ScramFS CLI

Easily script and automate encryption tasks

The ScramFS Command Line Interface makes it easy to integrate world-class encryption into existing workflows and processes via a command line interface.

#!/bin/bash
### Sample script: cron job scheduled every hour

# Copy kernel log to backup location in NYC
scramfs cp kernel.log scramfs://enc_nyc/dc2/backups/

# Email listing of all backup logs
scramfs ls scramfs://enc_nyc/dc2/backups/ | mail -s 'result' 'joe.admin@domain.com'

# Do encrypted mysqldump locally and copy to London
mysqldump --all-databases | scramfs save scramfs://enc_local/db/db.sql
scramfs cp scramfs://enc_local/db/db.sql scramfs://enc_london/dc1/db

# Copy all documents from staging server to local
scramfs cp scramfs://websvr2/staging/docs/* ~/local_cache

Encryption made simple for system administrators

System administrators and power users will love the ScramFS CLI, which makes it possible to script operations to the ScramFS encrypted file system.

These scripts can be run manually via the command line, or unattended upon a trigger such as in a cron job (Unix) or scheduled task (Windows).

Common tasks are made easy, including encrypted backup, archiving, log consolidation, searching, and image deployment.

Easily bolster your cyber defences

In an age of hacking, cyber security is foremost in the minds of CISOs and system administrators alike. While today most efforts are focussed on perimeter security, recent cases of hacking and network penetration have shown that this is simply not enough.

ScramFS gives system administrators a new security measure: advanced cryptography, made easy through an intuitive command line. When combined with strong perimeter security, it gives system administrators a valuable tool in the arsenal of preventative cyber security.

Solves security concerns associated with common system administration tasks

The ScramFS command line can be used to solve potential security problems with data that is associated with regular system administration tasks. Here are just a few examples.

  1. Backing up a MySQL database, encrypting the backup and uploading it to a remote SFTP server
  2. Copying a day’s system logs (or Apache logs, etc.), encrypting them and storing them on an encrypted file system on a NAS.
  3. Downloading a day’s sales transactions, encrypting them and uploading them to Google Drive
  4. Copying an entire file system to a mirror site while encrypting each file and filename.

Confidentiality, integrity and authenticity from the command line

ScramFS brings world class cryptography into the hands of system administrators via the command line, enabling a range of cyber defences never before possible.

Confidentiality - Guarantees that data is not readable by parties who do not possess the relevant encryption / decryption key.
  • Prevents data leakage and breaches by network intruders or rogue employees
Integrity - Guarantees that data has not been changed since it was written.
  • Protects against hardware-induced errors, and cloud providers returning changed data
Authenticity - guarantees that data originates from the claimed source.
  • Protects against malicious changes, such as injecting malware into drive images, executable files and graphics files.

Familiar command line interface for minimal learning curve

The ScramFS CLI is accessed through the command “scramfs”, and its command line syntax is designed to resemble the equivalent common Unix tools.

Command Operation
scramfs create-aliasCreate an alias (shortcut)
scramfs lsList a directory
scramfs cpCopy a file or group of files
scramfs catOpen a single file and print its contents to stdout
scramfs teeCopies stdin to stdout while saving a copy of it
scramfs mvMoves a file
scramfs rmRemoves a file
scramfs saveSimilar to “>” redirection, saves stdin to a file
scramfs mkdirMakes a directory
scramfs rmdirRemoves a directory

Set up aliases – shortcuts to targets

ScramFS has a nifty feature called “aliases” – which allows a user to pre-configure a target file system and use it in scripts.

This means that setup only needs to be performed once and can be managed centrally, no matter how many jobs and scripts reference these aliases.

What’s in an alias?
  • Path to the file system – such as a local path, the location of a WebDAV or SFTP server, or public cloud (Google Drive, OneDrive, DropBox)
  • Logon credentials
  • Whether encryption should be used, and if so, the encryption key and ScramFS configuration parameters
  • Brief description and notes

Aliases are referred to using the 'opener syntax'.

For example:

scramfs://<alias-name>/path/to/files

will access path/to/files on a ScramFS encrypted drive, while

file://<alias-name>/path/to/files

will access local files. As a convenience, this can be shortened to:

file://path/to/files

or simply

/path/to/files

Works seamlessly with encrypted and unencrypted file systems

The ScramFS CLI can work with both encrypted and unencrypted file systems.

Where an alias marks a file system as encrypted, the encryption process is performed transparently.

This makes it exceptionally versatile as tasks such as copy can be scripted across all four possible combinations of source and target file systems, as shown below:

scramfs cp <source> <target>
Source Target Effect
plaintext plaintext Same as regular “cp”
plaintext encrypted Copy and encrypt
encrypted plaintext Decrypt and copy
encrypted encrypted Re-encrypt files from source to target (decrypt using source key, and encrypt using target key)

Interoperable with stdin and stdout

Just like regular Unix and Windows command line tools, the ScramFS CLI can be used in conjunction with other tools via stdin and stdout.

Operations using stdin

  • scramfs tee – take stdin, copy it to stdout while saving it to a file
  • scramfs save – take stdin and save it to a file

For example, the following command will create a compressed tarball of init configuration, encrypt it and save it.

tar -cz /etc/init.d/* | scramfs save scramfs://backups/srv01/init.d.tar.gz

Operations using stdout

  • scramfs cat – read a file and output it to stdout

For example, the following command will decrypt the text file secret.txt, feed it through awk, sort and uniq to find all unique items in the 2 nd column of the log file:

scramfs cat scramfs://google_drive/documents/logs.txt | awk ‘{print $2}’ | sort | uniq

Send us a message

The field is required.




Cant read the image? click here to refresh