Securing remote root logins

4 posts / 0 new
Topic locked
Last post
#1 Sun, 01/06/2013 - 13:27
eskimoroll

Securing remote root logins

First time Webmin user here (I love it though!).

My context is such that I must expose Webmin to the www in order to manage my stuff. I created a rule in iptables to restrict port 10000 to my ip, it works fine. But I have 2 questions:

1) Do administrators commonly restrict port access to mac addresses? (latop, work, home, pda?)

2) If I ban remote root logins, will I have to create a new user in webmin with root privs? ... or does Webmin have a sudo'ish command to change into root administration mode?

Thanks in advance

Sun, 01/06/2013 - 22:06
andreychek

Howdy,

For those who wish to restrict the Webmin port, most do it by IP address, I don't hear of many doing that by MAC address.

You can also edit the root user in Webmin, and tie the root user to a specific IP address (ie, that means you could log in as root, but only from that one IP). I know when using Virtualmin, that it treats a user with sudo rights as a Master Admin. I suspect the same would be true for Webmin -- though I'd suggest working out the kinks with that before disabling root :-)

-Eric

Wed, 01/09/2013 - 16:27
miner

Also, it does improve security to avoid all default configurations, including listening port if you're the only user.

Wed, 01/30/2013 - 18:54
steve.h

I have webmin/virtualmin on 7 servers and restrict access to a single ip address. If I need to manage anything remotely, I vpn into the network that has access and can manage the servers from there.

Topic locked