LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 09-07-2004, 03:39 PM   #1
macnut
LQ Newbie
 
Registered: Sep 2004
Posts: 18

Rep: Reputation: 0
How Secure is Webmin?


I've been thinking about using a control-panel type utility for administering my Linux server, and have heard some good things about Webmin. However, how secure is it? Would I be opening another hole into my system by installing and running it? If not, what are the best ways to secure it?

By way of comparison, I'm presently loggin on via SSH and using the command line to administer by box.
 
Old 09-07-2004, 06:31 PM   #2
sether
Member
 
Registered: Aug 2004
Posts: 695

Rep: Reputation: 30
http://seclists.org/lists/security-b.../Oct/0338.html

http://www.google.com/search?hl=en&l...ty&btnG=Search

the first link is sort of useful, but a google search (the second link) comes up with lots of info about webmin security vulnerabilites. you should read up on some of the results of the google search.
 
Old 09-08-2004, 04:26 AM   #3
r0b0
Member
 
Registered: Aug 2004
Location: Europe
Posts: 602

Rep: Reputation: 49
Be sure to have the latest and secure version of the webmin software.
Use https access and make proper, custom SSL certificate for webmin (don't ever use the default one shipped with webmin distribution).
If possible, limit access to webmin by firewall.
And you should be safe.
 
Old 09-08-2004, 05:17 AM   #4
linux_terror
Member
 
Registered: Aug 2004
Location: Northbrook, Illinois
Distribution: CentOS-5
Posts: 311

Rep: Reputation: 30
Don't know if it helps any but in addition to the above methods I also switch the port webmin runs on. It defaults to port 10000, switch it to whatever you like.

linux_terror
 
Old 09-12-2004, 02:54 AM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
it would be a good idea to not have webmin running all the time... just start it via ssh when you need it...

and if you don't actually need it, it's best to not use it at all...
 
Old 09-13-2004, 09:29 AM   #6
r0b0
Member
 
Registered: Aug 2004
Location: Europe
Posts: 602

Rep: Reputation: 49
Quote:
not have webmin running all the time... just start it via ssh when you need it...
Hehe... The way I use webmin is exactly the oppostite of your approach - the only thing I use webmin for is to start sshd that is not running for some reason .
 
Old 09-13-2004, 10:30 AM   #7
treotan
Member
 
Registered: Jun 2004
Posts: 126

Rep: Reputation: 15
I followed the instruction:
Install STunnel
The program is installed as standard with many Linux distributions, or can be downloaded from www.stunnel.org and compiled for your system.

Create a new tunnel
Use Webmin's SSL Tunnels module to create a new tunnel on port 10001 called ssl-webmin that uses the Connect to remote host mode to connects to localhost port 10000 (assuming you are running Webmin on port 10000).
The SSL certificate and key file option should be set to Use Webmin's cert, and all of the other options left as their defaults.

Activate the tunnel
Hit the Apply Changes button in the SSL Tunnels module to activate your new tunnel.

Configure Webmin so that it knows about the SSL tunnel
Added the line inetd_ssl=1 to /etc/webmin/miniserv.conf and run /etc/webmin/stop ; /etc/webmin/start.

Login to Webmin in SSL mode
You should now be able to connect to https://yourhostname:10001/ and login as normal. The old URL on port 10000 will no longer work properly.

My config is as following:
Service name TCP port Active? Tunnel destination
ssl-webmin 10001 Yes Connect to host localhost.localdomain:10000

and I connecting with the router, opened the port 10001 for the stunnel. but it is not sucess!!

What wrong I did?

Thks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
webmin troubles - Failed to write to /etc/webmin/module.infos.cache : No space left o coal-fire-ice Linux - Software 1 07-28-2005 11:08 AM
VSFTPD with secure & non-secure logins Ricci Graham Linux - Software 5 04-07-2005 05:12 PM
regarding webmin... zameer_india Linux - General 20 01-13-2005 04:29 AM
Secure email (SSL vs. secure authentication) jrdioko Linux - Newbie 2 11-28-2004 02:39 PM
vsftpd very very secure, so secure i can't use it... baronsam Linux - Networking 4 10-06-2003 07:12 PM


All times are GMT -5. The time now is 05:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration