Section 6.1. Webmin

6.1. Webmin

Webmin is a browser-based system administration tool that offers a range of capabilities. The interface is easy to use, and, while it offers a variety of tools itself, Webmin also supports plugins that can be used to extend and customize the program's functionality. Webmin can help you perform the full range of administrative tasks, from user management to backups, and everything in between. Nearly every server I've built or administered over the past four years has contained a Webmin installation: it really is invaluable.

In this section, we'll touch on some of the functionality that Webmin offers. For a more in-depth look, I highly recommend the excellent title, The Book of Webmin (Or: How I Learned to Stop Worrying and Love UNIX).

6.1.1. Installing Webmin

Webmin is available for download from http://www.webmin.com/ as an RPM package. You can choose to download the source code and compile Webmin for yourself, but with a Red Hat-based system like Fedora Core, the preferred method is to install the package using the RPM system. This will write an entry to the RPM database, allowing the easy upgrade and, if necessary, rollback or removal of the package later on. We'll discuss these tasks a little later.

To install the package, just double-click on the RPM file. You'll be guided through a series of simple dialogs, and Webmin will be installed.

6.1.2. Webmin Basics

Webmin installs a small, purpose-specific Web server on the machine on port 10000. You can access it via http://servername:10000/.

From this page, shown in Figure 6-1, you can log in to Webmin by entering your root username and password. Once you do so, you'll see the Webmin screen pictured in Figure 6-2.

Figure 6-1. The Login to Webmin page.

Figure 6-2. The Webmin home screen.

6.1.3. Webmin User Administration

If other users are going to administer the system, it's a good idea to create separate logins for each of those users . To add a new Webmin user, click the Webmin Users link on the main page, then click Create a New Webmin User from the resulting page. You'll see the screen shown in Figure 6-3.

Figure 6-3. Creating a new Webmin user.

As you can see, many options are available in the creation of a new user. Here, we'll cover two basic options: creating a Webmin-only user, and creating a Webmin user who's synchronized with a Linux user.

Creating a Webmin-only user is pretty straightforward. Fill out the Username field, select Set to… from the Password drop-down, enter the user's password, and leave the default settings in the other fields. Further down the page, in the Modules section, you'll see a collection of checkboxes that allow you to specify the features to which this user will have access. Check the appropriate checkboxes (or click the Select all link to select all of the checkboxes), and click the Save button at the bottom of the page.

Creating a Webmin user profile that's synchronized with a Linux user profile is a similarly straightforward process. Enter the Linux user's username into the Username field, and select Unix authentication from the Password drop-down. Don't enter a password: this will be taken from the Linux user profile. Select the appropriate module checkboxes, and click Save to create the user.

In keeping with the Linux model, Webmin users can be grouped, and access can be assigned to these groups. To create a new Webmin group, click the Create a new Webmin group link on the Webmin Users page, enter the name of the group, and select the modules to which that group will have access. Existing users can be added to the new group from their user pagejust click on the username and the Member of group drop-down will appear in the top-right corner.

6.1.4. Webmin Features

The real beauty of any Web-based tool is usually its interface, and this is certainly the case with Webmin. As the browser is one of the most well-known interfaces in computing these days, the learning curve involved in moving around within the Webmin interface is minimal. The Web-based nature of Webmin also allows an administrator to perform necessary tasks from anywhere on the network, orprovided the package is properly installed and securedfrom anywhere in the world.

Figure 6-4. The Webmin sections.

The Webmin modules are broken into several groups, which can be accessed via the icons at the top of the Webmin interface, shown in Figure 6-4. Let's take a look at the modules behind four of the most important groups for server administration: System, Servers, Networking, and Hardware. We'll use these modules in later sections of this chapter, so consider the next few pages an overview of the features offered by Webmin.

Figure 6-5. Webmin modules available in the System group.

6.1.5.1. System Group Modules

The System Group provides access to important system-wide configuration tools, as shown in Figure 6-5.

Bootup and Shutdown

This tool displays a list of all services, describes each, and identifies whether or not that service is currently configured to start at boot. This page allows you to start and stop these services, and configure them to start (or not start) when the system starts. Toward the bottom of the page is a drop-down list of all the runlevels; you can use this to view and configure what happens at each runlevel . Finally, you can use this screen to shut down or reboot the system.

Change Passwords

This tool displays a list of all users, and allows an administrator to change the password for each.

Disk and Network Filesystems

This tool provides a descriptionand identifies the current statusof the various filesystems on the server. It also provides the ability to mount and unmount existing filesystems and mount new filesystems.

Filesystem Backup

This tool displays a list of all the currently configured filesystem backups, and provides the administrator with a means to create new backups. These backups are created either with the dump command, or as TAR archives.

Running Processes

This tool lists all the processes running on the system, along with each process's Process ID (PID), the process owner, and the command used to start the process. By default, the processes are displayed in a hierarchy, but the display can be sorted by user, memory use, and CPU time; it's also searchable. You can also use this module to execute a command as a specified user.

Scheduled Commands

This tool displays all the currently defined at jobs, and provides a page on which you can define more.

Scheduled Cron Jobs

All the cron jobs that are active on the server are displayed in this tool; it also allows you to create new jobs.

Software Packages

This tool provides an interface that allows you to search for RPM packages installed on the system. Also provided are tools to install new packages, upgrade existing packages, and to search for individual file elements of an installed package.

Users and Groups

This tool provides a full complement of tools to manage users and groups, including a tool to manage multiple users at once using batch files.

6.1.5.2. Servers Group Modules

Figure 6-6. Webmin modules available in the Servers group.

Webmin's Servers modules, pictured in Figure 6-6, allow you to configure and maintain several different software packages that act as servers for other client applications. We'll use Webmin to configure several of these packages later in this chapter, and to establish a strong level of system security later on. For now, let's walk through some of the features of the Servers section of Webmin.

Apache Web Server

The Apache module, like many of the modules in the Servers group, contains so many options that it's almost another module group in itself. It even offers the ability to edit the httpd.conf file via the Edit Config Files page. You can see some of the other options offered in the Apache module in Figure 6-7.

Figure 6-7. The Apache Webserver Webmin module.

CVS Server

CVS (Concurrent Versioning System) is a tool that's used widely by developers to track changes in code. The CVS Server page provides options for creating CVS users, user access control, and server configuration. It also allows the logged-in user to browse the repository, or library of code currently in CVS.

Majordomo List Manager

Majordomo is an email list manager and has long been recognized as the standard in Linux. The Majordomo List Manager page in Webmin allows you to create new lists and to define the parameters of existing email lists.

MySQL Database Server

Figure 6-8. The Webmin MySQL module.

In the top part of the page shown in Figure 6-8, the MySQL module displays an icon for each database that's hosted on the server. Clicking on a database icon displays new icons that represent each of the tables in that database; these can be clicked on to display the structure of that table. From here, you can edit the structure of the table, or edit the data in that table. At each point along the way, an administrator has access to a full complement of tools with which to manipulate MySQL, its databases and tables; you can drop a database or table, create a database backup, create a new database or table, execute SQL statements, and more.

Postfix Configuration

QMail Configuration

Sendmail Configuration

Webmin provides the means to configure several mail servers . Sendmail is the longtime standard for Linux, while Postfix and Qmail are newer, more easily configured alternatives. The Webmin configuration interfaces for these servers provide all the tools necessary to configure and secure your mail server.

ProFTPD Server

WU-FTP Server

ProFTPD and WU-FTP are the two FTP services that can be configured via the default Webmin installation. Administrators can use these tools to add or remove FTP users and establish user home directories.

SSH Server

SSH is the secure shell. It allows remote users to work within the shell environment on the server over a secure connection. The SSH Server module of Webmin allows you to configure authentication, access control, and much more. We'll take a detailed look at SSH in Chapter 7.

Samba Windows File Sharing

We briefly discussed Samba back in Chapter 4. Samba is a utility for sharing files and printers with Windows machines on the network. The Samba Windows File Sharing page in Webmin displays current shares, and allows you to create new shares, and configure or reconfigure all the working parameters of new and existing shares.

SpamAssassin Mail Filter

SpamAssassin is a robust tool to fight spam email. The SpamAssassin Mail Filter module in Webmin allows you to configure many aspects of SpamAssassin, including what is done with messages identified as spam email.

Webalizer Logfile Analysis

Webalizer is a Web server access log analysis tool. It can provide you with interesting and valuable insight into the usage of your server, and it's included in the default installation of Fedora Core 4. The Webalizer Logfile Analysis page in Webmin allows you to determine which log files will be analyzed, add new files for analysis, schedule regular analysis, and to manually generate a new log analysis report.

6.1.5.3. Networking Group Modules

Given the fact that you've created a Web server, the networking features of your machine are especially important. Webmin's Networking module group, pictured in Figure 6-9, includes modules for administering firewalls and other security features, bandwidth monitoring modules, and several special protocols for allowing access to the server machine.

Figure 6-9. Webmin modules available in the Networking group.

Bandwidth Monitoring

This page provides information about traffic received by the server, using iptables rules and a package called mrtg that's built in to the default installation of Fedora Core. mrtg provides a graphical representation of server traffic during administrator-selectable time periods, which is useful for analyzing the server's peak and low traffic periods. It also breaks that traffic into "downloaded" and "uploaded" segments.

Linux Firewall

Shorewall Firewall

The Linux Firewall module creates and administers iptables rules the rules used by the Security Level Configuration tool. We'll be looking more closely at iptables a bit later on. Shorewall is a third-party package that provides services similar to iptables.

NFS Exports

NFS is the Network File System, a tool that allows your Linux server to share files with other servers on the network. We took a brief look at NFS in Chapter 4.

Network Configuration

The Network Configuration page in Webmin allows you to configure your network interfaces or devices, set up your server as a router or a gateway, configure how your server makes use of DNS, change your server's host name, and add host addresses.

6.1.5.4. Hardware Group Modules

Figure 6-10. Webmin modules available in the Hardware group.

As critical as networking is to the operation of the server, it's all irrelevant if your hardware is misconfigured or somehow damaged. Webmin's hardware configuration and monitoring tools, shown in Figure 6-10, provide a good overview of the current operational state of the critical hardware devices on the server. Webmin also provides several great tools for configuring the hardware, including boot configuration, drive status, RAID, partition management, and logical volume management.

GRUB Boot Loader

The GRUB Configuration screen in Webmin displays the current kernel versions installed on the machine as icons. Select an icon to gain access to complete configuration options for all the GRUB parameters.

System Time

This comparatively simple module allows you to change the system time, set the system's time zone, and set up time synchronization with an NTP server .

6.1.5.5. Other Modules

Figure 6-11. Webmin modules available in the Others group.

The Webmin application also provides tools that don't really fit into any of the other categories, so they're placed in the "Others" module group shown in Figure 6-11. They include:

Command Shell

Figure 6-12. Using Webmin's Command Shell tool.

This is a rather low-tech implementation of a command prompt inside a Web browser. Enter a command into the text box at the bottom of the page, as depicted in Figure 6-12, and submit the form to see the command's output. Be sure not to enter a command that would require some interaction, as this command shell is completely non-interactive.

SSH/Telnet login

This tool comprises a Java applet that provides SSH or Telnet access to the server from the browser.

File Manager

This Java applet provides graphical access to the filesystem on the server in the style of the Windows Explorer or GNOME's File Browser.

System and Server Status

This module displays the status of the various services on the machine, allowing you to configure alerts and add monitors. For example, you could configure this module to send a message to a pager if Apache or the monitoring service itself goes down.

Perl Modules

This tool lists all of the Perl modules currently installed on the server, and provides a browser interface to CPAN, the Comprehensive Perl Archive Network . CPAN is an online collection of Perl modules used in all kinds of applications.

6.1.5.6. Webmin Configuration

Finally, you can completely customize the installation of Webmin to suit your tastes and needs from the Webmin section at the upper left of the main screen. As you can see in Figure 6-13, the customizable parameters include:

Change Language and Theme

Webmin is fully internationalized, with support for more than 30 languages. The look and feel of Webmin can also be customized, using one of three built-in themes , or one of any number of themes available online.

Webmin Configuration

The Webmin Configuration section is a rich interface for configuring nearly every element of the Webmin application, including network access, modules, authentication, certificates, and proxies.

Figure 6-13. Configuring Webmin.