On Wednesday 17 December 2008 22:30:55 Mark Knecht wrote: > On Wed, Dec 17, 2008 at 12:20 PM, Alan McKinnon <alan.mckin...@gmail.com> wrote: > > On Wednesday 17 December 2008 20:59:54 Mick wrote: > >> On Wednesday 17 December 2008, Dale wrote: > >> > Mark Knecht wrote: > >> > > >> > I know I had webmin installed for a long time but rarely used it. I > >> > just couldn't remember if I used it for setting up printing from > >> > windoze or not. > >> > >> A friend is running webmin on a server and it makes setting up some > >> services (like CUPS) easier to visualise/understand. However, the login > >> into webmin is set up with the root passwd. This on an Internet facing > >> port is making me nervous, but he is sooo attached to GUI solutions I > >> cannot convince him that ssh is all he needs. > > > > Have you tried using a clue by 4[1] on him? > > > > It's the tried and trusty Unix tool developed for this very use case > > > > > > Best demonstrated by pwning his box with a brute-force attack, followed > > by the spoken word "See?" > > > > -- > > alan dot mckinnon at gmail dot com > > Gawd I love good Linux lists with cool contributors. There is so much > for me to learn! > > What the heck is "a clue by 4[1]"?
It's a word play :-) Know what a 2 by 4 is? A 2 inch by 4 inch plank that you clobber someone ever the head with when they are being thick. A thick user needs to get a clue. Clue rhymes with two :-) "Clue by 4" is also known by the other name of LART - Luser Attitude Readjustment Tool. Very handy thing for sysadmins to have, very handy indeed. But back onto your original question. Webmin is a problem that cannot be fixed. It needs to have root priviledges, the root password needs to go over the wire to the webmin http server, and to the best of my knowledge is not subject to routine security scrutiny. I would not trust it further than I can throw it, and that's not very far. So, someone who insists on using it deserves to have their machines pwned, lose their data, be blacklisted for being a zombie bot and have their kittens eaten. Rather than appease your friend's reluctance to use anything other than a GUI, you should batter some sense into his skull. Tell him I say it is highly unlikely that he knows more about how to do this job than the 1000s of Unix admins who have been doing it for almost 40 years. He really, really, wants ssh. -- alan dot mckinnon at gmail dot com
