1 |
On Wed, Dec 17, 2008 at 2:13 PM, Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
2 |
> On Wednesday 17 December 2008 22:30:55 Mark Knecht wrote: |
3 |
>> On Wed, Dec 17, 2008 at 12:20 PM, Alan McKinnon <alan.mckinnon@×××××.com> |
4 |
> wrote: |
5 |
>> > On Wednesday 17 December 2008 20:59:54 Mick wrote: |
6 |
>> >> On Wednesday 17 December 2008, Dale wrote: |
7 |
>> >> > Mark Knecht wrote: |
8 |
>> >> > |
9 |
>> >> > I know I had webmin installed for a long time but rarely used it. I |
10 |
>> >> > just couldn't remember if I used it for setting up printing from |
11 |
>> >> > windoze or not. |
12 |
>> >> |
13 |
>> >> A friend is running webmin on a server and it makes setting up some |
14 |
>> >> services (like CUPS) easier to visualise/understand. However, the login |
15 |
>> >> into webmin is set up with the root passwd. This on an Internet facing |
16 |
>> >> port is making me nervous, but he is sooo attached to GUI solutions I |
17 |
>> >> cannot convince him that ssh is all he needs. |
18 |
>> > |
19 |
>> > Have you tried using a clue by 4[1] on him? |
20 |
>> > |
21 |
>> > It's the tried and trusty Unix tool developed for this very use case |
22 |
>> > |
23 |
>> > |
24 |
>> > Best demonstrated by pwning his box with a brute-force attack, followed |
25 |
>> > by the spoken word "See?" |
26 |
>> > |
27 |
>> > -- |
28 |
>> > alan dot mckinnon at gmail dot com |
29 |
>> |
30 |
>> Gawd I love good Linux lists with cool contributors. There is so much |
31 |
>> for me to learn! |
32 |
>> |
33 |
>> What the heck is "a clue by 4[1]"? |
34 |
> |
35 |
> It's a word play :-) |
36 |
> |
37 |
> Know what a 2 by 4 is? A 2 inch by 4 inch plank that you clobber someone ever |
38 |
> the head with when they are being thick. A thick user needs to get a clue. |
39 |
> Clue rhymes with two :-) |
40 |
> |
41 |
> "Clue by 4" is also known by the other name of LART - Luser Attitude |
42 |
> Readjustment Tool. Very handy thing for sysadmins to have, very handy indeed. |
43 |
> |
44 |
> But back onto your original question. Webmin is a problem that cannot be |
45 |
> fixed. It needs to have root priviledges, the root password needs to go over |
46 |
> the wire to the webmin http server, and to the best of my knowledge is not |
47 |
> subject to routine security scrutiny. I would not trust it further than I can |
48 |
> throw it, and that's not very far. |
49 |
> |
50 |
> So, someone who insists on using it deserves to have their machines pwned, |
51 |
> lose their data, be blacklisted for being a zombie bot and have their kittens |
52 |
> eaten. Rather than appease your friend's reluctance to use anything other |
53 |
> than a GUI, you should batter some sense into his skull. Tell him I say it is |
54 |
> highly unlikely that he knows more about how to do this job than the 1000s of |
55 |
> Unix admins who have been doing it for almost 40 years. He really, really, |
56 |
> wants ssh. |
57 |
> |
58 |
> -- |
59 |
> alan dot mckinnon at gmail dot com |
60 |
> |
61 |
> |
62 |
|
63 |
Alan, |
64 |
OK, now I get it, even if I don't. I'm in California but have some |
65 |
British friends who do those word game sayings. They consider me quite |
66 |
thick as I never get them. that's OK. It''s cool that they're having |
67 |
fun. |
68 |
|
69 |
I agree about root passwords over the net. I'm fairly careful about |
70 |
not using them even with ssh. I always try to go with my own account |
71 |
at the far end and then su to root after I'm there. |
72 |
|
73 |
for the reocrd it wasn't me asking about webmin. That was someone else. |
74 |
|
75 |
cheers, |
76 |
Mark |