3.1. Network Security
Unless you are running Webmin on a system that is never connected to any other network, it is a wise idea to restrict which client network addresses are allowed to log in. Because Webmin is so powerful, anyone who manages to log in will have total control over your system—as though they had root shell access. Even though a username and password is always required to log in, it is always good to have an additional layer of security in case an attacker guesses (or somehow discovers) your password. IP access control also protects you from any bugs in Webmin that may show up in future that will allow an attacker to log in without a password—some older releases have had just this problem.
To restrict the IP addresses and networks ...
Get Managing Linux® Systems with Webmin™ System Administration and Module Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
