# online-offsite-backup (name to change) This tool provides a way to offer others a service for backing up important files automatically. Problem: Offsite backups could be as easy as a network filesystem - the problem is however that these usually implement deleting files aswell. In the case where a user's machine is comprimised by an attacker, these files could just be deleted in the same way they were created, defeating some of the advantages of an offsite backup. Solution: Implement a network "filesystem" that only supports non-destructive operations. Only implementing upload means that backups will accumulate on the server. This tool deletes backups after N newer backups (like a ring buffer). To prevent quick successive uploads as a means of deleting backups a cooldown for backup uploads is implemented. Intended Usage: This program is developed to be deployed on a number of servers that are not under your control like backing up data of your friends. In such a scenario, everyone in your friend group would run this software on their server and negotiate keys with every other one. Possible attacks: This software primarily protects against the exact case mentioned above especially when been attacked by automated malware on your machine. Your remote backups servers may still be vulnerable to social engineering and supply-chain attacks. Security: This software assumes security (and reliability) of the TCP connections it makes: You **must** implement protection on this level yourself. Backups are stored as-is on the remote server: If your backup requires it, encrypt it! ## Usage 1. Intall the CLI with cargo: `cargo install --path /path/to/online-offsite-backup` 2. Place a configuration file somewhere. ```toml [storage] root = "/home/muffin/temp/backuptest" size = 1_000_000_000 # maximum size of a single backup version versions = 3 # number of backups to keep upload_cooldown = 864000 # cooldown in seconds for backup uploads download_cooldown = 43200 # cooldown in seconds for backup downloads upload_speed = 3_000_000 # maximum sustained backup upload speed in bytes per second download_speed = 3_000_000 # maximum sustained backup download speed in bytes per second [server] address = "127.0.0.1:29285" [[peer]] name = "alice" address = "aliceserver.net:29285" shared_secret = "hunter2" [[peer]] name = "bob" address = "bobserver.net:29285" shared_secret = "p4ssw0rd" ``` 3. Start uploading a backup: `backuptool config.toml upload /path/to/backup` 4. List currently stored backups: `backuptool config.toml list` 5. Restore a remote backup by serial: `backuptool config.toml download /path/to/restore` 6. See further usage `backuptool --help` ## Protocol Connect to the server via TCP and follow this simple text-based protocol. Whenever there is an error the server replies `error,` and then disconnects you.First send a line with the shared secret, then send commands. - `list`: Client sends `list` on a line. The server replies with multiple lines in the format `::` ended with a single empty line. - `upload`: Client sends `upload,` on a line. If accepted the server replies `ready`. The client should now send exactly as many bytes as announced. Once done the server replies `done` on a line. - `download`: Client sends `download,` on a line. If accepted the server replies `ready,` on a line and then continues sending exactly this many bytes before concluding with `done` on a line. ## License AGPL-3.0-only; See [COPYING](./COPYING) ## Todo - implement upload / download max rate