Announcement

Collapse
No announcement yet.

Webmin 2.0 Released For Open-Source Web-Based Server Management/Administration

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ll1025
    replied
    Originally posted by Ungweliante View Post

    You're implicitly trusting the network. A network admin can reach the service even if he is not allowed to.

    It is better than nothing, but it is bad.
    Security in depth. IP Whitelist can drastically limit your attack surface. Yes, the network infrastructure providers can still do bad things, but if you keep the whitelist to in-country IPs, you've knocked out 99% of the threats (barring some truly advanced attacks like BGP hijacks). The overwhelming majority of probes are going to be coming from out-of-country‚Äč and it is worth removing them especially if you are limited in your security options.

    Leave a comment:


  • DRanged
    replied
    Originally posted by kpedersen View Post
    I had a colleague who was a fan of Webmin. Personally I didn't like not knowing exactly what config files it would change. It didn't feel deterministic enough.

    Did anyone here use Smit/Smitty on AIX? I like how it provides the underlying command before you execute via the GUI. Something like this more integrated into Webmin could be useful.
    Yep I am a great fan of Smitty being brought up on AIX 3.2, 4.1.5 and 4.5 together with my trusty AIX bible. Still having fond memories of the RS/6000 320, RS/6000 360 and the P43.

    I got a RS/6000 320 and 360 at home.

    Leave a comment:


  • Ungweliante
    replied
    Originally posted by ll1025 View Post
    Whitelist IP is absolutely reliable for reducing attack surface. An attacker can spoof your IP but cannot make the return traffic get to them. Spoofing IPs is a useful technique in some connectionless scenarios (e.g. spoofing DNS replies or DoSing), but it is useless for brute-force login attempts: you have no way of knowing if your attempted credential was accepted.

    The problems with whitelisted IPs are that IPs tend to change frequently and the whitelist can quickly become an unmaintainable mess. For a single user on a small number of systems it's perfectly fine.
    You're implicitly trusting the network. A network admin can reach the service even if he is not allowed to.

    It is better than nothing, but it is bad.

    Leave a comment:


  • uid313
    replied
    Can this handle Docker, Flatpak and Snap?
    Can this handle virtual machines?
    Can this install/configure/setup/manage firewall, SSH, Git, PostgresSQL?

    Leave a comment:


  • ll1025
    replied
    Originally posted by Ungweliante View Post

    Whitelist IP is not reliable, IPs can be spoofed.
    Whitelist IP is absolutely reliable for reducing attack surface. An attacker can spoof your IP but cannot make the return traffic get to them. Spoofing IPs is a useful technique in some connectionless scenarios (e.g. spoofing DNS replies or DoSing), but it is useless for brute-force login attempts: you have no way of knowing if your attempted credential was accepted.

    The problems with whitelisted IPs are that IPs tend to change frequently and the whitelist can quickly become an unmaintainable mess. For a single user on a small number of systems it's perfectly fine.
    Last edited by ll1025; 24 August 2022, 01:00 PM.

    Leave a comment:


  • drownthepoor
    replied
    I ended up using Webmin when I first started using Linux at home. I had installed Apache, but had very little understanding of bash or .conf files so as I was fumbling through making things work I couldn't believe that everything was done via text documents.
    I installed Webmin by some miracle and I was so excited that I had a graphical way of managing everything, and was immediately disappointed by it. I think it was actually more confusing. Last experience i had with it was like 6 months ago when I was testing out Turnkey Linux, and I think most of their web-portal management is modified Webmin.

    Leave a comment:


  • aht0
    replied
    Webmin by default is pretty ugly but peeps have made some nice themes to fix that.

    But ye, dont leave it with public net access, liable to get hacked.

    It works reasonably well imho, been using it quite a bit over ssh tunnels.

    Leave a comment:


  • Quackdoc
    replied
    I wasnt a fan of webmin when I tried it, Ive been using cockpit and like it a lot but its missing way to many features to use a main management solution IMO. will try webmin again

    Leave a comment:


  • waxhead
    replied
    Originally posted by bash2bash View Post

    Then maybe this script will be something you'll appreciate.
    Maybe someday ... interestingly enough gitlab's page does not even load on my browser.. (SeaMonkey 2.53.13) ... guess I am getting old

    Leave a comment:


  • bash2bash
    replied
    Originally posted by waxhead View Post
    ssh, tmux, mc, nano, tigervnc, xfce, doublecommander, a slice of pizza and a cold pepsi is in my opinion much more productive than any web based admin tool that usually miss some important thing anyway...
    Then maybe this script will be something you'll appreciate.

    Leave a comment:

Working...
X