Thursday, October 29, 2009

Hack 19. Remote Administration with Webmin










Hack 19. Remote Administration with Webmin



Webmin provides secure access to logfiles, system statistics, and many common administration tasks, all from your favorite web browser.


Administering a system can be a tough job. With user accounts to create, services to configure, logs to check, and all the other duties system administrators face, it can become quite a load. Thankfully, there's some software out there that can help make life easier for the weary sysadmin. One of these pieces of software is called Webmin. Webmin allows you to control a large portion of the functionality of your server from an easy-to-use web interface. Most major services are covered, including Apache, BIND, SSH, LDAP, Samba, WU-FTP, Sendmail, MySQL, and many others.



Figure 2-23. A Windows Terminal server connection in nxclient





2.11.1. Installation


Installation of Webmin couldn't be easier. If you're running an RPM-based distribution such as SUSE or Fedora Core, simply grab the latest version from the Webmin home page at http://www.webmin.com. Install Webmin with the following command, where version-number is the version that you downloaded:



# rpm install Webmin -version-number .rpm



If you're using a non-RPM-based distribution such as Debian or Slackware, you can install from source. Simply download the latest tarball from http://www.webmin.com and unpack it to your system as usual. Navigate into the newly created Webmin directory, and execute the following command as root:



# ./setup.sh /usr/local/Webmin



This will start the setup process for Webmin. The script will ask you for a number of options. For most of these questions, the default answers should suffice. However, there are a few answers that should be changed for security reasons. For instance, it is widely known that the default port for Webmin is 10000, so when the script asks you what port to run it on, pick something originaljust make sure that you pick something above port 1024, because port numbers lower than that are typically reserved for system services. I typically use port 5555. Changing the default port helps protect against automated tools probing Webmin and discovering your Webmin login by checking its default port.


Also, choose a default username other than admin and definitely specify a password. If you don't, the password will be left blank and anyone who wants to log in will be able to do so. You should also make sure that you choose to use SSL for encryption. The setup script will only ask you this if you have the SSL libraries for Perl installed, so make sure they're loaded before you begin. Without them, all the information transmitted back and forth between you and Webmin will be transmitted in clear text, including passwords and other valuable system information.


The final question the script will ask you is if you want Webmin running at boot time. This is largely a matter of personal preference. I tend to say no and simply SSH in and start Webmin whenever I need it, which allows it to stay off the radar when it's not in use; however, your mileage may vary and you should use your own judgment here. If you'll be using it in a trusted environment or don't mind the limited risk of leaving it on all the time, answer yes, and the script will configure Webmin to start automatically.




2.11.2. Configure Away!


That's it! You now have a fully functional Webmin interface running on your server. You can access it by logging into https://localhost:5555, where 5555 is the port you specified during the setup. If you installed via rpm, the default port of 10000 was used. Log in with the username and password you specified earlieryou should see something similar to Figure 2-24and have a look around.



Figure 2-24. The default Webmin interface in a web browser




As you can see, the Webmin interface has several sections, including System, Networking, Servers, Hardware, and Cluster. Each of these tabs contains options related to its title. If you'd like to change the IP address of your server, for instance, select Networking, then Interfaces. Click on the name of the interface you want to change, and enter your new IP address. You can add new users, manage your logfiles, configure DNS and Apache, and perform a whole host of other administrative functions with the same ease we've just demonstrated.


The Servers tab is another area where Webmin shines, and this is where the true capabilities of Webmin can be seen. Under the Servers tab, you can see the full list of applications that Webmin supports by default. We've already mentioned quite a few, but let's take a moment to explore Webmin's capabilities. Clicking the Apache icon will show you many of the options that are available to you. For this example, let's suppose we want to add a virtual host to Apache. Normally, this would require manually editing httpd.conf, followed by a restart of the Apache service. With Webmin, we can do all this with a few simple clicks. The bottom of the configure page for Apache has the options for creating a virtual serverall you have to do is fill in the blanks and click Create Now. Everything will be done for you, including restarting Apache to pick up the new virtual server from the configuration file, without ever having to fire up emacs or vi.


As you can see, Webmin provides numerous options and capabilities. Webmin even makes it easy for developers to write their own modules to use with it, allowing its capabilities to be expanded and extended by the community. Webmin can be a lifesaver when you need to install or work with complicated tools such as Sendmail or DNS in a hurry. It also simplifies managing clustered or high-availability servers. No matter how you look at it, there's no denying the usefulness of such a versatile administration tool.




2.11.3. See Also


  • http://www.webmin.com


Brian Warshawsky













No comments: