Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » linux » webmin
Trace:
networking:linux:webmin

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
networking:linux:webmin [2019/05/19 10:41]
gcooper 		networking:linux:webmin [2023/03/03 12:21] (current)
gcooper
Line 1: Line 1:
 ====== Webmin ====== ====== Webmin ======
  
-Webmin is a mature and flexible management tool based primarily on Perl.+See also **[[networking:firewall:csf|ConfigServer Security & Firewall (CSF)]]**
  
-===== Ubuntu 18.04 =====+https://www.digitalocean.com/community/tutorials/how-to-install-webmin-on-ubuntu-22-04
  
-<file> +Webmin is a mature and flexible management tool based primarily on Perl.
-add-apt-repository "deb [arch=amd64] http://download.webmin.com/download/repository sarge contrib"+
  
-apt-get install -y webmin +If you use the excellent CSF firewall, this also enables a **GUI web interface to manage CSF**.
-</file> +
- +
-===== Ubuntu 16.04 =====+
  
-Add and enable the Webmin repository:+===== Ubuntu 22.04 =====
  
 <file> <file>
-cat > /etc/apt/sources.list.d/webmin.list << EOF +Install the code signing key 
-#Webmin Repo +curl -fsSL https://download.webmin.com/jcameron-key.asc | sudo gpg --dearmor -o /usr/share/keyrings/webmin-archive-keyring.gpg
-deb http://download.webmin.com/download/repository sarge contrib +
-deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib+
  
-EOF+# Add the Webmin repository 
 +echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/webmin-archive-keyring.gpg] https://download.webmin.com/download/repository sarge contrib" | sudo tee /etc/apt/sources.list.d/webmin.list > /dev/null
  
-wget -qO - http://www.webmin.com/jcameron-key.asc | apt-key add - +# Install Webmin 
- +apt update && apt install webmin
-apt-get update && apt-get install -y webmin+
 </file> </file>
  
-===== Centos 6 ===== +Optionally open the default firewall:
- +
-http://www.how2centos.com/centos-6-webmin-install/ +
- +
-==== Installation ==== +
- +
-=== Add the Yum Repository ===+
  
 <file> <file>
-cat > /etc/yum.repos.d/webmin.repo << EOF +ufw allow from <your_cidr_subnetproto tcp to any port 10000
-[Webmin] +
-name=Webmin Distribution Neutral +
-#baseurl=http://download.webmin.com/download/yum +
-mirrorlist=http://download.webmin.com/download/yum/mirrorlist +
-enabled=1 +
-EOF +
-</file> +
- +
-=== Add the GPG Key and Install Webmin === +
- +
-<file> +
-rpm --import http://www.webmin.com/jcameron-key.asc +
-yum install webmin perl-Net-SSLeay+
 </file> </file>
  
Line 64: Line 39:
  
 http://doxfer.webmin.com/Webmin/BINDDNSServer?sortcol=table;up=#Module_access_control http://doxfer.webmin.com/Webmin/BINDDNSServer?sortcol=table;up=#Module_access_control
- 
-===== Other Peoples' Notes ===== 
- 
-Like others, the BIND DNS Server module allows you to control which of its features are available to a particular Webmin user or group. This can be useful for giving people the rights to manage only records in their own zones and nobody else's. Even though this would normally require root access to the records files, with Webmin it can be granted to people without giving them level of power that a root login would allow. 
- 
-Once you have created a user with access to the module as explained on WebminUsers, the steps to limit his access to only certain zones are : 
- 
-1. Click on the BIND DNS Server next to the name of the user in the Webmin Users module. This will being up a page of access control options. 
-2. Change the **Can edit module configuration?** field to **No**, so that the user is not allowed to change the paths that the module uses to named.conf and other files. 
-3. For the **Domains this user can edit** field, choose **Selected zones** and select the ones that you want him to have access to from the list to its right. If you want him to be able to edit almost all zones, it may be better to choose **All except selected** and select only those that he should not be allowed to manage records in. If your DNS server uses views, you can use the **Zones in view** options to allow or deny access to all zones in a view as well. 
-4. Change the fields **Can create master zones?**, **Can create slave/stub zones?**, **Can create forward zones?** and **Can edit global options?** to **No**. 
-5.If you want Reverse Address records in zones that the user does not have access to to be updated by changes to Address records in zones that he does, set the **Can update reverse addresses in any domain**? field to **Yes**. This may not be a good idea from a security point of view though, as he would be able to change almost any existing Reverse Address record on your system. For that reason, I suggest that this field be set to **No**. 
-6. To stop the user creating more than one Address record with the same IP, set the **Can multiple addresses have the same IP?** field to **No**. Even though creating multiple records is harmless, you may want to set this to **No** to prevent the user allocating the same IP twice. 
-7. Leave the **Read-only access mode?** field set to **No**. If it is changed to **Yes**, the user will only be able to view zones and records using the module, and not change anything. This might be useful for creating a different kind of restricted user though - one who can see all settings, but not edit them. 
-8. Leave the **Can apply changes?** field set to **Yes**, so that he can use the Apply Changes button to make his additions and modifications active. 
-9. Unless you want the user to be able to edit his records file manually, change the **Can edit records file?** field to **No**. Most un-trusted users are not smart enough to perform manual editing. 
-10. **The Can edit zone parameters?** field determines if the user can see and use the Edit Zone Parameters icon for his domains. Setting this to **Yes** is quite safe, as the user can only harm his own zones by setting the parameters to silly values. 
-11. Similarly, the **Can edit zone options?** field determines if the Edit Zone Options icon is visible or not. You should set this to **No**, as it is possible for a user to create a syntax error in named.conf by improper use of the zone options form. 
-12. Unless you want the user to be able to delete his own domains, change the **Can delete zones?** field to **No**. Users should contact the master administrator instead if they can to delete zones. 
-13. The **Can edit record generators?** field can be left set to **Yes**, as it simply allows the creation of multiple records at once. However, some users may get confused by this feature so it might be a good idea to change the field to **No**. 
-14. The **Can lookup WHOIS information?** And **Can search for free IP numbers?** fields can also be left on **Yes**, as those features mere display information to the user. 
-15. Change the **Can create and edit views?** field to **No**, so that the user cannot manage BIND 9 views. If the user is allowed to create zones, you can use the **Views this user can edit and add zones to** field to limit those that he can create zones in. 
-16. **Can create slave zones on remote servers?** should be set to **No**, but this doesn't really matter as the user is not going to be allowed to create master or slave zones anyway. 
-17. Finally, click the **Save** button to make the new restrictions for the user active.  
- 
- 
- 
- 
  
networking/linux/webmin.1558284100.txt.gz · Last modified: 2019/05/19 10:41 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki