Light on Dark
RSintheCloud.com -:- User Guides

Set up and use Webmin

Webmin is a browser based graphical administration panel for Linux based computers. In essence, anything you can do through SSH can be done through WenMin instead - but it's not always obvious how to do it! What it is very useful for is seeing how a server is set up and monitoring it.

While you can do nearly everything in WebMin, we need to use SSH to install it - so log in, and let's get started.

The wget command is used to 'get' files from the Web - in this case getting the latest version from the WebMin site.

wget http://www.webmin.com/download/deb/webmin-current.deb

wget may follow a number of redirects to find the best mirror, then saves the file, as shown here:

Resolving www.webmin.com... 216.34.181.97
Connecting to www.webmin.com|216.34.181.97|:80... connected.
HTTP request sent, awaiting response... 302 Found
.....  may be several jumps while it finds a mirror
Location: http://softlayer.dl.sourceforge.net/sourceforge/webadmin/webmin_1.570_all.deb [following]
HTTP request sent, awaiting response... 200 OK
Length: 14884300 (14M) [application/x-debian-package]
Saving to: `webmin-current.deb'

100%[======================================>] 14,884,300  2.05M/s   in 6.9s

2011-11-04 23:09:50 (2.05 MB/s) - `webmin-current.deb' saved [14884300/14884300]

Note the name of the file saved - it may not be 'webmin-current.deb', but whatever it is called, use the name in the next line:

sudo dpkg -i  webmin-current.deb

The message you get back will tell you there are errors:

Selecting previously deselected package webmin.
(Reading database ... 31603 files and directories currently installed.)
Unpacking webmin (from webmin-current.deb) ...
dpkg: dependency problems prevent configuration of webmin:
webmin depends on libnet-ssleay-perl; however:
Package libnet-ssleay-perl is not installed.
webmin depends on libauthen-pam-perl; however:
Package libauthen-pam-perl is not installed.
webmin depends on libio-pty-perl; however:
Package libio-pty-perl is not installed.
webmin depends on apt-show-versions; however:
Package apt-show-versions is not installed.
dpkg: error processing webmin (--install):
dependency problems - leaving unconfigured
Processing triggers for ureadahead ...
Errors were encountered while processing:
webmin

so now, fix the missing packages:

sudo apt-get -f install

Setting up webmin (1.570) ...
Webmin install complete. You can now login to https://ip-10-56-74-103:10000/ as root with your root password, or as any user who can use sudo to run commands as root.

sudo /etc/webmin/restart

or (the new way)

sudo service webmin restart

Stopping Webmin server in /usr/share/webmin
Starting Webmin server in /usr/share/webmin
Pre-loaded WebminCore

Enable port 10000 in the security group (if not already done)

That's it installed, so now we need to connect using our browser:

go to https://your-domain:10000

where your-domain is the domain name, IP address or public DNS of your server.

You will get a message saying the certificate is invalid - this is from Firefox, but all servers should give a similar message:
FireFox bad certificate screen

Accept the certificate – it’s a Webmin minted certificate, so it does not match the server name but it will still give you a secure connection. If not sure how to accept the certificate, please ask in the forum.

Log in using the new user and password you created earlier
Login to Webmin

And there you are.

The first page shows the system status

WebMin home page

and the menu on the left has other options. Have a click around and see what's happening. As long as you do not save anything, nothing will be broken!
WebMin Menu

To redisplay the system information, use the link at the bottom of the menu.

Manage Users

we have already created a user through SSH, but WebMin is a much better tool for managing users. One of the reasons Linux is so secure is that everything runs with a different set of permissions, and as permissions are controlled by users we end up with a a lot of users being generated automatically when the system is installed.

If we have a look at the users – click on System, Users and Groups in the menu - you will see what I mean.
list of users

I have no idea why the standard installation of Ubuntu installs a user called 'games', but many of the others will obviously correspond to an application – e.g. mail, backup, etc. You may be looking for an Apache user, but Apache, PHP, etc all run under the www-data user, which is why we give them ownership of the web pages when we install ResourceSpace.

The "real" users are those numbered over 1000 – in this case, there are just the two of them, Ubuntu and the user we created earlier, jbb.
WebMin Users

Before going any further, I am going to improve our security a little bit by giving the Ubuntu user a password. At present, the Ubuntu user can login without a password - this is to let us set up the system in the first place, but it is a potential security risk. You can remove this risk by deleting the Ubuntu user, but I prefer to leave it there in case anything goes drastically wrong with my own account, so there are always at least two super users on system. Many system administrators will delete the default superuser and create a new account called Justin Case – just in case anything goes wrong.

For now, click on the name field of the ubuntu user:
edit the Ubuntu user

Click on the radio button for 'normal password', and enter a password in the box. As this is a 'just in case' password, you need to make it difficult to remember, so write it down in your passwords log and keep it in your fireproof safe – or whatever other procedures your company has for securing passwords.

Remove the tick from the 'login temporarily disabled' box, and just before you click save let's have a look at what else is on this page.

For the Ubuntu user, the most interesting part this page is the group membership section. Because we are looking at a super user for a standard Ubuntu machine, we can see if using groups which are not relevant to an AWS virtual server – there is no audio, CD-ROM or floppy disk available but if there were, this user would be able to use them. if you are going to delete the Ubuntu user and create a replacement superuser, you might want to make note of these groups to ensure you have the full superuser functionality.

Remember to click the save button when you're finished, or your changes will not be saved

We will get back to creating and deleting users later.

Stop Directory Browsing

The default installation of Apache allows directory browsing, which means that any directory which does not have an index or default page will show a listing of all the files in the directory. This is a major security risk, for example if we install ResourceSpace and then go to the include folder, we can see the config file which has the MySQL password in it:
directory browsing

You can stop this by editing httpd.conf - see the instructions here, but if you haven't already done that, here is how to do it through WebMin

Under the servers menu, click on 'Apache Webserver'
Apache web server

Here you can see we have two servers defined - the default server and a single virtual server. Later on, we will be creating additional virtual servers so that we can use subdomains (forum.RSintheCloud.com) instead of folders (RSintheCloud.com/forum), but for now we only have one virtual server.

Click on the globe for the virtual server to bring up the options page
virtual server options

Then click 'Edit Directives' to bring up the config file.

While this config file can be edited through the GUI, sometimes it is easier to edit it directly. there are a couple of changes we can make while we're here – firstly, we can change the server admin and secondly we can stop the directory browsing.

find the line which says 'ServerAdmin webmaster@localhost' and change the e-mail address to your address.

Find the line which starts 'Options ' – the actual options listed here may vary, but it will probably look like this:

Options Indexes FollowSymLinks MultiViews

All you need to do here is put a - (a hyphen or minus sign) before the word indexes, to disable this option. It is possible that there will not be an 'Indexes' in the line, in which case you will need to enter '-Indexes' on the 'options' line. It should end up looking like this (probably):

Options -Indexes FollowSymLinks MultiViews

When you have made these two changes, click the save button and then click 'Apply Changes' in the top right corner. Forgetting to apply the changes is the most common reason why changes made through Webmin do not appear to work.

 

 




















just making sure we have a vertical scroll bar, otherwise it jitters sideways.