From: Brett M. <bre...@ya...> - 2003-05-23 22:22:55
|
hi, ot for the webmin list perhaps...but i have _not_ used shorewall with webmin, but have used shorewall for a while now as a standalone on servers and as part of leaf boxes http://leaf.sf.net. it works well, is well documented and has great mail list support summing up - use it brett --- George Dickman <ge...@ou...> wrote: > Hi Jamie, > You must admit, when I post in the list I get some > real responses! I am > really > starting to shape a good security plan for using > Webmin. Everyone's post > have added > to my security plan. Before we wiped the drive > clean, we had the Shorewall > firewall > running, since I need to put another firewall one > back on, does anyone > care to comment > on using Shorewall? I used it because it was a > module and I was told it > was very > good. Tripwire? > > > George Dickman > 954.792.9254 (Office) > 954.583.8646 (fax) > ge...@ou... <mailto:ge...@ou...> > > > -----Original Message----- > From: web...@li... > [mailto:web...@li...]On > Behalf Of Carlton > Thomas > Sent: Friday, May 23, 2003 8:10 AM > To: web...@li... > Subject: RE: [webmin-l] security issues > > > On Fri, 23 May 2003, George Dickman wrote: > > > Jamie, > > Wow, yes that's what he meant! Thanks for this > info. I will setup as you > > suggested. > > Thanks, > > George > > George, > > If you are running hosting servers and allow shell > access from > non-trusted users and allow them to create and run > applications > then Webmin is the *least* of your problems!!! > > However, in your previous email you made it clear > what setup > you have. You said:- > > > Thanks, for that detailed reply. We had > > done most of your suggestions, change port > > and we don't have a static ip. We run high > > cable, it doesn't assign fixed ip. > > Its is clear that you are not running hosting > servers with that > configuration. So maybe the advice that your > "professional guys" > gave you was right for your configuration. > > Because you dont have a static IP address, your > security concerns > about Webmin can be easily solved by configuring > Webmin to only > allow access from localhost. That will ensure that > no one from > the outside can connect to your box. Also, you need > to do something > about allowing access to your box from non-trusted > users. > > Regards ! > > -- > Carlton > ============================= > GIFFORD INTERNET SERVICES > Bristol, United Kingdom > Tel: 0845 111 0032 > Tel: 0117 939 7722 > Fax: 0845 111 0033 > Email: ad...@gi... > Web: http://www.gifford.co.uk > ============================= > > > > ------------------------------------------------------- > This SF.net email is sponsored by: ObjectStore. > If flattening out C++ or Java code to make your > application fit in a > relational database is painful, don't do it! Check > out ObjectStore. > Now part of Progress Software. > http://www.objectstore.net/sourceforge > - > Forwarded by the Webmin mailing list at > web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > ATTACHMENT part 2 application/x-pkcs7-signature name=smime.p7s __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com |