[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] security question

Subject: RE: [cobalt-users] security question
From: "Peter Masloch" <peter@xxxxxxxxxxx>
Date: Fri May 31 21:40:14 2002
Organization: EasyniX Consulting
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Steve, thank you for your answer.
I'm familiar with SSH (already installed) and the *sentry family.
Admin doesn't get any e-mail since it is already forwarded to
an different user account.
I really like the idea of tunneling the GUI. 
Do you know of any link where i can do some reading about it?
Peter

>"Peter Masloch" <peter@xxxxxxxxxxx> wrote:
>> My Raq 2 will host one domain and the e-mail for this domain. I was 
>> just wondering what might be the best (and most secure way) to setup 
>> one domain? If i setup my domain as the main domain, then everybody 
>> comes very easy to the login window from 
>www.mydoamin.com/admin which 
>> makes me feel uncomfortable. 
>Would it be a good idea to setup the 
>> domain as virtual domain with a second IP?
>
>Unless you remove the alias to /admin (in httpd.conf or 
>srm.conf) that directory accesses the GUI from any site so 
>your solution won't help.  You could always obfuscate the GUI 
>location by changing that alias directive. There are no 
>negative side affects.
>
>> Also i was thinking about the "admin"
>> account. Is it possible to replace the username "admin" with another 
>> username?
>
>Probably, but you'd have to change *a lot* of hard-coded files 
>so I'd advise against it.  I suggest tunneling your GUI 
>through SSH so your communication with it is encrypted.  
>You'll need to install SSH, but you should do so anyway for 
>security reasons and then disable telnet.  I'd also setup an 
>alias for admin to an unprivileged user so you don't have to 
>send admin's password in plain text to check admin email.
>
>> I actualy didn't see any processes running as "admin". I would be 
>> thankful for any thoughts, hints or ideas.
>
>The port 80 web server runs as httpd, the admin web server 
>runs as root. The only processes that will run as admin are 
>processes you run while logged in as admin or cron jobs you 
>setup to run as admin.  Since your subject uses the word 
>security, I assume you are concerned about security, as you 
>should be.  There are many things you can do to improve 
>security.  I would suggest spending several hours 
>reading/searching the cobalt-security and cobalt-user 
>archives.  Some programs you may want to consider include 
>ipfwadm, portsentry, logsentry, hostsentry, lionfind, 
>chkrootkit, John the Ripper, tripwire, snort, gnupg, SSL, SSH, etc.
>
>--
>Steve Werby
>President, Befriend Internet Services LLC http://www.befriend.com/
>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to: 
>http://list.cobalt.com/mailman/listinfo/cobalt->users
>
>

Follow-Ups:
- Re: [cobalt-users] security question
  - From: Steve Werby

References:
- Re: [cobalt-users] security question
  - From: Steve Werby

Prev by Date: Re: [cobalt-users] email alias doesn't work
Next by Date: Re: [cobalt-users] email alias doesn't work
Previous by thread: Re: [cobalt-users] security question
Next by thread: Re: [cobalt-users] security question

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index