Archive for August, 2009

SBDavid

Running Webmin from inetd

Running Webmin from inetd?

The steps you need to follow are:

Stop webmin with the command

/etc/webmin/stop

Add the line

inetd=1 to /etc/webmin/miniserv.conf

Remove the line

session=1 from /etc/webmin/miniserv.conf

Edit /etc/services and add a line like :

webmin 10000/tcp

Edit /etc/inetd.conf and add a line like :

webmin stream tcp nowait root /usr/libexec/webmin/miniserv.pl miniserv.pl /etc/webmin/miniserv.conf

If you have installed webmin somewhere else, you will have to change the /usr/libexec/webmin part of the path above.

Restart inetd to make the changes take effect.

You should now be able to access webmin on port 10000 as normal.

Using the Bootup and Shutdown module, make sure that inetd is configured to start at boot time, and that webmin is not.

How can I make a Webmin user always use the same password as their shell login?

This can be done by following these steps :

In the Perl Modules module of Webmin.

install Authen::PAM from CPAN.

In the PAM Authentication module, add a new PAM service called webmin that uses Unix authentication.

In the Webmin Users module, click on the user that you want to symchronize with Unix and set his Password option to Unix Authentication.

If PAM is not used on your operating system, the first two steps can be skipped.

Webmin will instead read the /etc/passwd or /etc/shadow file directly to authenticate users who are using the Unix Authentication password mode.

How can I create a Webmin user who can only configure one Apache virtual server or DNS domain?

In the Webmin Servers module.

Create a new user and give him access to only the Apache Webserver module.

After saving, click on Apache Webserver next to the user’s name in the list of Webmin users and use the form that appears to deny him access to everything except one selected virtual server.

Many other modules can also be configured in a similar way to restrict the access of a user to only certain DNS domains, Unix users or mail aliases.

My browser complains about the Webmin certificate when in SSL mode.

This happens because the default SSL certificate that is generated by webmin is not issued by a recognized certificate authority.

From a security point of view, this makes the certificate less secure because an attacker could theoretically redirect traffic from your server to another machine without you knowing, which is normally impossible if using a proper SSL certificate.

Network traffic is still encrypted though, so you are safe against attackers who are just listening in on your network connection.

If you want to be really sure that the Webmin server you are connecting to is really your own, the only solution is to order a certificate from an authority like Verisign that is associated with your server’s hostname and will be recognized web browsers.

This certificate should be placed in the file

/etc/webmin/miniserv.pem

and be in the same certifcate+key format as the existing miniserv.pem file.

To request a certificate, follow these steps :

Run the command

openssl genrsa -out key.pem 1024

This will create the file key.pem which is your private key.

Run the command

openssl req -new -key key.pem -out req.pem

When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create the file req.pem, which is the certificate signing request (CSR).

Send the CSR to your certificate authority by whatever method they use.

They should send you back a file that starts with —–BEGIN CERTIFICATE—– which can be put in the file cert.pem.

Combine the private key and certificate with the command

cat key.pem cert.pem >/etc/webmin/miniserv.pem

Re-start webmin (making sure it is in SSL mode) to use the new key.

After logging into Webmin, I get the error message - You do not have access to any Webmin modules.

Follow these steps to fix it:

Login to your server via telnet or at the console as root.

Edit the file

/etc/webmin/webmin.acl

and make sure the line starting with root: or admin: (depending on which you use to login to Webmin) exists and looks like :

admin: acl

Login to Webmin again, and go into the Webmin Users module, which will be the only one you have access to.

Click on your username in the list, grant yourself access to all the modules, and click Save.

Next »