[ start | index | login ]
start > knowledgebase > filtered webmin

filtered webmin

Created by pablo. Last edited by pablo, 2 years and 102 days ago. Viewed 1,971 times. #1
[edit] [rdf]
labels
attachments
We've all recently saw what happens when a popular running-as-root piece of package gets an exploit in the wild. I'm talking about webmin. Thousands of servers were compromised in a matter of days, not just in Rimuhosting, but a lot of our customers did get their VPS compromised.

Now, we can't blame the webmin developers (although they did fall for a very simple bug...), errors in software is absolutely unavoidable, sooner or later this was going to happen, and, guess what, it will happen again.

Since we know this will happen again we should wonder, is there something we can do to prevent our servers and VPS from getting compromised again? Of course there is! Do you *really* use webmin all over the internet? For the 99.9% of webmin users the answer is simply *no*, at most we use it from a couple of computers, home? the office? some remote place while we are in vacations? Yes… that's basically it...

So, I'd recommend that if you want to prevent your server from getting compromised again you whitelist webmin.

To do this you would add an allow-my-home, allow-my-office, deny-rest.

Let's set it up:

iptables -I INPUT 1 -p tcp --dport $WEBMIN_PORT -j DROP

Now, let's write an script that will add a client as an authorized user for webmin:

echo '#!/bin/bash
WEBMIN_PORT=10000
if [ "$1" != "" ]; then
        IP=$1;
else
        IP=`echo $SSH_CLIENT | cut -f1 -d" "`;
fi
if [ "$IP" = "" ]; then
        echo "Specify the IP address you want to add as allowed";
        exit;
fi
iptables -I INPUT 1 -p tcp --dport $WEBMIN_PORT -s $IP -j ACCEPT
if [ "$?" != "0" ]; then
        echo "IP not added";
else
        echo "$IP added";
fi' > /usr/bin/webmin_add
chmod 755 /usr/bin/webmin_add
echo '#!/bin/bash
WEBMIN_PORT=10000
if [ "$1" != "" ]; then
        IP=$1;
else
        IP=`echo $SSH_CLIENT | cut -f1 -d" "`;
fi
if [ "$IP" = "" ]; then
        echo "Specify the IP address you want to remove as allowed";
        exit;
fi
iptables -D INPUT -p tcp --dport 10000 -s $IP -j ACCEPT
if [ "$?" != "0" ]; then
        echo "IP not removed";
else
        echo "$IP removed";
fi' > /usr/bin/webmin_remove
chmod 755 /usr/bin/webmin_remove

Now, whenever you want to use webmin from a different computer (or IP) you would run:

webmin_add

as root, or to allow a particular IP:

webmin_add IP

When you are done using webmin run:

webmin_remove

or to stop allowing a particular IP:

webmin_remove IP

NOTE: Throughout the scripts the port 10000 has been highlighted, replace 10000 with the port where your webmin is running.

请以发表评论身份登录

>>Back To RimuHosting.com

Logged in Users: (1)
… and 26 Guests.
Recently Changed

Hot Snips

Recently Changed Weblogs
No new weblogs.

< November 2008 >
SunMonTueWedThuFriSat
1
2345678
9101112131415
16171819202122
23242526272829
30

RSS Feed

people came here from:

Powered by snipsnap.org Found a mistake in a howto? Let us know via an email to p.blikibugs at rimuhosting com.