BSD DevCenter
oreilly.comSafari Books Online.Conferences.


FreeBSD Basics

An Introduction to Webmin -- Part Two


In last week's article, we installed the Webmin utility; this week, I want to start by configuring Webmin for secure access, then take a peek at some of the powerful features that come with the Webmin modules.

Open up your web browser and type in the URL you use to access your Webmin server. Once you've been authenticated, you should see this screen in your web browser.

By the way, most of the screenshots I'm using come from Joe Cooper's Webmin User's Guide. Joe's site is well worth reading through if you want to learn more about using Webmin. The rest of the screenshots are from Webmin's homepage.

Let's start with the "Webmin Configuration" hyperlink. This is where you'll be able to configure most of the additional security measures, which will be especially useful if you are accessing your Webmin server over the Internet. You'll want to poke about yourself, but here's a quick summary of the security related options:

  • IP Access Control: If you always access your Webmin server from the same computer or group of computers, you can tell Webmin to only accept connections from that/those computer/s. The default is to accept connections from any computer in the world that happens to know your IP address or FQDN and Webmin port number.

  • Port and Address: If your computer has more than one IP address, Webmin will bind its port to all IP addresses, meaning it will be listening for requests on all the NICs on the computer hosting the Webmin server. If you don't want it to do that, you can tell Webmin which IP address to listen on. For example, if your Webmin server has an interface connected to your LAN and another interface connected to the Internet, you can use this screen to only bind the Webmin port to the NIC attached to your LAN. This will restrict Webmin access to computers from within your LAN. Also, if you ever want to change the listening port number, this is where you do it.

  • Logging: It is always good practice to log connections, and then take the time to actually read the logs. By doing this, you will know if anyone other than yourself is trying to access your Webmin server. By default, logging is disabled; use this screen to enable it. Note the location of the log files. You may want to create a cron job to mail the log to the root user account on a daily basis.

  • Proxy Servers: If your Webmin server is located behind a firewall, you may need to configure the IP address of the firewall in order for users to access certain modules on your Webmin server.

  • SSL Encryption: If you didn't install Webmin with SSL support, this is where you can enable this support if you later decide to. Again, this is strongly recommended if you are accessing Webmin over the Internet.

Note: If you ever screw up your configuration and are no longer able to access your Webmin server, all is not lost. Become the superuser on the computer running Webmin, look for and then edit the offending configuration in the /usr/local/etc/webmin/miniserv.conf file.

Now, let's "Return to index" and click on the "Webmin Users" link. You should see something like this, with the user you created next to a listing of all the Webmin modules that user is allowed to access. If you ever decide to give another user access to your Webmin server, you have very fine control over what that user will be able to view and modify. For example, if you click on the "Sendmail Configuration" link, you can specify which configuration files that user can modify, and whose e-mail he is allowed to read.

If you spend some time clicking on the modules in this section, you'll get an idea of what you're capable of doing to the FreeBSD computer running the Webmin server. Aren't you glad you created a non-intuitive username and hard to guess password, and you're reading the logs of all connection attempts?

Now let's see what type of work we can do from the Webmin interface. Return to the index and click on the "System" tab, which should give you something like this. Let's start by clicking on the "Software Packages" link. You should receive the graphical equivalent of the pkg_info command. Now click on one of your packages to read its description and the date it was installed. Those who've been around FreeBSD for a while may not be impressed, as this is the equivalent of cd-ing into that port's directory and doing a more pkg/DESCR. Try clicking on the "List Files" button. Ever install a port and wonder where it put everything and what all it created on your FreeBSD system? Wonder no more, as you now have a list of all the files that were installed with that port, as well as their locations, size, and ownership.

Once you're finished poking about, return to the index and click on the "Running Processes" hyperlink. This is just a graphical output of the ps command, but I love its layout. All running processes can be sorted by PID, user, memory, and CPU. If you sort by PID, you'll receive a tree-like structure, with every child process slightly to the right of its parent process. Each process has a hyperlink to further details about that process. If you need to send a signal to a process, you can click on the TERM button to choose the type of signal. (Do a man 1 kill to learn more about signals -- and never kill a process if you don't know what that process does).

Pages: 1, 2

Next Pagearrow

Sponsored by: