| 1 |
On Wed, Dec 17, 2008 at 2:13 PM, Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
| 2 |
> On Wednesday 17 December 2008 22:30:55 Mark Knecht wrote: |
| 3 |
>> On Wed, Dec 17, 2008 at 12:20 PM, Alan McKinnon <alan.mckinnon@×××××.com> |
| 4 |
> wrote: |
| 5 |
>> > On Wednesday 17 December 2008 20:59:54 Mick wrote: |
| 6 |
>> >> On Wednesday 17 December 2008, Dale wrote: |
| 7 |
>> >> > Mark Knecht wrote: |
| 8 |
>> >> > |
| 9 |
>> >> > I know I had webmin installed for a long time but rarely used it. I |
| 10 |
>> >> > just couldn't remember if I used it for setting up printing from |
| 11 |
>> >> > windoze or not. |
| 12 |
>> >> |
| 13 |
>> >> A friend is running webmin on a server and it makes setting up some |
| 14 |
>> >> services (like CUPS) easier to visualise/understand. However, the login |
| 15 |
>> >> into webmin is set up with the root passwd. This on an Internet facing |
| 16 |
>> >> port is making me nervous, but he is sooo attached to GUI solutions I |
| 17 |
>> >> cannot convince him that ssh is all he needs. |
| 18 |
>> > |
| 19 |
>> > Have you tried using a clue by 4[1] on him? |
| 20 |
>> > |
| 21 |
>> > It's the tried and trusty Unix tool developed for this very use case |
| 22 |
>> > |
| 23 |
>> > |
| 24 |
>> > Best demonstrated by pwning his box with a brute-force attack, followed |
| 25 |
>> > by the spoken word "See?" |
| 26 |
>> > |
| 27 |
>> > -- |
| 28 |
>> > alan dot mckinnon at gmail dot com |
| 29 |
>> |
| 30 |
>> Gawd I love good Linux lists with cool contributors. There is so much |
| 31 |
>> for me to learn! |
| 32 |
>> |
| 33 |
>> What the heck is "a clue by 4[1]"? |
| 34 |
> |
| 35 |
> It's a word play :-) |
| 36 |
> |
| 37 |
> Know what a 2 by 4 is? A 2 inch by 4 inch plank that you clobber someone ever |
| 38 |
> the head with when they are being thick. A thick user needs to get a clue. |
| 39 |
> Clue rhymes with two :-) |
| 40 |
> |
| 41 |
> "Clue by 4" is also known by the other name of LART - Luser Attitude |
| 42 |
> Readjustment Tool. Very handy thing for sysadmins to have, very handy indeed. |
| 43 |
> |
| 44 |
> But back onto your original question. Webmin is a problem that cannot be |
| 45 |
> fixed. It needs to have root priviledges, the root password needs to go over |
| 46 |
> the wire to the webmin http server, and to the best of my knowledge is not |
| 47 |
> subject to routine security scrutiny. I would not trust it further than I can |
| 48 |
> throw it, and that's not very far. |
| 49 |
> |
| 50 |
> So, someone who insists on using it deserves to have their machines pwned, |
| 51 |
> lose their data, be blacklisted for being a zombie bot and have their kittens |
| 52 |
> eaten. Rather than appease your friend's reluctance to use anything other |
| 53 |
> than a GUI, you should batter some sense into his skull. Tell him I say it is |
| 54 |
> highly unlikely that he knows more about how to do this job than the 1000s of |
| 55 |
> Unix admins who have been doing it for almost 40 years. He really, really, |
| 56 |
> wants ssh. |
| 57 |
> |
| 58 |
> -- |
| 59 |
> alan dot mckinnon at gmail dot com |
| 60 |
> |
| 61 |
> |
| 62 |
|
| 63 |
Alan, |
| 64 |
OK, now I get it, even if I don't. I'm in California but have some |
| 65 |
British friends who do those word game sayings. They consider me quite |
| 66 |
thick as I never get them. that's OK. It''s cool that they're having |
| 67 |
fun. |
| 68 |
|
| 69 |
I agree about root passwords over the net. I'm fairly careful about |
| 70 |
not using them even with ssh. I always try to go with my own account |
| 71 |
at the far end and then su to root after I'm there. |
| 72 |
|
| 73 |
for the reocrd it wasn't me asking about webmin. That was someone else. |
| 74 |
|
| 75 |
cheers, |
| 76 |
Mark |
Archives