From: Joe C. <jo...@sw...> - 2002-02-23 01:42:02
|
Craig White wrote: > On Fri, 2002-02-22 at 15:09, TXNetwork wrote: > >>Sorry, but everything has been running so smoothly with Webmin that I didn't >>think it could happen to me...didn't keep Jami's message about how to keep >>someone from hacking into system through admin or something. >> >>Today, found where my etc/fstab file had been altered and the server >>wouldn't reboot and there was no way to log in as single user. The ISP that >>runs my server for me finally got in and got the file put back in but he >>naturally says that it is because I'm using a program like this and leaving >>myself wide open for hackers. >> >>I can't do this without Webmin so...........anyone that kept the >>instructions, I need the details please. >> >> > ---- > webmin is neither the problem nor the solution. It might make things > easier for a hacker if they were capturing a session and you never > installed the Net::SSLeay and turned it on but that as I said, is > neither the problem nor the solution. > > the problem is that you want to be able to remotely adminstrate your > server which is 'co-located' at a site that is only reachable thru the > public internet and you haven't the knowledge on how to secure it. > > Only one answer - pay someone to do it for you. Actually, two answers...the one Craig mentions, and the other, much more expensive option: Learn how to secure a Unix machine and do it yourself. It's more expensive, because a Unix nerd will secure it for you in two hours for $100-$200 (unless the box has already been rooted, in which case, the time required to clean up will be huge and you'll need a quite serious expert--expect to pay $500-$1000 for a proper cleanup). But learning yourself will take weeks or months, depending on your current level of knowledge and how much time and effort you devote to the task. If, as I think you're saying, your box has already been exploited, then your best bet is to reinstall the OS on the box, update all packages to the latest errata from your OS vendor, then secure it (not just Webmin), then put it back into public service. It can usually be fixed without a reinstall, but take it from someone who has repaired a cracked/rooted box on several occasions, it isn't easy even for someone who knows what to look for and how to fix it (and when to say "This can't be fixed...all reliable methods of tracking the intruder have been wiped out. Time to reinstall.") Of course, if you don't learn it yourself, you have to rely on someone whom you may not know is competent to secure your system--and you'll have no easy way to know if they've done the job correctly. You'll also have to hire someone every few months to audit your system, to insure no exploitable packages are running. It is probably worth the effort to learn how yourself if you've got a server that your responsible for...but securing Webmin is just the tip of the iceberg (and Webmin has no current exploits as far as I know, so it is secure if configured to use SSL connections). But, to answer your question (don't think doing this will solve your problems, it will not! this will only add a little extra security to Webmin, which was probably not the problem in the first place): Configure Webmin to only allow logins from the IP addresses from which you will be logging in. Configure Webmin to timeout sessions, if you login from a public computer (even the computer on your desk at the office). Make sure you have enabled SSL connections. You may notice that I haven't told you how to do all of this...the reason being that it is covered in the Webmin book (perhaps the coverage is brief, but the topics are quite simple and easy to do). Here's the link to the correct page in the book: http://www.swelltech.com/support/webminguide/wmconfig.html Again...if your box has been rooted, increasing Webmins security now is the equivelent of closing the barn door after all the animals have escaped. It is pointless--the box is broken. You've got to fix the box too, or the cracker will be back inside your box in seconds anytime he wants to be and he won't need Webmin to do it (I doubt he needed Webmin to start with--as I mentioned, Webmin has no current exploits). I have never read either document, but the Linux Documentation Project has two Security QuickStart HOWTOs, which appear to be well worth reading. Avoid the 'Securing and Optimizing Red Hat Linux' Guide also found at the LDP, as it is full of incorrect information and bad advice...the author means well, but doesn't understand half of the topics he has attempted to cover. The topics he does understand are nicely covered, but a new sysadmin isn't going to know how to differentiate the bad from the good, so it does more harm than good. So, start here: http://www.linuxdoc.org/HOWTO/Security-Quickstart-Redhat-HOWTO/index.html Feel free to ask me any specific questions you might have, that you can't find answers for in those docs or web searches. I don't think system security issues are on-topic for this list, so probably off-list questions are a good idea. Another good idea is probably to get yourself onto the most suitable distribution lists (like Red Hat Newbies, and Red Hat Security, if you're using a Red Hat box)--these kinds of topics are very much on topic for those lists, and many users will be going through the same issues. Good Luck! -- Joe Cooper <jo...@sw...> http://www.swelltech.com Web Caching Appliances and Support |