Travis Rousseau wrote:
I'd just like to add on thing here I know with ssh you can delay a bad login so you have longer to detect it (like 5 or 10 min delay).
To my knowlage webmin does not support this and I have seen many browsers that support dictanary attacks on forms and such.
Webmin DOES support this, and in recent versions it's turned on by default, and on the webmin admin pages you can easily change the parameters to even more conservative settings.
Also you can view the bad logins with ssh in that one email from localhost every night (I cant remember what its called)
Also this to the best of my knowlage is not supported in webmin.
Bad logins in webmin are logged to the same place (syslog) as bad logins from SSH, and they show up in that same email.
In addition webmin by default logs every webmin action taken by every user.
I'm not trying to convince you to use webmin - If you're a command prompt kind of person, webmin is an unnecessary tool for you.
personaly I wouldn't recomend webmin instead of ssh because I'm more the command prompt kind of person.
However I just don't think it is fair or useful, to spread disinformation about a tool, based on incomplete or outdated knowledge.
Webmin is useful for non command prompt type of people. It's a GUI tool, which doesn't require X to be installed either on the host or on the client. So by biting the bullet on the server install, I can use a browser to securely administer my machine with a GUI tool, just like I use a browser to do my online banking. So it is one useful alternative, nothing more, but nothing less.
Or in other words, it is one of the tools, which opens up Linux to a wider audience. I'm sorry to say so, but the notion of anything other than command line tools being acceptable for Linux administration perpetuates one of the tired cliches about Linux users. And I find that counterproductive when responding to a query from genuinely interested new Linux user.
Again - you don't have to defend your use of command line tools; it's impressive and admirable that you have the skills to use them. But it would be much nicer if we could avoid false or outdated conceptions about other tools, which prove immensely useful to those of us with less prowess at the command prompt.
...Niels
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
