I’ve been running ispconfig on my beowulf servers for quite some time, now. security model is more like plesk. nobody should be running cpanel. cpanel is dangerous. I had several websites hacked. the attack vector was cpanel. all websites rin under the coanel user. it doesn’t work that way under plesk or ispconfig. ispconfig is free and lacks a native file manager, but who needs them with ftps/sftp options. it will manage ufw as well. if you use it please toss some money their way.
Sent from my iPhone > On Jun 7, 2021, at 6:46 PM, Hendrik Boom <[email protected]> wrote: > > On Tue, Jun 08, 2021 at 12:05:39AM +0200, Arnt Karlsen wrote: >> >> ..snip "tech" justification of subversive systemd politics. >> >>> So in summary, there is no way of running cockpit in a >>> non-systemd/Linux environment that I'd be willing to support. > > Most of the worries mentioed here seem a bit overblown, but still > need to be considered. >> >> ..found just 3 mentions of "systemd", and this gem in: >> https://metadata.ftp-master.debian.org/changelogs//main/c/cockpit/cockpit_243-1_changelog >> "- Detect unregistered RHEL systems on Software Updates page" > > But I did look at those mentions of systemd. The one I found > worrisome was the first: > > * Add smoke autopkgtest that can run in containers. > Add a simple test of cockpit-bridge and the login page to ensure that > packages have the right dependencies and contents, and that the systemd > units are set up correctly to get a login page on > https://localhost:9090. > This can also run in a container and thus in Debian's CI and on all > > If systemd becomes an integral par of Debian's packaging system, > it may cause us difficulties. > > -- hendrik >> >> ..now, Martin Pitt does offer a good recommendation: >>> For these I'd rather recommend looking at webmin, ebox, or similar >>> project." >> >> ..https://alternativeto.net/software/cockpit-linux/ >> >> ..to maintain e.g. webmin (https://www.webmin.com/ ) >> support for cockpit, you may wanna look at these 2: ... >> "https://packages.debian.org/sid/cockpit-bridge >> Cockpit bridge server-side component >> The Cockpit bridge component installed server side and runs commands >> on the system on behalf of the web based user interface." >> ...and "https://packages.debian.org/sid/cockpit-tests >> Tests for Cockpit >> This package contains tests and files used while testing Cockpit. >> These files are not required for running Cockpit." ... >> >> ...and check systemd and cockpit brass thinking: ... >> https://packages.debian.org/sid/cockpit-doc >> "Cockpit deployment and developer guide >> The Cockpit Deployment and Developer Guide shows sysadmins how to >> deploy Cockpit on their machines as well as helps developers who >> want to embed or extend Cockpit." >> >> ...against: https://packages.debian.org/source/sid/cockpit >> and the possible potential Ken Thompson style hacks: >> https://duckduckgo.com/?q=Ken+Thompson+style+hacks&ia=web >> >> ..and, who needs a compiler with systemd onboard? My guess is systemd >> running as PID1, can be set up to launch such possible "Ken Thompson >> style hack" attacks, all you need to do is hide them away in binaries >> somewhere "neccessary" online, so these new Cockpit web admin user >> systemd victims never understand them, even if they ever find out how >> to read such C etc code... >> >> ..on cockpit and alternatives: >> https://www.unixmen.com/cockpit-a-beginner-friendly-server-administration-tool/ >> https://www.linux-magazine.com/Issues/2020/241/Cockpit >> https://www.hostingadvice.com/how-to/cpanel-vs-plesk-vs-webpanel/ >> https://alternativeto.net/software/webmin/ >> https://en.wikipedia.org/wiki/Comparison_of_web_hosting_control_panels >> >> ..cockpit is not known by Wikipedia: >> https://en.wikipedia.org/wiki/Cockpit_(disambiguation) >> https://en.wikipedia.org/w/index.php?title=Special:Search&limit=500&offset=0&profile=default&search=intitle%3A%22Cockpit%22&ns0=1 >> >> >> ..turns out ebox changed its name, and, it does not support Procmail: >> https://zentyal.com/features/ >> >> ..webmin supports procmail. >> >> -- >> ..med vennlig hilsen = with Kind Regards from Arnt Karlsen >> ...with a number of polar bear hunters in his ancestry... >> Scenarios always come in sets of three: >> best case, worst case, and just in case. >> _______________________________________________ >> Dng mailing list >> [email protected] >> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > _______________________________________________ > Dng mailing list > [email protected] > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
