Silverfire's questions

I understand that you can use IPSec to tunnel data securely. According to the Wikipedia page and a few other sources it can also tunnel IP packets and then route them through an interface. That would create a VPN where one subnet would be able to access another subnet in a very secure way.

However what I dont understand is why some people add L2TP to the stack. I get the idea that L2TP is secured by IPSEC, but if IPSEC already has a tunnel implementation wouldn't it just cause more overhead?

What is the attraction to L2TP/IPSEC when the same result can be reached with plain IPSec?

After troubleshooting problems with my mdadm config and kernel settings for about a week now i got careless and left my data drives plugged in after a successful boot test.

i was attempting to change the MDADM super-block so the kernel would auto-detect my system drive by re-creating the array. had a backup of the OS so it wasn't a big deal.

forgetting that i left the data drive in and that udev likes to f**k with the /dev/sd* assignments i ended up adding one of my drives that has data to my system boot drive (Grub and the kernel, ext2, 100mb) mdadm then re-synced the array to the boot drive. now sitting at the very start of my ext4 data partition is a 100mb ext2 partition of kernel and grub configs.

After that 100mb im hoping there's still intact data, what kind of tools can i use to attempt to recover some data. its not super super important data but i would really like it back.

Gentoo Linux 2.6

I need to restrict access to x number of folders with a password, this much i have working.

However i now need to add a folder that's called "public" that is accessible without a password. this needs to be at the same level as the other folders. I cant change the layout of the folders as this would damage existing links.

OSX 10.4.11 Apache 1.3.41

Here is my config, so far it will show the root of the site without needing a password but it is still asking for password for the public folder. I would prefer not to use .htaccess files but if its my only option i will.

<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot "/Library/WebServer/example.com/www/"
CustomLog "/var/log/httpd/access_log" "%h %l %u %t \"%r\" %>s %b"
ErrorLog "/var/log/httpd/error_log"
    <Directory "/Library/WebServer/example.com/www/">
            Options All +Indexes -ExecCGI +Includes +MultiViews
            AllowOverride None
            IndexOptions NameWidth=*
            Order Deny,Allow
            Allow from all                         
    </Directory>
    <Directory "/Library/WebServer/example.com/www/public/">
            Options All +Indexes -ExecCGI +Includes +MultiViews
            AllowOverride None
            IndexOptions NameWidth=*
            Order Deny,Allow
            Allow from all
    </Directory>
    <Directory "/Library/WebServer/example.com/www/*/">
            Options All +Indexes -ExecCGI +Includes +MultiViews
            AllowOverride None
            IndexOptions NameWidth=*
            AuthName "Restricted Area"
            AuthType Basic
            AuthUserFile /Library/WebServer/example.com/.htpasswd
            require valid-user
    </Directory>
</VirtualHost>

Im aware of the problems with AuthType Basic, also aware of the problems with running a very old version of Apache.

I was recently asked to restore the backups of some HP Ultrium LTO-3 tapes to a portable HDD, the company that owned the tapes liquidized and the old CEO wanted the backups in a form they could read on their computer. All the servers and associated software was promptly sold but i had a LTO-3 drive at work and they said they used retrospect for backups and so do we.

It sounded like this would be an easy task (nothing ever is) but Retrospect (7.6.123) reported "Content unrecognized"

I thought that maybe the tapes where incompatible so i took one of the same model HP spares from that backup set and successful wrote data to it.

To me that made it look like it was just retrospect that unable to recognize the tape format and maybe the drive was backed up from another software/version. (the information about the server environment was 2nd hand, no guarantee of accuracy)

So my question is, without knowing the software the files where backed up with can i still restore from backup? What software can i use for this task?

The tape drive is connected to a Windows 2008 server.

At a client I found they had bought a large subnet of public internet ip addresses for their business and connected all computers up with public ip addresses. (bought it years ago and never changed it, /18 size network)

For security reasons they created a routing loop between 2 routers at the edge of the network as a makeshift bit-bucket to restrict all access to the network directly from the internet and ran http through a proxy.

While I guess a routing loop would work as a makeshift bit-bucket and good practice aside, is there any security problems with this?

Would using a routing loop to deny traffic to a network pose a legitimate security risk?

There are some programs that my company use that do not support encrypted smtp authentication and using unencrypted auth is not possible (hosted on the internet by another provider, they will not lower the security)

These programs send from numerous valid mail accounts and do not receive mail, they can do normal smtp auth.

is there a program or way to add an in between service to add encryption?

The mail must be sent through the hosted mail server to avoid being removed by spam filters.

The company where I work has started to run out of disk space at 2.3TB. Originally it was a JBOD of a 1.5TB drive and a 1TB drive as a quick fix measure (yes I know this is bad, that's why I'm working out something better).

There isn't a need for blistering fast speed as this is all just for network shares.

I'm aiming for 6 x 1TB drives in a RAID 5, there will not be a database on here so RAID5 will be fine.

The problem is that I have well and truly run out of slots and ports to plug more HDD's into. I'm happy to get a SAS/RAID card if necessary.

I was thinking of getting an iSCSI bay but appears to be a very, very expensive measure.

Does anyone have any Suggestions on how to plug in many more drives into a server cheaply?

I must be missing something... anyone have any idea how this system is even functioning? Please tell me im dreaming...

Ive lost access to many files i had stored in /var/ just dissapered...

Ubuntu on openvz

root@telesto:/# mount -l
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw)
varrun on /var/run type tmpfs (rw)
varlock on /var/lock type tmpfs (rw)
root@telesto:/# df
Filesystem           1K-blocks      Used Available Use% Mounted on
varrun                 4093136        44   4093092   1% /var/run
varlock                4093136         0   4093136   0% /var/lock
root@telesto:/# ls /dev | grep sd
root@telesto:/# ls /dev | grep hd
root@telesto:/# dmesg
root@telesto:/# dmesg

I use Retrospect every day to backup to a LTO3 Tape.

The Script in retrospect backs up a few folders both on the network and local HDD's. It backs up 2 network drives on 2 separate windows servers just fine but when it backs up a OSX Server 10.6 Network drive it gives the error.

18/04/2011 11:58:17 PM: Copying websites on Xservex5
File "\\XSERVEX5\websites\": can't read security information, error -1012 (feature unsupported)

The scripts use a network share login that has administrator access.

While the backup will still complete without problems it would be nice to do away with the daily emails at 2am....

I have written PostgreSQL backups scripts that backup all the databases to file. pgAgent.exe (a scheduling daemon) starts the BAT scripts under the local postgres user.

The normal setup is to backup to a local drive and get the backup program to pick up the files but we have a client that would like to backup to a network drive.

I tried running pgAgent and by extension the scripts under the administration user and still did not have any luck. (same user that had the drive mappings)

When i login to the postgres user by running runas.exe /user:postgres cmd.exe and type cd /D Z: I get the error The system cannot find the drive specified.

Now from what i understand, network drives are mapped on a per user session basis. is there a special trick to accessing the network drives from a command prompt?