Easily script and automate encryption tasks
The ScramFS Command Line Interface makes it easy to integrate world-class encryption into existing workflows and processes via a command line interface.
### Sample script: cron job scheduled every hour
# Copy kernel log to backup location in NYC
scramfs cp kernel.log scramfs://enc_nyc/dc2/backups/
# Email listing of all backup logs
scramfs ls scramfs://enc_nyc/dc2/backups/ | mail -s 'result' 'joe.admin@domain.com'
# Do encrypted mysqldump locally and copy to London
mysqldump --all-databases | scramfs save scramfs://enc_local/db/db.sql
scramfs cp scramfs://enc_local/db/db.sql scramfs://enc_london/dc1/db
# Copy all documents from staging server to local
scramfs cp scramfs://websvr2/staging/docs/* ~/local_cache
Encryption made simple for system administrators
System administrators and power users will love the ScramFS CLI, which makes it possible to script operations to the ScramFS encrypted file system.
These scripts can be run manually via the command line, or unattended upon a trigger such as in a cron job (Unix) or scheduled task (Windows).
Common tasks are made easy, including encrypted backup, archiving, log consolidation, searching, and image deployment.
Easily bolster your cyber defences
In an age of hacking, cyber security is foremost in the minds of CISOs and system administrators alike. While today most efforts are focussed on perimeter security, recent cases of hacking and network penetration have shown that this is simply not enough.
ScramFS gives system administrators a new security measure: advanced cryptography, made easy through an intuitive command line. When combined with strong perimeter security, it gives system administrators a valuable tool in the arsenal of preventative cyber security.
Solves security concerns associated with common system administration tasks
The ScramFS command line can be used to solve potential security problems with data that is associated with regular system administration tasks. Here are just a few examples.
- Backing up a MySQL database, encrypting the backup and uploading it to a remote SFTP server
- Copying a day’s system logs (or Apache logs, etc.), encrypting them and storing them on an encrypted file system on a NAS.
- Downloading a day’s sales transactions, encrypting them and uploading them to Google Drive
- Copying an entire file system to a mirror site while encrypting each file and filename.
Confidentiality, integrity and authenticity from the command line
ScramFS brings world class cryptography into the hands of system administrators via the command line, enabling a range of cyber defences never before possible.
Confidentiality - Guarantees that data is not readable by parties who do not possess the relevant encryption / decryption key.
|
Integrity - Guarantees that data has not been changed since it was written.
|
Authenticity - guarantees that data originates from the claimed source.
|
Familiar command line interface for minimal learning curve
The ScramFS CLI is accessed through the command “scramfs”, and its command line syntax is designed to resemble the equivalent common Unix tools.
| Command | Operation |
|---|---|
| scramfs create-alias | Create an alias (shortcut) |
| scramfs ls | List a directory |
| scramfs cp | Copy a file or group of files |
| scramfs cat | Open a single file and print its contents to stdout |
| scramfs tee | Copies stdin to stdout while saving a copy of it |
| scramfs mv | Moves a file |
| scramfs rm | Removes a file |
| scramfs save | Similar to “>” redirection, saves stdin to a file |
| scramfs mkdir | Makes a directory |
| scramfs rmdir | Removes a directory |
Set up aliases – shortcuts to targets
ScramFS has a nifty feature called “aliases” – which allows a user to pre-configure a target file system and use it in scripts.
This means that setup only needs to be performed once and can be managed centrally, no matter how many jobs and scripts reference these aliases.
| What’s in an alias? |
|---|
|
|
|
|
Aliases are referred to using the 'opener syntax'.
For example:
scramfs://<alias-name>/path/to/files
will access path/to/files on a ScramFS encrypted drive, while
file://<alias-name>/path/to/files
will access local files. As a convenience, this can be shortened to:
file://path/to/files
or simply
/path/to/files
Works seamlessly with encrypted and unencrypted file systems
The ScramFS CLI can work with both encrypted and unencrypted file systems.
Where an alias marks a file system as encrypted, the encryption process is performed transparently.
This makes it exceptionally versatile as tasks such as copy can be scripted across all four possible combinations of source and target file systems, as shown below:
scramfs cp <source> <target>
| Source | Target | Effect |
|---|---|---|
| plaintext | plaintext | Same as regular “cp” |
| plaintext | encrypted | Copy and encrypt |
| encrypted | plaintext | Decrypt and copy |
| encrypted | encrypted | Re-encrypt files from source to target (decrypt using source key, and encrypt using target key) |
Interoperable with stdin and stdout
Just like regular Unix and Windows command line tools, the ScramFS CLI can be used in conjunction with other tools via stdin and stdout.
Operations using stdin
- scramfs tee – take stdin, copy it to stdout while saving it to a file
- scramfs save – take stdin and save it to a file
For example, the following command will create a compressed tarball of init configuration, encrypt it and save it.
tar -cz /etc/init.d/* | scramfs save scramfs://backups/srv01/init.d.tar.gz
Operations using stdout
- scramfs cat – read a file and output it to stdout
For example, the following command will decrypt the text file secret.txt, feed it through awk, sort and uniq to find all unique items in the 2 nd column of the log file:
scramfs cat scramfs://google_drive/documents/logs.txt | awk ‘{print $2}’ | sort | uniq
