There are many ways to backup your database automatically but this is by far the best tip I have seen for a while. Lifehacker recently posted this tip that is just genius. Gmail has something like 7.3 gigs of space available which probably most of us have hard time filling. Gmail also has a spam and bin folder that automatically empty anything older than 30 days. To take advantage of these, the tip suggests to email yourself a backup of your database and have it automatically put in to the spam folder.

Inspired by this, I made a Python script called Secfma to handle the processing of the files, encrypting them and then mailing them to the given address. I think it's important to take good care of the encrypting. At least I don't like my backups flying across the internet in plain text. Also there's the fact that if someone gains access to your Gmail password, they will also gain access to your whole database.

As I'm interested on running this on the Linux box this website is hosted on, I chose GnuPG to make the encryption. It allows pretty impressive encryption by using a long, multi-word passphrase. Also it is supplied on major Linux distributions and so does not need any installing. For mail sending, I've just used the basic Linux Sendmail.

So why do this in Python and not just a Shell script (which would have been shorter)? Well, firstly because I love Python. I also don't really like Shell scripting that much, although it does have its uses. I also believe making this in Python will allow for much better future development for the script.

What Secfma does in a nutshell;

• Scans a given folder for files
• Encrypts them with GPG
• Mails them to the given address
• Deletes the files

1. Create a Cron job to backup your database. I chose to do an hourly backup, since my database is small and Gmail has lots of room.
   • Logged into your Linux shell, type: crontab -e
   • Add the following line:
     15 * * * * mysqldump --opt -u[dbuser] -p[password] -h [mysql_host] [db_name] > "/path/to/output/and/filename_`date +\%Y\%m\%d\%H\%M\%S`.sql"
     This would produce file names like "basshero_20090921224215.sql", created on the 15th minute of every hour of every day (see more about Cron here). For more on mysqldump, see this page. Oh and no need to worry about other users seeing the password with ps since mysqldump is kind enough to hide it.
   • Save the Crontab by typing :wq[enter] (assuming Vi editor is in use).
2. Save the Secfma script files on your server. Get the package here.
3. Change to the directory with the Secfma files
4. Change the Python script to executable with chmod 700 secfma.py
5. Make the passphrase file read only to yourself with chmod 600 passphrase
6. Edit the passphrase file to contain your passphrase for GPG encryption. It should be on one line and the only content of the file. See more about GPG passphrases here.
7. Edit the file secfma.properties with some information;
   • target_address = where files should be sent
   • from_address = email address where mails arrive from
   • files_path = path where files should be scanned, basically the place where mysqldump saves the output files
   • sendmail_path = path to Sendmail, usually this might be /usr/sbin/sendmail. You can check with the command locate sendmail
   • stop_on_encrypt_error = true or false. Defaults to true which is recommended. If set to false Secfma will mail the file anyway even if GPG fails for some reason. This is not a good idea with binary files
8. Secfma has now been configured. You can test it by running ./secfma.py secfma.properties passphrase.
9. Add Secfma to Cron by adding a line with the timing of your choice. I chose it to run every 10 minutes. The following line assumes the files are in ~/secfma
   0,10,20,30,40,50 * * * * python secfma/secfma.py secfma/secfma.properties secfma/passphrase

[ python // linux // tips // gmail // database // mysql // secfma // gnupg ]