Graphic Administration with Webmin
Once you have Webmin installed correctly, upgrading it or adding more modules is a breeze. On the left-side menu, select Webmin→Webmin Configuration, and you'll see a screen full of icons. If you click Upgrade Webmin (the up-pointing blue arrow), you can upgrade Webmin itself from the Internet. Note that you can click on Scheduled Update to set up a cron task that will connect to the Web and download all needed updates on its own. This is a safe option (for you'll definitely get all updates and bug fixes as soon as possible), but it's also an unsafe one (should the Webmin Web site itself ever be hacked). So, I leave it up to you to decide whether you want to do this.
On the same Webmin Configuration page, if you click the Webmin Modules icon (the one with small boxes), you can browse all available modules on the Webmin site or even download third-party modules from other sites. Choosing the Standard Module option provides a pop-up window with dozens of modules (I haven't been able to figure out whether there's a method to the list's organization). If you click a module name, and then click Install Module, Webmin downloads it and sets it up for you.
Before moving on, let's talk about security and users. Webmin has its own users, which are not the same as the operating system users. The very first time you log in, it automatically creates a root user. You shouldn't let every user work with this account. It's safer if you create specific accounts and restrict each one to needed functions. To do this, click Webmin on the left-side menu, and then Webmin Users.
When adding users, you can opt to give them a specific Webmin password or use “Unix authentication”. The former option is usually safer (but only if users choose a password different from their standard passwords), and the latter option is the friendliest one. The Password Restrictions screen lets you set specific controls, so users can't use too short, simple or easy-to-guess passwords.
Instead of assigning rights to each user, you can create groups. Go to Webmin→Webmin Users, and click Create a new Webmin group. Select what functions should be allowed to members of this group, and finish by clicking Create. From now on, when you create new users, you can specify to which group they belong, and their rights will be assigned automatically.
You also should take a look at the Unix User Synchronization option, which allows the automatic synchronization of Linux users and Webmin users. You can set it up so that every time a Linux user is created/deleted, a corresponding Webmin user also is created/deleted. The Unix User Authentication option also might be of interest if you have many users who should be allowed access to Webmin. Additionally, you can use the View Login Sessions to check whatever the users might have done.
Using Webmin is quite simple, as you might already have guessed from the examples above. Choose a category from the menu on the left side of the screen, and it opens up, showing a list of available modules. The main page for each module usually includes a Module Config link on its top-left corner, which lets you do some configuration, and a Help link that provides documentation on the module's functions. Here are the categories:
Webmin: provides general configuration, including language and theme selection (you can use Webmin in more than 40 languages), upgrades, module installation, logging options, log browsing and more. If you want to make your installation more secure, check the Authentication option (allowing, among other things, protection against brute-force password-cracking attacks), and also check IP Access Control and Blocked Hosts and Users. If you have the Servers module installed, you can use it to scan for other Webmin servers and administrate them remotely—although it won't be as speedy.
System: covers many different functions. You can control backups with the third-party option for the Bacula backup system or with a far simpler filesystem backup that uses either tar or the dump-and-restore family of commands to save directories to tape or to a file on another filesystem. Bootup and Shutdown lets you specify which services will be run at which levels, and also (obviously) to reboot or shut down the system. For user management, check Users and Groups (which allows you to create, edit or delete both users and groups) and Change Passwords, whose function is obvious. The Disk and Network Filesystems module lets you mount or unmount devices and filesystems, and Disk Quotas will be of interest if you have assigned file space quotas to users. You can schedule commands to run once (think atd) or have periodical jobs (think cron). You can get a top-like display of processes (but it won't refresh on its own) with the Running Processes option, and you can find plenty of information by clicking on a process id. Finally, to cut the list short, the Software Packages option allows you to install or remove a software package on the server remotely.
Servers: this category has to do with all the possible servers you might be running, including Web-related functions, such as Apache or FTP; mail functions (Fetchmail, Postfix, Qmail, Sendmail) and filters (ProcMail, SpamAssassin); file sharing (Samba); databases (MySQL, PostgreSQL); network functions (DHCP, SSH, DNS, SLP); proxying (Squid); and several similar functions. There are several options for each of these modules, so you'll want to click on each of them to see the available features.
Networking: covers more-specific network-related options, including configuration (interfaces, routing, gateways, DNS client, host addresses); services; connection (ADSL client, Bandwidth Monitoring, PPP, SSL tunnels, VPN); security (Kerberos5, IPsec); firewalls (the Linux Firewall provides an iptables-based configuration, and there's an option for the Shoreline shorewall firewall too); and more, including NFS and NIS.
Hardware: lets you control disks and volumes (including LVM, RAID and disk partitions; you also can use Smart to check the status of your disk units); printers; CD burning; and the system clock. If you are using GRUB, you can edit its options from here too.
Clusters: includes several options you will use only if you are running two or more machines forming a cluster, with the Heartbeat monitor—a rather more specialized setup, which proves once again that you need to know what you're doing before starting to mess with Webmin.
Others: a catchall for several options, including a command shell (implemented via a Java applet) for full console access, or Custom Commands, which allows you to set up and execute commonly used commands, with optional parameter substitution—a fine tool if you need to make some commands available to inexperienced users. There also is a File Manager (another Java applet), SSH/Telnet remote login, an HTTP tunnel for accessing Web pages, data files upload and download, and more.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The US Government and Open-Source Software
- The Humble Hacker?
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide