User Tools
networking:linux:webmin
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
networking:linux:webmin [2018/01/15 12:22] gcooper |
networking:linux:webmin [2023/03/03 12:21] (current) gcooper |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Webmin ====== | ====== Webmin ====== | ||
| + | |||
| + | See also **[[networking: | ||
| + | |||
| + | https:// | ||
| Webmin is a mature and flexible management tool based primarily on Perl. | Webmin is a mature and flexible management tool based primarily on Perl. | ||
| - | ===== Ubuntu 16.04 ===== | + | If you use the excellent CSF firewall, this also enables a **GUI web interface to manage CSF**. |
| - | Add and enable the Webmin repository: | + | ===== Ubuntu 22.04 ===== |
| < | < | ||
| - | cat > / | + | # Install the code signing key |
| - | #Webmin Repo | + | curl -fsSL https:// |
| - | deb http:// | + | |
| - | deb http://webmin.mirror.somersettechsolutions.co.uk/ | + | |
| - | EOF | + | # Add the Webmin repository |
| + | echo "deb [arch=$(dpkg --print-architecture) signed-by=/ | ||
| - | wget -qO - http:// | + | # Install Webmin |
| - | + | apt update && apt install webmin | |
| - | apt-get update && apt-get install | + | |
| </ | </ | ||
| - | ===== Centos 6 ===== | + | Optionally open the default firewall: |
| - | + | ||
| - | http:// | + | |
| - | + | ||
| - | ==== Installation ==== | + | |
| - | + | ||
| - | === Add the Yum Repository === | + | |
| < | < | ||
| - | cat > / | + | ufw allow from <your_cidr_subnet> proto tcp to any port 10000 |
| - | [Webmin] | + | |
| - | name=Webmin Distribution Neutral | + | |
| - | # | + | |
| - | mirrorlist=http:// | + | |
| - | enabled=1 | + | |
| - | EOF | + | |
| - | </ | + | |
| - | + | ||
| - | === Add the GPG Key and Install Webmin === | + | |
| - | + | ||
| - | <file> | + | |
| - | rpm --import http:// | + | |
| - | yum install webmin perl-Net-SSLeay | + | |
| </ | </ | ||
| Line 56: | Line 39: | ||
| http:// | http:// | ||
| - | |||
| - | ===== Other Peoples' | ||
| - | |||
| - | Like others, the BIND DNS Server module allows you to control which of its features are available to a particular Webmin user or group. This can be useful for giving people the rights to manage only records in their own zones and nobody else' | ||
| - | |||
| - | Once you have created a user with access to the module as explained on WebminUsers, | ||
| - | |||
| - | 1. Click on the BIND DNS Server next to the name of the user in the Webmin Users module. This will being up a page of access control options. | ||
| - | 2. Change the **Can edit module configuration? | ||
| - | 3. For the **Domains this user can edit** field, choose **Selected zones** and select the ones that you want him to have access to from the list to its right. If you want him to be able to edit almost all zones, it may be better to choose **All except selected** and select only those that he should not be allowed to manage records in. If your DNS server uses views, you can use the **Zones in view** options to allow or deny access to all zones in a view as well. | ||
| - | 4. Change the fields **Can create master zones?**, **Can create slave/stub zones?**, **Can create forward zones?** and **Can edit global options?** to **No**. | ||
| - | 5.If you want Reverse Address records in zones that the user does not have access to to be updated by changes to Address records in zones that he does, set the **Can update reverse addresses in any domain**? field to **Yes**. This may not be a good idea from a security point of view though, as he would be able to change almost any existing Reverse Address record on your system. For that reason, I suggest that this field be set to **No**. | ||
| - | 6. To stop the user creating more than one Address record with the same IP, set the **Can multiple addresses have the same IP?** field to **No**. Even though creating multiple records is harmless, you may want to set this to **No** to prevent the user allocating the same IP twice. | ||
| - | 7. Leave the **Read-only access mode?** field set to **No**. If it is changed to **Yes**, the user will only be able to view zones and records using the module, and not change anything. This might be useful for creating a different kind of restricted user though - one who can see all settings, but not edit them. | ||
| - | 8. Leave the **Can apply changes?** field set to **Yes**, so that he can use the Apply Changes button to make his additions and modifications active. | ||
| - | 9. Unless you want the user to be able to edit his records file manually, change the **Can edit records file?** field to **No**. Most un-trusted users are not smart enough to perform manual editing. | ||
| - | 10. **The Can edit zone parameters? | ||
| - | 11. Similarly, the **Can edit zone options?** field determines if the Edit Zone Options icon is visible or not. You should set this to **No**, as it is possible for a user to create a syntax error in named.conf by improper use of the zone options form. | ||
| - | 12. Unless you want the user to be able to delete his own domains, change the **Can delete zones?** field to **No**. Users should contact the master administrator instead if they can to delete zones. | ||
| - | 13. The **Can edit record generators? | ||
| - | 14. The **Can lookup WHOIS information? | ||
| - | 15. Change the **Can create and edit views?** field to **No**, so that the user cannot manage BIND 9 views. If the user is allowed to create zones, you can use the **Views this user can edit and add zones to** field to limit those that he can create zones in. | ||
| - | 16. **Can create slave zones on remote servers?** should be set to **No**, but this doesn' | ||
| - | 17. Finally, click the **Save** button to make the new restrictions for the user active. | ||
| - | |||
| - | |||
| - | |||
| - | |||
networking/linux/webmin.1516044126.txt.gz · Last modified: 2018/01/15 12:22 by gcooper
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
