greek0.net: The setup of this server

Hardware

• CPU: Pentium III 500MHz
• Motherboard: Asus P2B
• Ram: 384Mb
• Some random graphics card I got from eBay for EUR 8
• A Sound Blaster 16 sound card
• A Network card
• One 2GB IDE hard disk.
• One 4GB IDE hard disk.
• One 40GB IDE hard disk.
• A CD-ROM drive.

Software

Operating System

I'm using Debian GNU/Linux, because it just works for me. I have already written another page on how I got started with Linux, and why I like it. Currently I'm running a quite outdated version of Etch (Debian Testing). I'm using a quite old kernel version with the linux-vserver patchset applied. I have compiled the kernel myself and it's quite tuned for my specific requirements.

Cryptoloop/dm_crypt

Linux offers the possibility to treat normal files as devices, which can then be mounted to any point of the file system hierarchy. The so-created device is called a Loopback device. There have been kernel patches for quite some time now that enable Linux to also use encrypted Loopback files, this mechanism is called Cryptoloop. Cryptoloop supports several chipers, which AES is probably the most popular, since it's generally considered as quite secure.

Cryptoloop was one of the few ways to get encrypted filesystems with Linux 2.4. I chose it long ago for various reasons, and I've used it to encrypt my whole home directory. First I thought it wouldn't be possible easily, but it turned out that it's not too hard and, after some time, that it isn't such a great idea after all.

First, of course, a kernel with cryptoloop support was needed, which (back then) wasn't that easy to get, since seperate kernel patches were needed, and documentation was rare. Then I created a loopback file encrypted with AES and moved all the files from my home directory into it.

This was the point when I Linux told me another lesson, namely about moving files. I used mv ~/* ., with dotglob off. I deleted my old home directory and mounted the cryptoloop file to /home/greek0. Finally I realized that all my dot-files are gone :-/. Well, shit happens.

My setup was that I had only few files in my home, including the loopback file, and a script that takes a passphrase, and automatically mount the loopback file to my home directory.