Borsenkow Andrej <[EMAIL PROTECTED]> writes:
> The question appeared in newsgroup. After looking here - Webmin by
> default is configured to leten on localhost only, but appears to listen
> on every interface:
>
> miniserv.conf:
>
> port=10000
> host=localhost.localdomain
>
> but
>
> {pts/0}# lsof -i | grep 10000
> miniserv. 2340 root 3u IPv4 4321 TCP *:10000 (LISTEN)
> miniserv. 2340 root 4u IPv4 4322 UDP *:10000
> {pts/0}# netstat -a | grep 10000
> tcp 0 0 *:10000 *:*
> LISTEN
> udp 0 0 *:10000 *:*
Well I'm no security guy at all, so it doesn't speak much to me.
By default, it seems sensible that it doesn't listen only on
localhost, but on the whole network - after all it's essentially
a distant configuration tool. I can confirm that with default
config, it's possible to connect to it from another box on the
LAN.
I've just looked for security stuff on Webmin's site
documentation, but didn't find interesting stuff.
> Oh, and what this UDP port 10000 is for?
No idea..
--
Guillaume Cottenceau - http://people.mandrakesoft.com/~gc/
