ONLamp.com    
 Published on ONLamp.com (http://www.onlamp.com/)
 See this if you're having trouble printing code examples


FreeBSD Basics

An Introduction to Webmin

10/25/2000

Before starting today's article, I'd like to thank Jim Housley, the eagle-eyed reader who reminded me that ^H is the control character to backspace, not to highlight, as I mentioned in Read The Friendly Manpage! -- Part Two. The backspace allows your terminal driver to doublestrike the previous character, which results in the highlighted text. Thanks, Jim.

In the next two articles, I want to spend some time in the Webmin utility, which can be built from the ports collection. This week, we'll do a bit of background to see why you would want this utility, and what issues to be aware of before building it. In next week's article, we'll look at configuring Webmin for secure access and at the powerful options that come with the Webmin utility.

Admit it: When you think of using pretty GUI administrative utilities, Unix is usually not the first operating system that springs to mind. However, the operating systems that do provide nice-looking utilities usually don't let you configure the system any deeper than the vendor wants you to. Fortunately, with FreeBSD and the ports collection, you can have the best of both worlds.

One of the reasons I love FreeBSD is that the only limitation to what I'm allowed to configure on my systems is my own willingness to learn how to do what I'd like to do. FreeBSD's built-in commands are efficient and powerful; Webmin provides a graphical interface to many of these built-in commands.

When you build the Webmin port, you are actually installing the Webmin server, which can only be installed on Unix machines. The Webmin server contains Perl modules that let you view and manipulate processes, users, groups, networking configurations, disk quotas, cron jobs, logs, system daemons, and much more.

Once the Webmin server is installed, you can use any web browser from any operating system to access these modules in order to actually configure your FreeBSD computer. In other words, you install the Webmin port on the FreeBSD computer you wish to administer; you then use a web browser to connect to the computer running the Webmin server.

This is actually a powerful concept as it allows both local and remote administration of your FreeBSD computer using a familiar graphical interface. Configurable aspects of your computer will appear as icons and hyperlinks from within your web browser.

Since we will be using a utility with such great functionality, there are a few things we need to consider before building this port. Keep in mind that these considerations are actually good practice for any type of system administration.

When you build the Webmin port, you will be prompted for the following information:

Let's go through this checklist one point at a time.

Any port in a storm

Since the Webmin server will be waiting for requests from Webmin clients, it must be given a TCP/IP port number to listen on. Normally when you type a URL into a web browser, you type something like this:

http://www.freebsd.org

However, your web browser is actually assuming this:

http://www.freebsd.org:80

That is, your browser assumes that the Web server software on a host named www.freebsd.org is listening for web requests on port 80, which is the default listening port for web servers.

However, when you use your web browser to access your Webmin server, you want to configure your FreeBSD computer, not access a web page; therefore, you must tell your web browser what port the Webmin server listens on by typing this instead:

http://yourhostname:port_number

The default Webmin port number is 10000, but I strongly recommend that you change this to prevent unauthorized users from trying to access your Webmin server. When deciding on a port number, pick a number between 1024 and 65,535. You'll want to choose a number that is not potentially being used by another service; to doublecheck, do this:

grep -w your_number /etc/services

For example, If I try:

grep -w 10101 /etc/services

I will just receive my prompt back, meaning this port number is probably not being used by another service. However:

grep -w 8668 /etc/services

will show that 8668 is the listening port that is used by natd, so I should probably try another port number.

Once you've settled on a port number, either commit it to memory or record it in a safe place, as you'll need it to access your Webmin server.

Host name

Next on the checklist is your computer's host name. If you will only be using Webmin locally, meaning your web browser and the Webmin server are on the same computer, type in either your computer's private IP address or the host name you created when you installed your FreeBSD computer. (Forget how to do this? Read my recent column, Networking with TCP/IP.) If you wish to access your computer remotely over the Internet, you will need to use the FQDN (fully qualified domain name) that you've purchased or the static IP address issued to you by your ISP.

User name and password

Next is the user name. Webmin will offer to use the default user name of "admin." Please change this to a more non-intuitive name. Whenever someone tries to contact your Webmin server, they will be prompted for a user name and password. If these check out, that user will have unlimited access to your FreeBSD computer, so it is important to choose a user name that no one else would think of using.

The same goes for the password. Webmin's default password is blank, meaning there is no password. You definitely want to change that default. You'll be glad you did when we start going through the powerful features built into the Webmin server.

Perl 5 and SSL

Next on the checklist is confirmation that you have the Perl 5 interpreter installed. If you are using FreeBSD 3.0 or higher, you should have the right version of Perl. To double-check, type in

perl -v

And you should get the reply:

This is perl, version 5.005_03 built for i386-freebsd

If for some reason you don't have Perl 5, you'll have to build the port contained in /usr/ports/lang/perl5, as the Perl 5 interpreter is not optional.

The last thing the install utility will ask is if you wish to use SSL. If you will be accessing your computer remotely, you should. SSL will encrypt all the data passing between the computer hosting Webmin and the computer you are sitting at with your browser. This is a very good thing, as this data is passing over the Internet, which is a very insecure network. If you are running FreeBSD 4.0 or higher, SSL is part of the base system. If you build Webmin without SSL support and change your mind later, you can easily configure SSL support without rebuilding the Webmin port; we'll look at how next week.

Building the port

Let's take a look at building the Webmin port. Become the superuser, make sure you're connected to the Internet, and type:

cd /usr/ports/sysutils/webmin make && make install

Depending upon the speed of your Internet connection, you should be able to go make yourself a pot of coffee. The make install command will run an interactive script, so at some point you should see something on your screen like this

A couple of things to note about the script. If you have a permanent Internet connection on the computer running the Webmin server, you may prefer to not have Webmin start at boot time. Instead, you can manually stop and start the Webmin server yourself so it is only available when you wish to use it. To do so, at the computer running the Webmin server, become the superuser and type:

/usr/local/etc/webmin/start

This will start the Webmin server and force it to listen for requests on your port number. To stop the Webmin server from listening for requests, type:

/usr/local/etc/webmin/stop

If the Webmin server has been stopped, users will see the following error message when they attempt to connect to the Webmin server from their web browsers:

The server may not be accepting connections or may be busy. Try connecting again later.

Also note that the very end of the install script gave you the URL for accessing the Webmin server. It should contain the hostname and port number you gave during the install. If you chose to use SSL, the URL will start with "https" instead of "http." If a user types "http" instead of "https," they will be authenticated but will receive this error message in their browser:

"Document contains no data"

If you are using SSL, the first time you make a connection to your Webmin server, your browser will prompt you to create a certificate. In subsequent connections, you can choose to trust this certificate until it expires (which will prevent further promptings) or for just this session. You'll also notice that your browser will show an icon for either a key or a closed lock, depending upon which web browser you are using; this indicates that the data is secure as it is being encrypted.

Next time: connecting to Webmin

We've now successfully installed the Webmin server. In next week's article, we'll connect to our Webmin server with a web browser and change some of the default configurations to increase the security of our connection. We'll then take a look at the powerful configuration modules that were installed with this utility.

Dru Lavigne is a network and systems administrator, IT instructor, author and international speaker. She has over a decade of experience administering and teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux, and BSD systems. A prolific author, she pens the popular FreeBSD Basics column for O'Reilly and is author of BSD Hacks and The Best of FreeBSD Basics.


Read more FreeBSD Basics columns.

Discuss this article in the Operating Systems Forum.

Return to the BSD DevCenter.

 

Copyright © 2009 O'Reilly Media, Inc.