| 1 |
On Wednesday 17 December 2008 22:30:55 Mark Knecht wrote: |
| 2 |
> On Wed, Dec 17, 2008 at 12:20 PM, Alan McKinnon <alan.mckinnon@×××××.com> |
| 3 |
wrote: |
| 4 |
> > On Wednesday 17 December 2008 20:59:54 Mick wrote: |
| 5 |
> >> On Wednesday 17 December 2008, Dale wrote: |
| 6 |
> >> > Mark Knecht wrote: |
| 7 |
> >> > |
| 8 |
> >> > I know I had webmin installed for a long time but rarely used it. I |
| 9 |
> >> > just couldn't remember if I used it for setting up printing from |
| 10 |
> >> > windoze or not. |
| 11 |
> >> |
| 12 |
> >> A friend is running webmin on a server and it makes setting up some |
| 13 |
> >> services (like CUPS) easier to visualise/understand. However, the login |
| 14 |
> >> into webmin is set up with the root passwd. This on an Internet facing |
| 15 |
> >> port is making me nervous, but he is sooo attached to GUI solutions I |
| 16 |
> >> cannot convince him that ssh is all he needs. |
| 17 |
> > |
| 18 |
> > Have you tried using a clue by 4[1] on him? |
| 19 |
> > |
| 20 |
> > It's the tried and trusty Unix tool developed for this very use case |
| 21 |
> > |
| 22 |
> > |
| 23 |
> > Best demonstrated by pwning his box with a brute-force attack, followed |
| 24 |
> > by the spoken word "See?" |
| 25 |
> > |
| 26 |
> > -- |
| 27 |
> > alan dot mckinnon at gmail dot com |
| 28 |
> |
| 29 |
> Gawd I love good Linux lists with cool contributors. There is so much |
| 30 |
> for me to learn! |
| 31 |
> |
| 32 |
> What the heck is "a clue by 4[1]"? |
| 33 |
|
| 34 |
It's a word play :-) |
| 35 |
|
| 36 |
Know what a 2 by 4 is? A 2 inch by 4 inch plank that you clobber someone ever |
| 37 |
the head with when they are being thick. A thick user needs to get a clue. |
| 38 |
Clue rhymes with two :-) |
| 39 |
|
| 40 |
"Clue by 4" is also known by the other name of LART - Luser Attitude |
| 41 |
Readjustment Tool. Very handy thing for sysadmins to have, very handy indeed. |
| 42 |
|
| 43 |
But back onto your original question. Webmin is a problem that cannot be |
| 44 |
fixed. It needs to have root priviledges, the root password needs to go over |
| 45 |
the wire to the webmin http server, and to the best of my knowledge is not |
| 46 |
subject to routine security scrutiny. I would not trust it further than I can |
| 47 |
throw it, and that's not very far. |
| 48 |
|
| 49 |
So, someone who insists on using it deserves to have their machines pwned, |
| 50 |
lose their data, be blacklisted for being a zombie bot and have their kittens |
| 51 |
eaten. Rather than appease your friend's reluctance to use anything other |
| 52 |
than a GUI, you should batter some sense into his skull. Tell him I say it is |
| 53 |
highly unlikely that he knows more about how to do this job than the 1000s of |
| 54 |
Unix admins who have been doing it for almost 40 years. He really, really, |
| 55 |
wants ssh. |
| 56 |
|
| 57 |
-- |
| 58 |
alan dot mckinnon at gmail dot com |
Archives