Amahi SMB

[moredruid]

webmin is a security nightmare, I wouldn't want to install it on a web-facing server unless I have a _very_ good firewall in place (and even then I wouldn't). Same with phpMyadmin. If I need to do something that requires it I install it, do what I have to do ASAP and remove it when I'm done. It's too easy to exploit and has wayyyy too much privileges to be running by default. That and Amahi basically competes (conflicts?) with Webmin on quite a few points as far as I can tell. Since it's for a SMB/SOHO server I would imagine the system would also be running an outward facing SMTP server and web server as well.

This boils down to a usability question. Do you want to make it simple or secure, unfortunately you can't have one without sacrificing the other.

[rgmhtt]

Obviously you have dug into Webmin more than I have.

When I need Webmin's services, I start it, use it, then stop it. It supposedly runs on port 10000, and I don't have that port open to the outside.

I am NOT seeing AMAHI as an SMB firewall. Decent firewalls, ICSAlabs certified, are affordable. Even the Juniper SSG5, for example is ~$500 and is as full function as you may need. Or go with a Linksys (not ICSAlabs certified) for a cheap, working solution.

Disclaimer: I work for ICSAlabs as a researcher out of my house. I have a Juniper SSG5 running here; it replaced: Astaro IPv4 firewall (4 internal interfaces), Linux IPv6 firewall, Linux SIP firewall, Linux PPPoE server (v4 & v6) and if I upgrade the unit it will replace my DSL bridge.

If you persue firewall functionality, please review the ICSAlabs certification criteria for some goals for the firewall. I MIGHT consider AMAHI for an internal firewall. particularly if it is a frontend to Shorewall.

SMTP is a critical service. I have had to push off my testing of the SMTP stuff covered in:

http://forums.amahi.org/viewtopic.php?f ... 3248#p3248

until next week. I would LOVE to replace my SCALIX server. That ended up being a wrong turn...

We need better DHCP control. We need IPv6 support, so that means RADVD (I have experience with it and can help there, but now the SSG5 provides my RA) and DHCP6.

For DHCP, CIDR does not work, public addressing is HARD. The online profiles addr seems to be immutable. Don't have good options support. Well you get the idea. It works for single NATed networks, and that is about it. Then you need phpMyAdmin to get it working.

What about logrotate control along with crontab control?

[moredruid]

I agree with the logrotate control, though that shouldn't prove be too hard.

I just read something interesting on Slashdot:
http://www.backblaze.com
from their page:

The no fuss solution to getting all your data backed up securely. Online backup for only $5/month per computer for unlimited storage.

This I would pay. Since the site is blocked on my work (I took a look at Google's cached page for info) I'm going to check this when I get home. I want this solution _now_

perhaps it's an idea for cpg to contact those guys for a "premium" app?

edit: fixed link

[moredruid]

http://backuppc.sourceforge.net/

this also looks good

[cpg]

http://backuppc.sourceforge.net/

this also looks good

two of our most expert app packagers tried to package it and they failed

(not sure what's going on)

as for the other comments, i cannot agree more about webmin. about the firewall we just got basic support for some d-link devices, dd-wrt and linksys wrt54 series ...

with something called burp suite (thanks Mr_Orange!), it's very easy to determine how to tickle the router.

it's be sweet to develop modules for UPnP, for iptables and for shorewall

[cpg]

good idea on the backblaze!

there are so many of these services, though. tough to research and *then* contact to partner ...

[cpg]

btw, thanks for the CronEdit ruby library. i like it!
(if only i did not hate crontab so much, lol)