Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34

Thread: HOWTO: Webmin in Ubuntu

  1. #1
    Join Date
    Dec 2004
    Beans
    6

    Post HOWTO: Webmin in Ubuntu

    First of all, and most important... DON'T use the webmin from apt-get or Synaptic. These are older files, and they will require 'root' as the login. I know, I know... there are ways to login as root, and use root access, but why deal with it? Here is what I have done, and it is much more secure then what you will get with their packages.

    Prereqs: Perl 5 interpreter (Should be installed with base system)
    libnet-ssleay-perl ( Not install with base system... get with Synaptic)

    Download 'webmin-1.170.tar.gz' from www.webmin.com/download.html
    -------
    cd (location you downloaded to)
    sudo tar xzvf webmin-1.170.tar.gz
    cd webmin-1.170
    sudo sh setup.sh
    -------
    In the install you will have several choices to make...
    -------
    Config file directory [/etc/webmin]:
    # Leave as default, or change as you wish

    Log file directory [/var/webmin]:
    # Leave as default, or change as you wish

    Full path to perl (default /usr/bin/perl):
    # Leave as default, or change as you wish

    Operating system:
    #Enter '6'

    Version:
    #Enter '6'

    Web server port (default 10000):
    # This is where you can start to make webmin more secure then
    # the standard install you get with apt-get, Synaptic, or RPM.
    # Leave as default or change it to what ever port you want.

    Login name (default admin):
    # The first time I ran this I thought 'default admin' was 'root'...
    # Nope. It is 'admin', so you can leave it as that, or put in
    # any name that you like. I would recommend a name that is
    # not installed on your system.

    Login password:
    # By creating the user above and giving it a password, you have
    # now made it so you will not need to log into webmin with root.

    Password again:
    # Self explanatory

    ## If you did not install 'libnet-ssleay-perl' you will get the following message:
    ## 'The Perl SSLeay library is not installed. SSL not available.'
    ## You can continue with the install, but I would not recommend it.
    ## Install the file with Synaptic, and start the script over.
    ## You will then get the following:

    Use SSL (y/n):
    # Of course 'y'

    Start Webmin at boot time (y/n):
    #Once agian... 'y'

    # At this point it is going to configure things, install things, and
    # create things... blah blah blah.
    # It will then tell you that you can log in to https://hostname:10000
    # and to accept the certificate.

    There you go... a more secure install of Webmin, and you will not need to go changing root issues on your system. And even if you do... who cares. Webmin won't.

    -Readis
    Last edited by Readis; December 8th, 2004 at 08:22 AM.

  2. #2
    Join Date
    Nov 2004
    Location
    Washington DC
    Beans
    48
    Distro
    Ubuntu Gnome 14.04 Trusty Tahr

    Password Script for Root Access

    From webmin MAN page

    to change root password in webmin use this included Perl script:

    # /usr/share/webmin/changepass.pl /etc/webmin root <your passwordhere>

  3. #3
    Join Date
    Oct 2004
    Location
    Cupertino, CA
    Beans
    5,092
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO: Webmin in Ubuntu

    Yeah, you can specify a separate root password for Webmin!

    I'll be backporting the latest Webmin from Sid/Hoary to Warty within the next week or so.
    Quote Originally Posted by tuxradar
    Linux's audio architecture is more like the layers of the Earth's crust than the network model, with lower levels occasionally erupting on to the surface, causing confusion and distress, and upper layers moving to displace the underlying technology that was originally hidden

  4. #4
    Join Date
    Oct 2004
    Location
    sumwhar in th' good ol' US of A, padna'
    Beans
    162

    Re: HOWTO: Webmin in Ubuntu

    I don't see why this is more secure: it's sure as heck not as easy as just assigning root a password before installing the regular webmin. That's what I did and it works just fine. Generating a package that integrates better with the Ubuntu way of sudo'ing all root-related tasks would be good though. Webmin should take its password from the user's account rather than from root's somehow. The more serious problem with Ubuntu/Webmin is that Ubuntu uses some non-standard way of dealing with LVM, and thus the Webmin module for LVM admin won't work. A fix for that is what I really need.

  5. #5
    Join Date
    Oct 2004
    Location
    /home
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: HOWTO: Webmin in Ubuntu

    Why is it more secure? In the apt-getted one, If someone breaks into webmin they can then gain total control because they know your root password. In the installer script, you can set it up to use SSL. You can make it run on a non-standard port. You can make the name and password something that doesn't exist on your system anywhere (so if anyone breaks your account, they can't get into webmin).

  6. #6
    Join Date
    Dec 2004
    Beans
    6

    Re: HOWTO: Webmin in Ubuntu

    Quote Originally Posted by wayover13
    I don't see why this is more secure: it's sure as heck not as easy as just assigning root a password before installing the regular webmin. That's what I did and it works just fine. Generating a package that integrates better with the Ubuntu way of sudo'ing all root-related tasks would be good though.
    One of my consulting jobs deals with network security. Firewalls, IDS, internal and external audits... that sort of thing. When an app like Webmin has the kind of power that it has, and is easy to use, you really need to make sure that it is locked down as much as possible. I was always slightly nervous about Webmin only using root as a login. When I would do an external scan on a client, if I saw webmin open on port 10000, and we always scaned for 10000 since it is the default port, we always knew that 99 out of 100 times root would be the login. By knowing the user, you just cut your attack time WAY down! At that point we could, if we wanted, brute force or low and slow the port, to see if we could get in. Don't freak out. We always had permission and a signed document that allowed this kind of work. The smart ones would have webmin on a different port. But most installed it from apt-get, RPM, or some other repository. I didn't realize that the script existed until I started using Ubuntu.
    Packages are great for 999 of 1000 apps. It allows you to see how a program works, and see if it is something that you want to use. But when it comes to security, I am not a huge fan of using them for this type of app. If you want to run the package of Webmin, be my guest. That is one of the things about Linux I love. The ability to set things up the way you want. Just remember it is not as secure as the install script.
    I would also recommend changing the retrys and lockoput time period in the webmin options. That's my 2 cents...

    -Readis

  7. #7
    Join Date
    Oct 2004
    Location
    Cupertino, CA
    Beans
    5,092
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO: Webmin in Ubuntu

    Umm, webmin locks out the offender's IP after 3 incorrect logins... It'd take quite a number of IP's , and quite a bit of time to launch a brute force attack.
    Quote Originally Posted by tuxradar
    Linux's audio architecture is more like the layers of the Earth's crust than the network model, with lower levels occasionally erupting on to the surface, causing confusion and distress, and upper layers moving to displace the underlying technology that was originally hidden

  8. #8
    Join Date
    Dec 2004
    Beans
    6

    Re: HOWTO: Webmin in Ubuntu

    Quote Originally Posted by jdong
    Umm, webmin locks out the offender's IP after 3 incorrect logins... It'd take quite a number of IP's , and quite a bit of time to launch a brute force attack.
    Actually, the default for Webmin is set at 5 attempts and then lockout for 60 seconds... though I do change mine to 3 attempts and 180 seconds...

    -Readis

  9. #9
    Join Date
    Oct 2004
    Location
    Cupertino, CA
    Beans
    5,092
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO: Webmin in Ubuntu

    either case, do the math.

    How long will it take to permute an 8-character purely alphabetic password?
    Quote Originally Posted by tuxradar
    Linux's audio architecture is more like the layers of the Earth's crust than the network model, with lower levels occasionally erupting on to the surface, causing confusion and distress, and upper layers moving to displace the underlying technology that was originally hidden

  10. #10
    Join Date
    Nov 2004
    Beans
    35

    Re: HOWTO: Webmin in Ubuntu

    I've got 1.17.0 installed - but how can I get Ubuntu listed as a distribution in the Webmin Config page? If I configure the system as Debian 3.1 it does not really work (or there are some oddities.) Is there some config file I can download to make Ubuntu appear in the drop-down list of distros?

    Also, has anybody Ubuntu-ported the Log Viewer module which comes with Mandrake? I have gotten used to it - but it seems the Russian web page which looks to be the source for the module is of the air.

Page 1 of 4 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •