[ previous ] [ next ] [ threads ]
 From:  "Lee Sharp" <leesharp at hal dash pc dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Disable WebGUI and use Shell only?
 Date:  Thu, 9 Mar 2006 22:32:14 -0600
From: "Jimmy Bones (Mhottie)" <mhottie at gmail dot com>
> On 3/9/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:
> > From: "Jimmy Bones (Mhottie)" <mhottie at gmail dot com>

> > > Is there a way to disable the webgui and configure/access via 
> > > shell/ssh
> > > only?

> > No.  First, m0n0wall has no shell.  Second, the web GUI is not a config
> > tool, but the backbone of the system.

> I never really noticed this until now, but why can you not ssh into a
> m0n0wall box for manual config and/or status monitoring w/o a gui?

Cause there ain't no shell.  Or ssh, or command line, or cli, or anything 
other than the limited consol, and the gui.  But you can GET an ssh from 
Fred Mol at http://www.xs4all.nl/~fredmol/m0n0/  You will still need to have 
the GUI, however.

> > This is not a technical problem, and can not be solved with a technical
> > solution.  However, the new Sarbanes Oxley regulations can be your 
> > friend
> > here.  "I am not sure about this.  Isn't giving access to the firewall 
> > to
> > people not on the security team a violation of Sarbanes-Oxley?  Should 
> > we
> > ask legal, or the auditors?"

> It might be, but the client in question is a small business, and everyone
> shares roles. There are some nosy people in the office that think they 
> know
> how to "fix" computers, and to alleviate larger problems and issues it 
> would
> be best to avoid them from seeing a webGUI.

A high random port and SSL is your best bet.  Or, port 139.  Everyone knows 
what that is, and yet no one expects it to actually work right. :-)