Some of us with unmanaged hosting – where we administrate the server ourselves – crave a control panel to balance the austerity of the terminal.
… While learning command line discipline, at least, this is understandable and sensible. Usability, after all, is a friend of security, as can be the added point-click security options offered by a decent panel.
Let's set up Webmin, arguably the best open source CP (and IMHO far better than the best-known commercial alternatives.)
Managing unmanaged with Webmin
One could argue that an added graphic user interface, a GUI, is an extra attack-route into a server. That's because it is! Then again, properly secured, security risks can be all but mitigated. (Never say never.) There is also the mantra that says that complexity is the enemy of security. So if terminal use is complex, sometimes we need a compromise.
For those with shared hosting, this isn't an issue. Having cPanel, Plesk or similar is a given. With unmanaged hosting, on the other hand, there will be a control panel provided by the web hosting company too but this is a sparse affair, perhaps with DNS management but essentially to launch our server's underlying Linux distribution or to add resources such as extra RAM. Some of us, particularly newbie administrators, could do with more and, if a CP is an encouragement to help understand a server's functionality and to assist in keeping it secure, have one and show your teeth. 😀
A quick glance at the CP market uncovers dozens of options but, for general needs, these can be whittled down to just a few. Some, such as the prettily chromed cPanel, are pricey and, in terms of functionality, there are free alternatives that are, in any case, superior.
The classic panel that is Webmin is useful as a visual security tool as well as reducing the need for other administrative GUI tools such as phpMyAdmin. Webmin has numerous options for expansion, its modules including one for ConfigServer, for example, the easily configured and highly optioned firewall we look at as a user-friendly alternative to configuring an iptables firewall. For those who need DNS management there is the Bind DNS server module which, again, is easily installed to provide a relatively simple way to hook up our domains online.
How to install Webmin
Assuming root and using your system's equivalent of the Debian-based aptitude package manager – so swap aptitude for, say, the yum manager if you use a RedHat-based system – we'll install some dependency packages, change into a suitable location, download Webmin and install it. You should check for the latest Webmin version, changing the version shown here (twice):
Towards the end of the installation dialogue, you'll see a line like this:
That's the server hostname and the GUI's port, 10000, through which we connect to the server from our local machines. If you have a properly configured firewall then the port will need opening. The Cop's Setup an iptables Firewall has the know-how.
How best to secure Webmin
There are many options to defend Webmin but the most useful of all is to allow only connections from trusted IP addresses in the configuration file:
Append the file with this line, swapping the IP for yours:
If an IP changes and you're denied access, for example if the address is dynamic (which is commonly the case for home users) then gain access using the terminal and edit the allow= directive with your new IP. You may have to do this quite often but, then again, this is better than allowing the opportunity for brute force password attacks.