1 |
On Wednesday 17 December 2008 22:30:55 Mark Knecht wrote: |
2 |
> On Wed, Dec 17, 2008 at 12:20 PM, Alan McKinnon <alan.mckinnon@×××××.com> |
3 |
wrote: |
4 |
> > On Wednesday 17 December 2008 20:59:54 Mick wrote: |
5 |
> >> On Wednesday 17 December 2008, Dale wrote: |
6 |
> >> > Mark Knecht wrote: |
7 |
> >> > |
8 |
> >> > I know I had webmin installed for a long time but rarely used it. I |
9 |
> >> > just couldn't remember if I used it for setting up printing from |
10 |
> >> > windoze or not. |
11 |
> >> |
12 |
> >> A friend is running webmin on a server and it makes setting up some |
13 |
> >> services (like CUPS) easier to visualise/understand. However, the login |
14 |
> >> into webmin is set up with the root passwd. This on an Internet facing |
15 |
> >> port is making me nervous, but he is sooo attached to GUI solutions I |
16 |
> >> cannot convince him that ssh is all he needs. |
17 |
> > |
18 |
> > Have you tried using a clue by 4[1] on him? |
19 |
> > |
20 |
> > It's the tried and trusty Unix tool developed for this very use case |
21 |
> > |
22 |
> > |
23 |
> > Best demonstrated by pwning his box with a brute-force attack, followed |
24 |
> > by the spoken word "See?" |
25 |
> > |
26 |
> > -- |
27 |
> > alan dot mckinnon at gmail dot com |
28 |
> |
29 |
> Gawd I love good Linux lists with cool contributors. There is so much |
30 |
> for me to learn! |
31 |
> |
32 |
> What the heck is "a clue by 4[1]"? |
33 |
|
34 |
It's a word play :-) |
35 |
|
36 |
Know what a 2 by 4 is? A 2 inch by 4 inch plank that you clobber someone ever |
37 |
the head with when they are being thick. A thick user needs to get a clue. |
38 |
Clue rhymes with two :-) |
39 |
|
40 |
"Clue by 4" is also known by the other name of LART - Luser Attitude |
41 |
Readjustment Tool. Very handy thing for sysadmins to have, very handy indeed. |
42 |
|
43 |
But back onto your original question. Webmin is a problem that cannot be |
44 |
fixed. It needs to have root priviledges, the root password needs to go over |
45 |
the wire to the webmin http server, and to the best of my knowledge is not |
46 |
subject to routine security scrutiny. I would not trust it further than I can |
47 |
throw it, and that's not very far. |
48 |
|
49 |
So, someone who insists on using it deserves to have their machines pwned, |
50 |
lose their data, be blacklisted for being a zombie bot and have their kittens |
51 |
eaten. Rather than appease your friend's reluctance to use anything other |
52 |
than a GUI, you should batter some sense into his skull. Tell him I say it is |
53 |
highly unlikely that he knows more about how to do this job than the 1000s of |
54 |
Unix admins who have been doing it for almost 40 years. He really, really, |
55 |
wants ssh. |
56 |
|
57 |
-- |
58 |
alan dot mckinnon at gmail dot com |