Linux Hack of the Week #21: Resistance to Backups is Futile

We live in an age where SO much information is stored on our computers. We have endless amounts of documents, games, music, and those oh-so-cute pictures of our cuddly, furry friends.

With all of that data and information, it's foolhardy nowadays not to have some sort of backup strategy. However, choosing a strategy that is reliable and easy to use isn't always as straightforward as we would like. Let’s take Linux, for example. Linux has hundreds of ways of backing up files. This can range from using a pipeline of carefully crafted bash scripts to literally setting reminders in your phone to make sure we copy and paste directories.

When choosing a backup solution, some nice-to-haves include automation, reliability, and ease of use.

We Are the Borg (backup)

...lower your firewalls and surrender your files!

Borg backup is a deduplicating archiver with compression and encryption. Impressive, right? Deduplication is a fancy word for taking your data and reducing it to single instances of the composite data. Basically, it’s smooshing down the data into only the required data to represent the original data itself. On top of that, borg uses compression to reduce your backup size even further. Borg also allows you to add encryption to keep all those cat photos, birthday videos, and Alicia Keys albums extra safe.

Installing borg is as simple as running the following command:

Creating a Hive

Borg supports local and offsite backups with a wide variety of compression algorithms. To create a borg repository, run the following command: (where the path argument can be any accessible drive path)

Where <repokey> can be one of the following: 'none', 'keyfile', 'repokey', 'authenticated', 'keyfile-blake2', 'repokey-blake2', or 'authenticated-blake2'.

If you have confidential or secret information (or embarrassing photos from a past Christmas party) it is recommended to use a repokey. The most basic auth is a repokey, which uses a passphrase and a key file.

Per the man page for borg, repokey protects your data with the following:


repokey and keyfile use AES-CTR-256 for encryption and HMAC-SHA256 for authentication in an encrypt-then-MAC (EtM) construction. The chunk ID hash is HMAC-SHA256 as well (with a separate key).


This makes sure no one sees those embarrassing Christmas party photos, ever.

Example of running borg init:


Save your key and passphrase in a secure and safe place. Use the provided command `borg key export` to copy the key to a local file:

If you are using encryption, it is very important that you keep `repository.key` and your passphrase safe.

Firing Off a Backup

Now the fun part: creating the actual backup! The initial backup may take some time; however once it is complete, subsequent borg backups will be much faster (the command is shortened to fit on the page):

The argument “::EmbarrassingChristmasPhotosArchive” is the unique name of this archive:

Via the command switches `-v --stats`, borg provides a wealth of information about the backup in question. In this backups case, the final size of the backup is 8.76GB - that’s a 7% reduction!

Better Borg Than Lost

Creating backups can be a cumbersome process in some cases. Borg backup is a quick and easy way to create fast, secure, and space efficient backups.

Next Week

In the next installment of Linux Hack of the Week, we will cover how to automate backups in a reliable way using systemD.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.