http://duda.tordo.net Maciej Duda - Devlog and publications en-us mduda@tordo.net mduda@tordo.net IT security, UNIX, web development 1 daily http://duda.tordo.net/achievements/12 Available in <a href="http://tordo.net/downloads/publications/send-email-away/Send-email-away_Maciej-Duda.pdf" rel="nofollow">PDF format</a><br /> <br /> Reviewed by Alex Tomic<br /> <br /> <h1>Abstract</h1><br /> This paper is participation in discussion about current status and future of an email Internet service. It&#39;s based mostly on my observations and experience in email and jabber server administration.<br /> <br /> <h1>Introduction</h1> <br /> Email is the most popular communication method over the Internet. It&#39;s also very old - it was designed in the early 70s, when people couldn&#39;t even dream of the Internet as it is now and that it would become this popular. Therefore they weren&#39;t putting a big effort to several architecture aspects crucial in the modern Internet. The way we use email now has evolved from simple sending of text messages to much more advanced tasks such as sharing files, using web-based user interfaces and using advanced sorting/filtering methods to organize our correspondence.<br /> <br /> Emails&#39; early great success prevented people from implementing drastic changes into protocol, because they were afraid of losing users by blocking old clients from communication with new ones (backward compatibility). This brings many issues with which we must struggle nowadays.<br /> <br /> <h1>Problems</h1><br /> Over time email gained additional functionalities. It became a platform, which inspired users with new ways for conversation and data exchange. To fulfill new requirements, developers wrote many add-ons and workarounds such as anti-spam filters, authentication and encryption, which resulted in a very chaotic protocol architecture. So to deploy a solid and useful email service, system administrators must solve all the issues installing and configuring additional software. Lets take a look at details of email problems.<br /> <br /> <h2>Security: authentication and confidentiality</h2><br /> Email doesn&#39;t require any type of authentication - everybody can send it from any host connected to the Internet and &quot;From&quot; field can be filed with anything the sender wants.<br /> <pre>telnet target.email.server.com 25<br /> HELO senders.domain.com<br /> MAIL FROM: John Doe<br /> RCPT TO: someone@target.email.server.com<br /> DATA<br /> body of message</pre>There is no verification for sender so identity theft is quite easy. Some servers might perform reverse DNS lookup, which will check if IP address of telnet connection matches senders.domain.com DNS records, but it&#39;s just an unofficial naming convention, and does not have to be followed.<br /> <br /> The problem is that email is used in business and other communications, which requires a higher level of confidentiality during exchange of important information. There are available solutions such as PGP signatures, but they require preparations for both exchange sites to comply, so it&#39;s fairly difficult to be sure that the received email is legitimate and/or has been intercepted during transfer. SSL is another way to encrypt messages, but it&#39;s only for network transfer and the message itself is stored in plaintext on the server. Also recent SSL Certificate Authority problems [5] decrease the level of confidence.<br /> <br /> Another aspect is the lack of end-to-end encryption. By default not only passwords are sent via plaintext, but also a body of correspondence, which makes it very easy to grab. It&#39;s worth mentioning, that emails are stored on servers in unencrypted format, which results in full access to them by system administrators and if server is being compromised, unauthorized person gets full access to email content.<br /> <br /> It&#39;s terrifying if you imagine that every email, which you read could be fabricated or read by somebody else.<br /> <br /> <h2>Spam, fraud and scam</h2><br /> According to MAAWG [1]:<pre>from the first and second quarters of 2010, the percentage <br /> of email identified as abusive has oscillated over the last<br /> six quarters between 88% and 91%.</pre>Users receive and process 9 out of 10 unwanted emails - bandwidth, hard drive space and processor time is simply wasted on spam. Filtering messages may end up with deleting important ones by accident. People get regularly tricked into using phishing websites distributed mostly over email. <br /> <br /> <h2>File exchange</h2><br /> So you can add attachment to your email. Did you know that attachment size is 30% bigger, when you send it via email? It can&#39;t be stressed enough that email is not designed for file exchange. It&#39;s inconvenient, not efficient and ineffective. Also from an interface perspective inbox is not a file folder - files are not accessed in a straight-forward manner, you cant search the content of files and they are fully dependent on emails, which they are attached to - if the email is moved or deleted, the same happens to the attached file. Transmission is not peer-to-peer and that slows down whole process, so email delivery with large attachments is not instant. It needs to be fully delivered to server and then the recipient can download the email with the content.<br /> <br /> There are much better ways to exchange files over the Internet.<br /> <br /> <h2>Standardization</h2><br /> Have you ever had a situation, where your legitimate email address was rejected by a website form validation? The problem is that there is lack of one true email address regular expression [2] available, because RFC [3] can be interpreted in many ways. This problem became visible, when Google Mail announced that every user can add suffix to his username to build additional email addresses for his account. The separator was &#39;+&#39; so John Doe can have email: &quot;johndoe+spam@gmail.com&quot; or &quot;johndoe+slashdot@gmail&quot; and every email sent on these accounts will end up in johndoe@gmail.com inbox. Many subscription services rejected subscribe forms with &#39;+&#39; in email address, which prevented Gmail users from applying this feature. <br /> <br /> I recommend to see this talk by rjbs, who covers most issues with email implementation and explains why standards are in terrible condition [4] <br /> <br /> <h1>Can we do something about it?</h1><br /> Surely there are many solutions and workarounds, which cover most of the mentioned problems (Gmail is a great example), but nevertheless the best solution would be to introduce a new standard, which wouldn&#39;t be backwards compatible to current email components and was adapted to present email use-cases. <br /> <br /> One of the most important improvements would be email filtering based on contact list - before delivering email, the sender would be required to be identified by the recipient as if he is willing to receive any emails from that sender. This kind of contact list is implemented in the XMPP protocol [6] and it solves many problems mentioned before: identity and spam/fraud. Perhaps this functionality should be optional, nevertheless it would be useful and efficient.<br /> <br /> Google Wave was one recent email replacement attempt. It was supposed to be an email alternative by bringing new breath into communication over the Internet. Wave had everything - security, authentication, grouping and filtering messages and well designed file exchange. Unfortunately this project has been rejected resulting in it being shut down.<br /> <br /> Another alternative might be the already mentioned XMPP protocol (which BTW Wave is based on), but it requires a suitable GUI to serve as an email alternative replacement, which it lacks for now.<br /> <br /> <h1>The future of email</h1><br /> Email does not go away, but there are trends in replacing POP3/SMTP interface with GUIs based on Web 2.0, which might be a chance to renew email standards so that it will fit more with current requirements. Users wont see any difference, because they don&#39;t need to set up anything in their Gmail or Facebook. Although they might gain new features like better grouping and threading correspondence.<br /> <br /> <h1>References</h1>[1] <a href="http://www.maawg.org/sites/maawg/files/news/MAAWG_2010_Q3Q4_Metrics_Report_14.pdf" rel="nofollow">http://www.maawg.org/sites/maawg/files/news/MAAWG_2010_Q3Q4_Metrics_Report_14.pdf</a><br /> [2] <a href="http://www.regular-expressions.info/email.html" rel="nofollow">http://www.regular-expressions.info/email.html</a><br /> [3] <a href="http://tools.ietf.org/html/rfc2822#section-3.4.1" rel="nofollow">http://tools.ietf.org/html/rfc2822#section-3.4.1</a><br /> [4] <a href="http://rjbs.manxome.org/" rel="nofollow">http://rjbs.manxome.org/</a><br /> [5] <a href="http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx" rel="nofollow">http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx</a><br /> [6] <a href="http://xmpp.org/rfcs/rfc3921.html#int" rel="nofollow">http://xmpp.org/rfcs/rfc3921.html#int</a> Maciej Duda 2012-01-25 00:00 http://duda.tordo.net/achievements/11 Client-server script, which collects info about Tordo network hosts and processes these data.<br /> <br /> Source code and documentation is available at <a href="http://tordo.net:3000/projects/tss2" rel="nofollow">project website</a>. Maciej Duda 2012-01-09 00:00 http://duda.tordo.net/devlog/5 Here is my subjective list of most interesting events. I hope that the lessons we learned in 2011 year will bring higher security awareness and result in less problems in 2012. Stay safe, everyone and remember to be always a little bit more paranoid.<br /> <br /> <h2>CA certificates takeover</h2>SSL certificates became main target for attacks in Internet. There were MITM [1] and weaknesses in software responsible for cert verification [2], but most stunning was theft of CA from DigiNotar, which resulted in compromising whole tree of official certificates including Google Mail, Mozilla. Yahoo and Wordpress. For couple of days Internet froze because there was no guarantee that ssl certificate is valid and safe. DigiNotar announced bankruptcy on September 2011.<br /> <br /> <h2>LulzSec mayhem</h2>As Sony Pictures Entertainment has became main target of attacks with over 20 hacks in two months, LulzSec popularity grew by every day. Their statement - cause mayhem no matter what - brought controversial opinions. People were cheering them to attack (mostly with DDoS method) more challenging targets including FBI and CIA, but when LulzSec began to target geek-related environments like EVE, LoL or Minecraft, their popularity wasn&#39;t strong as before. They also made enemies with other hacking groups and small civil war was inevitable. The story of LulzSec ends after 50 days of intensive activity. There are suspicions that other hackers compromised LulzSec members identities and forced them to suspend their activity. <br /> <br /> <h2>HBGary Federal incident</h2>Thats one nice peace of story, which deserves movie adaptation. Security audit company hired by US government for consultent and infiltration of big hacking groups such as Wikileaks and Anonymous became victim of it&#39;s own techniques and incompetence. HBGary has been hacked by Anonymous compromising confidential emails, which revived unprofessional methods practiced by the company. <br /> <br /> <h2>RSA SecurID tokens fiasco</h2>RSA used to have strong reputation before this incident, but the way they handled it by misinforming users about current statement resulted in permanent loss of market position be this company. The attack was represented as &quot;extremely sophisticated&quot;, was as a matter of fact easy to stop pdf/excel macro, which was executed by low priority employee. <br /> <br /> <h2>References</h2>[1] <a href="https://seventhoctober.net/2011/08/ssl-mitm-with-an-inserted-ca-and-a-dns-hijack/" rel="nofollow">https://seventhoctober.net/2011/08/ssl-mitm-with-an-inserted-ca-and-a-dns-hijack/</a><br /> [2] <a href="http://blog.spiderlabs.com/2011/07/twsl2011-007-ios-ssl-implementation-does-not-validate-certificate-chain.html" rel="nofollow">http://blog.spiderlabs.com/2011/07/twsl2011-007-ios-ssl-implementation-does-not-validate-certificate-chain.html</a> Maciej Duda 2012-01-01 23:15 http://duda.tordo.net/devlog/4 There is another attempt to regain control by US government and big corporations over the content posted on the Internet. This time it&#39;s called SOPA - Stop Online Piracy Act, which <i>gives broad powers to private actors. Any holder of intellectual property rights could simply send a letter to ad network operators like Google and to payment processors like MasterCard, Visa, and PayPal, demanding these companies cut off access to any site the IP holder names as an infringer.</i> - <a href="http://arstechnica.com/tech-policy/news/2011/10/house-takes-senates-bad-internet-censorship-bill-makes-it-worse.ars" rel="nofollow">Arstechnica</a> <br /> It means that my entire website might be blocked in USA on request from Tesla Motors because I posted pictures of their car on <a href="http://duda.tordo.net/devlog/3" rel="nofollow">previous DevLog post</a>.<br /> Please, take a look at this case and consider participation in spreading information, because if it gets passed, <a href="http://news.cnet.com/8301-31921_3-57329001-281/how-sopa-would-affect-you-faq/" rel="nofollow">we all will be affected</a>. <br /> Also US Congress clearly tries to hide information from general public about session results by publishing official delay on next year, but in fact <a href="http://www.youtube.com/watch?v=JhwuXNv8fJM&amp;feature=colike" rel="nofollow">it will be brought up again on 21st December</a>.<br /> <br /> <h2>More info</h2><ul><li><a href="http://americancensorship.org" rel="nofollow">http://americancensorship.org</a></li><li><a href="http://www.youtube.com/watch?v=JhwuXNv8fJM" rel="nofollow">TotalBiscuit on SOPA</a></li><li><a href="http://news.cnet.com/8301-31921_3-57329001-281/how-sopa-would-affect-you-faq/" rel="nofollow">SOPA FAQ</a></li></ul> Maciej Duda 2011-12-18 01:30 http://duda.tordo.net/devlog/3 It&#39;s really worth mentioning because there is only 2,000 of them worldwide.<br /> <br /> <a href="http://tordo.net/downloads/usr/mduda-g-UuYahqu8/gallery//cars/20111110312.jpg"><img class="dimg" src="http://tordo.net/downloads/usr/mduda-g-UuYahqu8/gallery//cars/20111110312.jpg" alt="" /></a><br /> <br /> <a href="http://tordo.net/downloads/usr/mduda-g-UuYahqu8/gallery//cars/20111110314.jpg"><img class="dimg" src="http://tordo.net/downloads/usr/mduda-g-UuYahqu8/gallery//cars/20111110314.jpg" alt="" /></a><br /> <br /> <a href="http://tordo.net/downloads/usr/mduda-g-UuYahqu8/gallery//cars/20111110313.jpg"><img class="dimg" src="http://tordo.net/downloads/usr/mduda-g-UuYahqu8/gallery//cars/20111110313.jpg" alt="" /></a> Maciej Duda 2011-11-10 19:11 http://duda.tordo.net/devlog/2 Yes. It&#39;s not that easy, because my local wifi network has MAC filtering and long, complicated password.<br /> Problems encountered:<br /> <ul><li>iPad owner doesn&#39;t know the MAC address and how to find it,</li><li>User interface in in Italian and I don&#39;t it that well,</li><li>iPads don&#39;t have usb port*</li></ul><br /> I spent couple of minutes explaining what MAC is and why I need it. Another minutes lost on search MAC in iOS. Finally we found after I googled &quot;how to check MAC address in iPad&quot;. And finality entering more than 30 characters randomly generated password on <b>shitty on-screen keyboard</b>. <br /> <br /> Achievement unlocked.<br /> <br /> * - i keep password in encrypted text file stored on 256MB pendrive, so I don&#39;t need to type it in (also key-logger protection). Maciej Duda 2011-09-07 23:05 http://duda.tordo.net/devlog/1 I like this project. It&#39;s all about me - content and technology. It&#39;s representation of my programming and system administrating skills my interests and thoughts.<br /> This one practical version is special. It&#39;s the milestone of my career, because <i>Dud projec</i>t is totally written in Perl as in previous versions, everything was in PHP. I started coding in Perl three years ago thanks to <a href="http://www.ctrl-alt-del.cc/" rel="nofollow">tqm</a>. Now it&#39;s my main and favorite programming environment.<br /> <br /> So let&#39;s see under the hood what do we have here.<br /> <ul><li> Perl 5 (strict),</li><li> <a href="http://www.catalystframework.org/" rel="nofollow">Catalyst web framework</a>,</li><li>Template-Toolkit,</li><li> hosted on lighttpd web server in FastCGI mode,</li></ul>I like this environment very much. I&#39;m surprised with it&#39;s performance because I usually consider frameworks quite slow.<br /> <br /> <h2>New Tordo.net website</h2>Apache has been totally abandoned on main Tordo and everything is now hosted on earlier mentioned lighttpd, so I decided to use this as good excuse for small refresh. Here is new front page website - <a href="http://tordo.net" rel="nofollow">http://tordo.net</a> Maciej Duda 2011-08-05 22:47 http://duda.tordo.net/achievements/8 <h2>Description</h2><br /> <a href="http://www.sans.org/security-training/security-essentials-bootcamp-style-61-mid" rel="nofollow">http://www.sans.org/security-training/security-essentials-bootcamp-style-61-mid</a> Maciej Duda 2011-05-21 00:00 http://duda.tordo.net/achievements/7 <h2>Description</h2>Dropbox is popular service, for backing up local files. I like the idea very much - having my data on separate host, which keeps backup copies even after removing them locally. I love that Dropbox responds to my actions on files almost instantly. I have been using it for more than one year and there is only one problem with Dropbox - my files are on someone else servers.<br /> <br /> Every time I put new file into Dropbox folder, I must think what kind of data is it and would I allow it to leak. I really do not have any reason to trust someone, who offers me solid service for free. So this is big chance that my files are the price.<br /> <br /> Currently I&#39;m working on alternative solution using open source applications and bash scripts. This is what I came up with so far.<br /> <br /> <h2>Expectations</h2>There are several things which must be involved to be accepted as good solution for my problem:<br /> <ul><li>Encryption of the connection between hosts,</li><li>Both ways synchronization,</li><li>Mechanism, which prevents from loosing data in conflict situations,</li><li>System must keep files up to date on all hosts instantly,</li><li>Platform independent software,</li><li>Without GUI</li></ul><br /> My solution presented below covers all these requirements, but one of them (up to date sync) is non-functional therefore it&#39;s hard to tell if my solution is satisfiable.<br /> <br /> <h2>Concept</h2>My implementation works in star network topology, which means that there is one central host, which is always on-line and all my desktop computers are connected to this main host. So every time the file is being changed, said change is being duplicated on main host. After that all other hosts update their files tree based on changes available on main host.<br /> <br /> <h2>Requirements</h2><ul><li>Unison 2.32 (<a href="http://www.cis.upenn.edu/~bcpierce/unison/" rel="nofollow">http://www.cis.upenn.edu/~bcpierce/unison/</a>)</li><li>ssh public key auth</li><li>crontab access</li></ul><h2>Installation</h2><ul><li>Install unison on your system,</li><li>Put config file listed below and modify it to fit your preferences</li><li>Put unison_exec_script.sh listed below and let cron run it (Cron part explained below)</li></ul><br /> <h2>Unison config file</h2>Config files are stored is ~/.unison/PROFILE.prf<br /> and to use this profile, unision requires it&#39;s name as first parameter in command line.<br /> <br /> <pre># Unison preferences file<br /> <br /> # === Main ===<br /> # first &quot;root&quot; is for local storage<br /> # You fill in upper case parts<br /> root = /home/USERNAME<br /> # remote folder<br /> # this additional slash in front of folder path is not a mistake<br /> root = ssh://USERNAME@REMOTE_HOST//home/USERNAME/SOME_FOLDER<br /> <br /> # === Paths ===<br /> path = Documents<br /> # so this one is /home/USERNAME/Documents<br /> path = Pictures<br /> # ... as many folders as you want<br /> <br /> # === Backup ===<br /> # in case of conflict between local and remote file, Unity will <br /> # create local backup copy of the file in folder specified in backupdir<br /> backuplocation = central<br /> backupdir = .pocket-backup<br /> backup = Name *<br /> backupprefix = $VERSION. # Do not edit this line<br /> backupsuffix =<br /> <br /> # === Logfile ===<br /> log = true<br /> logfile = ~/.unison/unison.log</pre><br /> <h2>Scripts</h2><br /> This script checks two things before running unison. Firstly it pings the server to check if it&#39;s on-line. Secondly it checks if other unison process is running. Second check must be performed, because big files might take a while to be transferred and this task might not be completed before next cron run.<br /> <pre>#!/bin/bash<br /> # unison_exec_script.sh<br /> # Tordo Systems 2011 Maciej Duda<br /> <br /> server=&quot;server.address.com&quot;;<br /> unipid=`/bin/pidof unison`;<br /> <br /> if ! ping -w 5 -c 1 $server &amp;&gt;/dev/null ;<br /> then<br /> # host down<br /> datenow=`date +%F_%T`<br /> echo $datenow &quot;server down&quot; &gt; ~/.unison/unison.log<br /> else<br /> # check if process is already running<br /> if kill -0 &quot;$unipid&quot; &gt;/dev/null 2&gt;&amp;1;<br /> then<br /> # debug<br /> datenow=`date +%F_%T`<br /> echo $datenow &quot;running&quot; &gt; ~/.unison/unison.log<br /> else<br /> exec /usr/bin/unison your_unison_profile_name -batch -silent<br /> fi<br /> fi</pre><br /> <h2>Crontab</h2>This script requires to be added to cron. I am testing it on every-minute settings so all my data are up to date but it&#39;s not necessary if you use only one client. Then 10 minutes cycle might be enough.<br /> <pre>* * * * * /path/to/script/unison_exec_script.sh &gt;/dev/null 2&gt;&amp;1</pre><br /> <h2>Research</h2>I was looking for many solutions. Currently there is no free open-source software, which fulfills all my needs and it&#39;s as easy to install as Dropbox. Below I put a list of other applications, which can be used for synchronizing your files.<br /> <br /> rsync<br /> lsync - <a href="http://code.google.com/p/lsyncd/" rel="nofollow">http://code.google.com/p/lsyncd/</a><br /> lipsync - <a href="https://github.com/philcryer/lipsync" rel="nofollow">https://github.com/philcryer/lipsync</a><br /> xsync - <a href="http://code.google.com/p/xsync/" rel="nofollow">http://code.google.com/p/xsync/</a><br /> aerofs - <a href="http://www.aerofs.com/" rel="nofollow">http://www.aerofs.com/</a><br /> syncany - <a href="http://www.syncany.org/" rel="nofollow">http://www.syncany.org/</a><br /> sparkleshare - <a href="http://sparkleshare.org/" rel="nofollow">http://sparkleshare.org/</a> Maciej Duda 2011-02-11 00:00 http://duda.tordo.net/achievements/3 <h2>Introduction</h2>This article says about pros and cons of MacBook pro manufactured by Apple.<br /> <br /> <h2>Download</h2><a href="http://tordo.net/downloads/publications/why-apple/Why_mac-Maciej_Duda_ver1.1.pdf" rel="nofollow">pdf</a> Maciej Duda 2010-01-02 00:00 http://duda.tordo.net/achievements/2 <h2>Description</h2>This paper is about unique DDoS attack on web servers.<br /> <br /> <h2>Download</h2><a href="http://tordo.net/downloads/publications/slowloris/Slowloris_http_DoS_raport.pdf" rel="nofollow">Slowloris DoS attack</a> po polsku<br /> <a href="http://tordo.net/downloads/publications/slowloris/Slowloris_http_DoS_report_en.pdf" rel="nofollow">Slowloris DoS attack</a> in english Maciej Duda 2009-06-18 00:00 http://duda.tordo.net/achievements/1 <h2>Introduction</h2>Fast and effective tool which encrypts and decrypts text. Useful for safe exchange of data for example via e-mail.<br /> <br /> The algorithm used in this project is called AES (Advanced Encryption Standard). It is symmetric key algorithm, so to encrypt and decrypt information, sender and receiver must have the same key.<br /> <br /> <h2>Requirements</h2>This application requires:<br /> <ul><li>Windows XP/7</li><li>.Net Framework 2</li></ul><h2>Screenshots</h2><a href="http://tordo.net/downloads/projects/mad_encrypt/screenshots/mad_encrypt_24.png"><img class="dimg" src="http://tordo.net/downloads/projects/mad_encrypt/screenshots/mad_encrypt_24.png" alt="" /></a><h2>Download</h2><a href="http://tordo.net/downloads/projects/mad_encrypt/Mad_Encrypt_24.exe" rel="nofollow">version 2.4</a> Maciej Duda 2009-03-31 00:00 http://duda.tordo.net/achievements/4 <h2>Description</h2>GAP is Internet photo gallery written in PHP, which is based on folder content scanning.<br /> <br /> <h2>Functions</h2><ul><li>Very light and fast gallery system,</li><li>Multiple galleries,</li><li>Requires least actions from user to add new gallery,</li><li>Pictures display order is based on added time - newest photos are shown first,</li><li>Configurable thumbnails count,</li></ul><h2>Download</h2><a href="http://tordo.net/downloads/projects/gap/31/GAP_3.1-no_admin.tar.gz" rel="nofollow">version 3.1</a> Maciej Duda 2008-12-11 00:00 http://duda.tordo.net/achievements/9 Article was written for portal <a href="http://hack.pl" rel="nofollow">hack.pl</a> to answer most common question on the forums.<br /> <br /> <a href="http://hack.pl/forum/faq/4936-%5Blinux%5D-jaka-dystrybucje-linuksa-wybrac.html" rel="nofollow">http://hack.pl/forum/faq/4936-%5Blinux%5D-jaka-dystrybucje-linuksa-wybrac.html</a> Maciej Duda 2008-10-16 00:00 http://duda.tordo.net/achievements/6 Maciej Duda 2008-05-12 00:00 http://duda.tordo.net/achievements/5 <h2>Description</h2>This script creates copy of listed folders in daily routine.<br /> <h2>Source code</h2><pre>#!/bin/bash<br /> # MakeBackup 1.0<br /> # Author: Maciej Duda<br /> # License: GNU GPL<br /> <br /> # list of folders to archive<br /> # each one in new line<br /> <br /> DIR_SOURCE=(<br /> /home/maddud/public_html_head/catnet<br /> /home/maddud/00/projects<br /> )<br /> <br /> # name of daily achive<br /> # example: 2008-03-15<br /> DATE_NOW=`date +%F`<br /> <br /> # full path, where you are going to store your archives<br /> DIR_DEST=/media/freespace/Archive_Backup/$DATE_NOW<br /> <br /> mkdir -p $DIR_DEST<br /> <br /> EC=${#DIR_SOURCE[@]}<br /> IN=0<br /> <br /> while [ &quot;$IN&quot; -lt &quot;$EC&quot; ]<br /> do<br /> cp -R ${DIR_SOURCE[$IN]} $DIR_DEST<br /> <br /> let &quot;IN = $IN + 1&quot;<br /> done<br /> DIR_DEST_SIZE=`du -hs $DIR_DEST | awk &#39;&#39;{ print $1 }&#39;&#39;`<br /> <br /> <br /> mv $DIR_DEST $DIR_DEST&quot;_&quot;$DIR_DEST_SIZE<br /> <br /> # eof<br /> </pre>To execute this script daily, add this line to cron and change path to fit your file destination.<pre>55 23 * * * /home/maddud/scripts/make_backup.sh</pre> Maciej Duda 2008-03-15 00:00 http://duda.tordo.net/achievements/10 Article written for <a href="http://hack.pl" rel="nofollow">hack.pl</a>.<br /> <br /> <a href="http://hack.pl/forum/faq/5059-szyfrowanie-danych-praktyczne-zastosowania.html" rel="nofollow">http://hack.pl/forum/faq/5059-szyfrowanie-danych-praktyczne-zastosowania.html</a> Maciej Duda 2008-02-11 00:00