Gentoo Archives: gentoo-user

From: Alan McKinnon <alan.mckinnon@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Re: [OT] Webmin Question - was Print to cups printer from Windows?
Date: Wed, 17 Dec 2008 22:13:53
Message-Id: 200812180013.28411.alan.mckinnon@gmail.com
In Reply to: Re: [gentoo-user] Re: [OT] Webmin Question - was Print to cups printer from Windows? by Mark Knecht
1 On Wednesday 17 December 2008 22:30:55 Mark Knecht wrote:
2 > On Wed, Dec 17, 2008 at 12:20 PM, Alan McKinnon <alan.mckinnon@×××××.com>
3 wrote:
4 > > On Wednesday 17 December 2008 20:59:54 Mick wrote:
5 > >> On Wednesday 17 December 2008, Dale wrote:
6 > >> > Mark Knecht wrote:
7 > >> >
8 > >> > I know I had webmin installed for a long time but rarely used it. I
9 > >> > just couldn't remember if I used it for setting up printing from
10 > >> > windoze or not.
11 > >>
12 > >> A friend is running webmin on a server and it makes setting up some
13 > >> services (like CUPS) easier to visualise/understand. However, the login
14 > >> into webmin is set up with the root passwd. This on an Internet facing
15 > >> port is making me nervous, but he is sooo attached to GUI solutions I
16 > >> cannot convince him that ssh is all he needs.
17 > >
18 > > Have you tried using a clue by 4[1] on him?
19 > >
20 > > It's the tried and trusty Unix tool developed for this very use case
21 > >
22 > >
23 > > Best demonstrated by pwning his box with a brute-force attack, followed
24 > > by the spoken word "See?"
25 > >
26 > > --
27 > > alan dot mckinnon at gmail dot com
28 >
29 > Gawd I love good Linux lists with cool contributors. There is so much
30 > for me to learn!
31 >
32 > What the heck is "a clue by 4[1]"?
33
34 It's a word play :-)
35
36 Know what a 2 by 4 is? A 2 inch by 4 inch plank that you clobber someone ever
37 the head with when they are being thick. A thick user needs to get a clue.
38 Clue rhymes with two :-)
39
40 "Clue by 4" is also known by the other name of LART - Luser Attitude
41 Readjustment Tool. Very handy thing for sysadmins to have, very handy indeed.
42
43 But back onto your original question. Webmin is a problem that cannot be
44 fixed. It needs to have root priviledges, the root password needs to go over
45 the wire to the webmin http server, and to the best of my knowledge is not
46 subject to routine security scrutiny. I would not trust it further than I can
47 throw it, and that's not very far.
48
49 So, someone who insists on using it deserves to have their machines pwned,
50 lose their data, be blacklisted for being a zombie bot and have their kittens
51 eaten. Rather than appease your friend's reluctance to use anything other
52 than a GUI, you should batter some sense into his skull. Tell him I say it is
53 highly unlikely that he knows more about how to do this job than the 1000s of
54 Unix admins who have been doing it for almost 40 years. He really, really,
55 wants ssh.
56
57 --
58 alan dot mckinnon at gmail dot com

Replies