Hacked systems and the law
Dustin Decker
dustind at moon-lite.com
Wed Apr 23 14:41:01 CDT 2003
On Tue, 22 Apr 2003, Jonathan Hutchins wrote:
> I thought webmin was inherently insecure. Wouldn't you feel better having
> direct, secure control over the config files?
Webmin is like any other control applet - it can be made very insecure
very easily. Out of the box, if you have OpenSSL available at install
time, you can make use of it.
Were I to make a suggestion, I would assign it to a port other than the
default 10000, and perhaps go so far as to assign it to an aliased nic,
such as eth0:1 and bind a separate IP for that function. Then use ssh,
port forward to it post authentication, and wind up with an additional
layer of separation.
I guess what I mean is I don't think I'd put webmin directly on the
Internet if I had alternatives.
I use webmin from time to time - but my definition of "use" is in that I
will set it up for a client who knows nothing about a system they've
purchased from me so they can admin those things they need to be concerned
about, and not call (and needlessly pay) me to make _simple_ changes. If
I'm doing the changes, I prefer to do them by hand. One certainly runs
the risk of winding up in total "click and drool" territory if they rely
solely on the gui to get things done.
Dustin
--
o-----------------------------------o
| Dustin Decker - CNA, MCP |
| dustin at dustindecker.com o-------------------------------------o
| Network Engineer | "One Architecture, One OS" also |
| Preferred Physicians Group | translates as "One Egg, |
o-------------------------------| One Basket." |
o-------------------------------------o
More information about the Kclug
mailing list