[Sderby] Webmin
Andre Hefer (IMAP5)
andre.hefer at avhservices.co.uk
Sat Feb 21 12:24:09 GMT 2004
> David Jolley wrote:
>
> Does anyone have any experience running webmin on a server which is
> connected to the internet? I'm looking to put webmin on one of my
> servers, but I'm reticent about it being publically accessible (either
> on it's known port or another port).
Andre Hefer wrote:
Here is some advice from chapter 3 of "The book of WEBMIN" by Joe Cooper
Linux Journal Press ISBN 1-886411-92-1,
(1) If you have OpenSSL and the Net::SSLeay Perl module installed then you
can use SSL encrypted sessions with webmin - See Webmin: Webmin
configuration: SSL Encryption.
(2) Use proper passwords -.i.e minimum length, no dictionary words, include
numbers - all of this will help defeat brute force password cracking.
(3) Set the authentication policy - See Webmin: Webmin Configuration:
Authentication. Here you can enable password timeouts and automatically
block hosts that attempt brute force password cracking.
(4) Network network access controls - You can control which IP addresses are
able to access webmin.
(5) You can change away from the default port of 10000
(6) You can disable the webmin daemon when not using it.
I feel comfortable running webmin on a publicly accessible website. I would
route all the publicly accessible services to an isolated machine with a
stable configuration. The less stuff you have running on the machine the
easier it is to secure.
More information about the Sderby
mailing list