Webmin Modules

As previously mentioned, one of the best things about Webmin is that it is completely modular. Every server daemon, every system feature, every Webmin feature, has its own module that connects to the core Webmin libraries and answers to the Webmin miniserv.pl web server. Because of the elaborate, but still easily comprehensible, modular framework that Webmin provides, it is very easy to write full-featured modules that integrate seamlessly into Webmin and your operating system.

Install Module

From this page, you can install new modules, either from a local file, an uploaded file, or a file downloaded from an FTP site or website. Webmin module packages are simply tar archive files that contain the complete directory structure of the module. These modules end in the suffix .wbm.

Note 

A great resource for additional Webmin modules is the Third Party Modules for Webmin [http://www.thirdpartymodules.com/webmin] page, run by Richard Teachout. Richard is a longtime fan and supporter of Webmin and a regular contributor to the Webmin discussion lists. After spending some time on the list, he perceived a need for a comprehensive resource for modules that work with Webmin. At the time of this writing, there are over 200 modules listed at his site, though it should be mentioned that the site also lists the modules included in the standard Webmin distribution. If you've written a Webmin module, you should post it to this site, so others will be able to easily find and benefit from your efforts. It is also a great place to find example code to help you when writing your own modules (in addition to the standard modules, of course!). Beware, however, that as with any group of free software the modules vary wildly in quality. Some are excellent and on par with any of the best standard Webmin modules, while others are in such an early stage of development that they are not useful.

Clone Module

The Clone Module feature provides an impressive amount of flexibility for administrators who must provide limited administration access for several instances of the same software on the same machine. If, for example, you have two different Apache configurations running on your system, you could clone the Apache module to allow different users to access the different Apache configurations.

Caution 

While this feature does allow interesting and powerful options for multiple users configuring similar services, Webmin should not yet be viewed as an ideal tool for administering a virtual hosting server, where many users configure the Apache virtual servers, Sendmail aliases, and DNS entries. There are a number of commercial and Open Source efforts underway to provide such services within the framework of Webmin. At the time of this writing none are production-ready, but with the number of people pursuing the goal, it is likely that such a tool is not far off.

To clone a module, select the module to clone from the drop-down menu, then enter a new name for the module. To avoid the problem of the new module interfering with the original module, you will want to carefully consider the service being administered by the cloned module. Usually, you will need to set up the new clone with a wholly separate installation of the service being configured. So, for example, if you have cloned Squid so that you may run two different Squid processes you must configure them to use separate configuration files, cache directories, log files, and process IDs. If this precaution is not taken, one or both of the processes will behave erratically or fail to work at all.

Example: Cloning the Squid Module

To take the example further, let's create a clone of the Squid module and configure two Squid processes to run on the same server without stepping on each other. First, copy the squid.conf configuration file from the command line or the Webmin File Manager to a file named squid2.conf.

[root@delilah /]# cp /etc/squid/squid.conf /etc/squid/squid2.conf 

Next, create your module clone of the Squid module (referred to as Squid2 from here on). Browse to the newly created clone module, and edit the module configuration by clicking the Module Config link in the upper left corner of the Squid2 index page. Here you should change the Full path to squid config file to point to the newly created configuration file. You will also need to change the Command to start squid and Command to stop squid to point to another file name as well; let's call it /etc/rc.d/init.d/squid2. We'll have to actually create these files before trying to start up our new Squid process.

We will also need to alter the Full path to PID file to point to squid2.pid rather than squid.pid and change the log directory name. I usually use /var/log/ squid2 for a cloned Squid process. This is all that is required within the module configuration for the moment. Click Save to save your changes and return to the Squid2 index page.

Now that we've told Webmin the file to edit, we can actually edit it to configure-Squid2 to operate independently of Squid. First we'll need to change Squid2 to operate on a different port or IP than Squid, because no two processes can listen on the same IP:port combination. 8080 is a good secondary cache port to use. This option is configured in Squid2:Ports and Networking. Next alter the cache directories to something different than the Squid cache directories, because they cannot be shared. The same must be done for the access.log, cache.log, and store.log. As mentioned previously, I usually place my Squid2 logs into /var/log/squid2, so this directory must be created with ownership by the same user and group names that Squid runs under ( squid:squid on Red Hat Linux).

Finally, copy your Squid start-up script to a new location and modify it to call Squid with the new configuration file and check against the new PID file. For example, on my Red Hat system I would copy /etc/rc.d/init.d/squid to /etc/rc.d/ init.d/squid2. You can now configure access controls in Webmin to allow access to separate administrators for each Squid process or further modify the Squid2 configuration to provide different functionality than the primary Squid process.

Delete Modules

In this section, you may select any modules that you'd like to delete from your Webmin installation. Beware that using this form will delete the selected modules entirely from the system. If you decide later to use a deleted module, you will have to download the module again and reinstall it. It is usually a better idea to simply remove the module from each users access list (possibly even including root), rather than deleting the module here. However, if disk space is a concern, you can use this to delete all unneeded modules from your system.

Operating System

Webmin knows how to interact with your system based on configuration files for each module that are selected based on the operating system configured here. If your system has Webmin preinstalled, you usually will not need to concern yourself with this. But if you upgrade your system, and the new version moves some configuration files to new locations, updating this may be necessary. On this page you may also set the search path for both programs (like system commands) and for libraries (such as for the password encryption library). Again, these options rarely need to be changed unless you have installed system tools and configuration files in odd locations on your system.

Note 

In current versions of Webmin, at least up to 1.020, changing the OS does not alter existing module configuration files and will only apply to newly installed modules. A future version will likely alter this behavior to modify the already installed module configurations only if they have not been altered by the user.

Language

Webmin supports a large number of languages for titles and module text. This page allows you to choose the language of your Webmin. New languages are being added regularly. Users of languages that are not supported are encouraged to write a translation and send it to the author of Webmin. He's always happy to receive new translations, and users are always happy to find that their native language is one that is provided with the distribution.

Index Page Options

This page allows you to configure the layout of the Webmin index pages. You may choose the number of icons to display per row using the Number of Columns field. The Categorize modules? selects whether modules will be grouped under category tabs based on the type of function they perform. The Default category is the category that will be displayed when first logging in to Webmin. An alternative header can be used by selecting the Use alternative header option, which provides a somewhat different appearance by placing the host information on the upper right side of the display rather than below the Webmin title. Finally, selecting Go direct to module if user only has one? will cause a user to see only the module they have access to, rather than the Webmin index page when logging in.

Upgrade Webmin

Using this page, you may upgrade your Webmin to the latest version automatically from the Webmin home page or from a local or uploaded file. This module will use a package management system to perform the update if one is available on your system. If, for example, you have an RPM-based system like Caldera, Red Hat, or Mandrake, this feature will upgrade from an RPM package (it even knows how to find the correct package type for your system on the Webmin home page!).

Authentication

Webmin provides some nice features for preventing brute force passwordcracking attacks on your server, as well as protection against 'forgetful users.' If your Webmin server is widely accessible and provides service to many users, it is probably wise to make use of these features to maximize the security of your system. Security policy in your company may even require usage of some or all of these features.

Password timeouts provide a means to prevent brute force password attacks by limiting the frequency of login attempts by a given user. If enabled, Webmin will block hosts that have a given number of failed login attempts. The time to block the host is configurable in seconds. Webmin will expand the delay on continuing failed login attempts from the same host. Logging of blocked logins can also be enabled.

The next option, Log blocked hosts, logins and authentication failures to syslog configures Webmin to log authentication failures and blocked addresses attempting to log in to syslog. These logs will usually appear in the secure or auth file in your system log directory.

Session authentication provides a means of logging users out after a specified-time of inactivity. This can help prevent unauthorized users from accessing the server by simply using the computer of someone who does have access. This isn't fool-proof, as many browsers now have password management features and authorized users may store their passwords on the local computer, making them accessible to anyone with access to the computer. If security is a concern, you should strongly discourage users from saving login information for the server on their local machine, as well as discouraging leaving open browser sessions when away from their desk or office.

Finally, you may choose to allow logins from users on the same machine where Webmin is running based on the username. This feature should only be used for single-user machines, where security is not a major concern. If enabled, anyone with access to the local machine will easily be able to gain root access to your system.

Caution 

As any complete system administration tool must, the Webmin web server runs with root privileges. Security should always be a first priority for any publicly accessible Webminenabled system. A weak security policy, or no security policy at all, is an invitation for disaster. A comprehensive security policy will include a good firewall, an intrusion detection system, vigilance with regard to software updates and errata from your OS vendors, and perhaps most importantly education of users and administrators of your network.

Reassign Modules

As mentioned earlier, Webmin categorizes modules based on the function they perform, by default. This page provides a simple means for moving modules to new categories if you find the default categorization is confusing to you. Some third-party modules, written before the categorization features were added to Webmin, are miscategorized into the Others category by default, so you may wish to manually move them to their more sensible locations using this module.

Edit Categories

Instead of moving modules within existing categories it may be most sensible to create a new category for your favorite modules or for custom modules written just for your organization. This page allows you to create new module categories, as well as rename or relabel old ones.

Webmin Themes

One of the more fun additions to the Webmin feature set is that of ' themeability.'Themes in Webmin are very flexible, allowing a theme developer to modify nearly every single aspect of the appearance and layout of the Webmin pages. For example, in the screenshots throughout this guide, you may have noticed that the icons and titles are not the same as the standard Webmin appearance. These screenshots were taken on a Webmin using the Swell Technology theme, which is a custom theme designed by the author of this book with some help and pointers from Youngjin Hahn (aka Artwiz of Themes.org fame), and Charity Baessell (the webmistress and designer at Swell Technology).

Tip 

For information on making your own themes for Webmin, you can consult the Creating Themes [http://www.webmin.com/modules.html#theme] section of the Webmin module developers guide.

Switching amongst installed themes is simply a matter of selecting the preferred theme and then clicking the Change button. Installing a new theme requires you to choose the location of the file (Webmin themes have a suffix of .wbt) and then clicking Install Theme. Changing themes will require a forced refresh of your browser display in order for all new icons and title images to be displayed because browsers often cache images and pages. To force a refresh in Netscape, Mozilla, and related browsers, press and hold the SHIFT key, while clicking the Refresh button. Similarly, in Internet Explorer, press and hold the CTRL key while clicking the Refresh button. Themes can be chosen systemwide or for an individual user in both Webmin and Usermin.

Trusted Referers

Because Webmin is web-based, it is accessed from your browser. Browsers often store authentication information and will automatically resend it on demand from the Webmin server. Because of this, it could be possible for remote websites to trigger dangerous actions on your Webmin server (assuming the website owner has malicious intentions-it would not happen accidentally!). This page allows you to configure which hosts may refer to actions on your Webmin server.

Anonymous Module Access

In some circumstances it may be useful to have one or more Webmin modules accessible to any user, without requiring authentication. For example, it may be useful to allow users to view some read-only statistics about the server, or allow a user to mount or unmount a device using a custom command, or similar. Extreme caution should be taken when using this feature of Webmin, as giving users access to the wrong module can easily lead to an exploitable condition. To be more explicit, very few standard modules are harmless enough to be safely usable with this feature.

SSL Encryption

If your system has the OpenSSL libraries installed, as well as the Net::SSLeay Perl module, you will be able to use SSL-encrypted connections to your Webmin server. This increases the security of your server by allowing password and user information to be sent in an encrypted form. If you will be accessing your Webmin server from across the Internet, it is strongly suggested that you use SSLencrypted sessions. Now that both the export restrictions on encryption have been relaxed and the RSA patent has expired, it is becoming more common for Linux and UNIX versions to always ship with the necessary libraries and Perl module for this to be enabled out of the box. But if you do need some help setting this option up, there is a nice tutorial on the Using SSL With Webmin [http://www.webmin.com/webmin/ssl.html] page.

Certificate Authority

This page allows you to configure the SSL certificate for this server. Using this, you may configure your system to allow logins without a user name and password. If configured, clients may request a personal certificate in the Webmin Users module, and from then on the browser will authenticate itself via the certificate provided. If your users are located in controlled and secured environments, this feature can make using Webmin simpler.

To create a certificate, simply fill in the authority information (this can be any information you'd like to include, such as the name of the administrator of the Webmin server), and click Setup certificate authority.

Caution 

If using this authentication method, users should be made aware of the potential security issues involved. Anyone who has access to a machine with such a certificate will be able to access the Webmin server with the same privileges as the primary user of the machine. This prevents the use of the login timeouts that are normally possible with Webmin, and so should be used with caution in environments where a logged-in machine may be left unattended.



The Book of Webmin... or How I Learned to Stop Worrying and Love UNIX
The Book of Webmin: Or How I Learned to Stop Worrying and Love UNIX
ISBN: 1886411921
EAN: 2147483647
Year: 2006
Pages: 142
Authors: Joe Cooper

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net