A friend is looking to remotely administer a UNIX box from anywhere in the
world. Webmin attracts him, but I'm not over keen on the idea of having a
program like that which runs as root open to the whole world. It must be
quite atractive to hackers if they find webmin running.
After thinking about it, I had this idea; How about making a stealth
firewall with ipfilter, that ignores all attempts to connect. The firewall
logs denied packets to a log file. The log file is parsed by a program
which will open the port used by webmin (say 54321) if and only if:
a) Someone tries to connect to port 1000
b) From the same IP next tried to connect to port 13233
c) From the same IP next tries to connect to port 3244
(or any other random combination of ports). Then and only then the firewall
is opened to the port with webmin running (54321).
So in order to access webmin, you would from your browser try:
http://www.somsite.com:1000 // ignored
http://www.somsite.com:13233 //ignored
http://www.somsite.com:3244 // now causes port 54321 to be opened
(telnet, https or similar at those ports would all work too).
and finally having detected the access to ports 1000, 13233, 3244 (in that
order), with the firewall now opening port 54321, one would administer the
site with:
https://www.somsite.com:54321
The probability of a hacker randomly scanning ports 1000, 13233, 3244 (in
that order), then trying to connect to port 54321 must be very small
indeed.
Thoughts?
It's not a bad idea, however I really recommend against the webmin part.
Standard practice in such situations has been to connect the servers to an
RSM or a CMS, reconfigure them to use ttya for console I/O, and configure
the FW to allow SSH on an arbitrary port on the FW. With the RSM/ALOM/CMS
solution, you get the critical functionality of being able to stop, start
and troubleshoot the remote hosts as if you were physically present on the
console.
Of course, how exactly one solves the SSH access is left to one's
imagination... sky is the limit.
