73. OUT="$TMPD/$FILE"
  74. FOUT="$OUT.gpg"
  75. MFILE="/tmp/ftpout.$$.txt"
  76. MESS=""
  77.  
  78. if [ ! -x $TAR ]; then
  79. echo "$TAR command not found, contact $ADMIN_INFO"
  80. exit 1
  81. fi
  82.  
  83. if [ ! -x $NCFTP ]; then
  84. echo "$NCFTP command not found, contact $ADMIN_INFO"
  85. exit 1
  86. fi
  87.  
  88. if [ ! -x $GPG ] ; then
  89. echo "$GPG command not found, contact $ADMIN_INFO"
  90. exit 1
  91. fi
  92.  
  93. $TAR -zcf $OUT $BACKUP
  94. if [ $? -ne 0 ];
  95. then
  96. MESS="$TAR failed to create backup. Nothing uploaded to remote FTP $FTPH server"
  97. else
  98. # Encrypt the .tar.gz file before upload
  99. $GPG -e -r $GPGU -o $FOUT $OUT
  100. $NCFTP -m -u "$FTPU" -p "$FTPP" "$FTPH" "$FTPD" "$FOUT"
  101. OSTAT="$?"
  102. case $OSTAT in
  103. 0) MESS="Success.";;
  104. 1) MESS="Could not connect to remote host $FTPH.";;
  105. 2) MESS="Could not connect to remote host $FTPH - timed out.";;
  106. 3) MESS="Transfer failed.";;
  107. 4) MESS="Transfer failed - timed out.";;
  108. 5) MESS="Directory change failed.";;
  109. 6) MESS="Directory change failed - timed out.";;
  110. 7) MESS="Malformed URL.";;
  111. 8) MESS="Usage error. May be your version of ncftpput ($NCFTP) is old";;
  112. 9) MESS="Error in login configuration file.";;
  113. 10)MESS="Library initialization failed.";;
  114. 11) MESS="Session initialization failed.";;
  115. *) MESS="Unknown error, contact admin $ADMIN_INFO";;
  116. esac
  117. fi
  118.  
  119. >$MFILE
  120. echo "Backup status for $(hostname) as on $(date):" >>$MFILE
  121. echo "" >>$MFILE
  122. echo "Backup File : $FOUT" >>$MFILE
  123. echo "Backup ftp server : $FTPH" >>$MFILE
  124. echo "Backup status message : $MESS" >>$MFILE
  125. echo "" >>$MFILE
  126. echo "-- Automatically generated by $(basename $0)" >>$MFILE
  127.  
  128. # send an email to admin
  129. $MAILC -s "$MSUB" $MTO <$MFILE
  130. # remove the files
  131. [ -f $MFILE ] && rm -f $MFILE || :
  132. [ -f $FOUT ] && rm -f $FOUT || :
  133. [ -f $OUT ] && rm -f $OUT || :


4000+ howtos and counting! If you enjoyed this article, join 45000+ others and get free email updates!

Click here to subscribe via email.

  • Jordi

    What do you do to that script if you want one copy of the generated file somewhere on your system.
    i.e on /home/backups

    Many thanks.

  • vivek

    You need to add code as follows before
    # remove the files
    Add code to copy encrypted file to /home/backups
    /bin/cp $FOUT /home/backups

  • Jerome

    I have also written a backup script which can
    * Backup a selection of files and/or directories.
    * Dump MySQL databases.
    * Backup hidden configuration files of users’ homes.
    * Backup the list of installed packages (Debian).
    * Encrypt the final archive using GPG.
    * Upload final archive via FTP (using ftp-upload) and/or SCP.

    If someone is interested, then have a look on http://zyxbackup.blogspot.com/

  • Saudi Arabia

    Good !

  • Pawel

    Thanks,
    It would by really good to add function to remove from the ftp files older than x days.

  • Lion

    Great! string with explanation how key can become trusted without signing was ultra helpful, Thanks!

  • Astral God

    Hello.

    There is a way to backup and upload files from an FTP server to an WebDAV server ? (https://) ?

    Thanks.

  • thiyagi

    thanks man, the script seems good..

  • Michael Rimbach

    @Jerome: I love your Script – many thanks for that :)

  • altsysrq

    Is there a way to hide or encrypt the passwords instead of leaving them in the script as plain text?

Previous Script:

Next Script: