webmin is a great system admin tool for several linux distributions

how to make it very secure in a easy and simple way?

>> my approach is:
bind the webfrontend to localhost only, and after that access the webfrontend using ssh and tunneled connection ;-))


- if you run: netstat -nat |grep LISTEN |grep 10000,
you see that webmin is running on all interfaces
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN

- webmin runs on tcp port 10000, usually accessible for everybody (if the server is in the internet and now firewall on the server is turn on)
>> you can access the frontend using https://your-server-ip:10000/

- let change the port, so that is runs only on localhost / 127.0.0.1 tcp 10000:
edit configuration file: /etc/webmin/miniserv.conf
>> change line listen=10000 to listen=0 #this disabled udp port 10000 and that other webmins are finding us!
>> add line: allow=127.0.0.1 #allow only access from localhost, but the port will still be open!
>> add line: bind=127.0.0.1 #this binds the tcp 10000 socket to 127.0.0.1:10000 > not public visiable anymore!
>> restart the service: service webmin restart

- check if webmin now runs only on localhost port:
run command: netstat -nat |grep LISTEN |grep 10000
now it should look like:
tcp 0 0 127.0.0.1:10000 0.0.0.0:* LISTEN

computer2know :: thank you for your visit :: have a nice day :: © 2024