On 1/23/2002 at 10:35 PM Michael Stauber wrote: |The perhaps smartest way (and the one which requires the most efforts) is |this: Make Webmin totally inaccessible to the outside world with IPChains |and |let it run only locally on the IP 127.0.0.1, port 10000. Then use stunnel |(see: www.stunnel.org) to establish a secure (forwarding) connection from |a |local Linux machine in your office to 127.0.0.1:10000 on your server. This |requires some tinkering, but sounds like a nice and rather secure |alternative. |-- =============
Hmmm... since that method seems to rely upon the security of ipchains, and adds a lot of problem-prone complexity; why not just choose an obscure port for webmin, config webmin for SSL, and use ipchains to filter access to that port. I mean, if it's complexity that you want, I could propose a far more complex and only slightly more secure solution; but I doubt the additional complexity would be worth the minor increase in security. b _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
