Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-07-2004, 03:39 PM   #1
LQ Newbie
Registered: Sep 2004
Posts: 18

Rep: Reputation: 0
How Secure is Webmin?

I've been thinking about using a control-panel type utility for administering my Linux server, and have heard some good things about Webmin. However, how secure is it? Would I be opening another hole into my system by installing and running it? If not, what are the best ways to secure it?

By way of comparison, I'm presently loggin on via SSH and using the command line to administer by box.
Old 09-07-2004, 06:31 PM   #2
Registered: Aug 2004
Posts: 695

Rep: Reputation: 31

the first link is sort of useful, but a google search (the second link) comes up with lots of info about webmin security vulnerabilites. you should read up on some of the results of the google search.
Old 09-08-2004, 04:26 AM   #3
Registered: Aug 2004
Location: Europe
Posts: 608

Rep: Reputation: 50
Be sure to have the latest and secure version of the webmin software.
Use https access and make proper, custom SSL certificate for webmin (don't ever use the default one shipped with webmin distribution).
If possible, limit access to webmin by firewall.
And you should be safe.
Old 09-08-2004, 05:17 AM   #4
Registered: Aug 2004
Location: Northbrook, Illinois
Distribution: CentOS-5
Posts: 311

Rep: Reputation: 30
Don't know if it helps any but in addition to the above methods I also switch the port webmin runs on. It defaults to port 10000, switch it to whatever you like.

Old 09-12-2004, 02:54 AM   #5
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
it would be a good idea to not have webmin running all the time... just start it via ssh when you need it...

and if you don't actually need it, it's best to not use it at all...
Old 09-13-2004, 09:29 AM   #6
Registered: Aug 2004
Location: Europe
Posts: 608

Rep: Reputation: 50
not have webmin running all the time... just start it via ssh when you need it...
Hehe... The way I use webmin is exactly the oppostite of your approach - the only thing I use webmin for is to start sshd that is not running for some reason .
Old 09-13-2004, 10:30 AM   #7
Registered: Jun 2004
Posts: 126

Rep: Reputation: 15
I followed the instruction:
Install STunnel
The program is installed as standard with many Linux distributions, or can be downloaded from and compiled for your system.

Create a new tunnel
Use Webmin's SSL Tunnels module to create a new tunnel on port 10001 called ssl-webmin that uses the Connect to remote host mode to connects to localhost port 10000 (assuming you are running Webmin on port 10000).
The SSL certificate and key file option should be set to Use Webmin's cert, and all of the other options left as their defaults.

Activate the tunnel
Hit the Apply Changes button in the SSL Tunnels module to activate your new tunnel.

Configure Webmin so that it knows about the SSL tunnel
Added the line inetd_ssl=1 to /etc/webmin/miniserv.conf and run /etc/webmin/stop ; /etc/webmin/start.

Login to Webmin in SSL mode
You should now be able to connect to https://yourhostname:10001/ and login as normal. The old URL on port 10000 will no longer work properly.

My config is as following:
Service name TCP port Active? Tunnel destination
ssl-webmin 10001 Yes Connect to host localhost.localdomain:10000

and I connecting with the router, opened the port 10001 for the stunnel. but it is not sucess!!

What wrong I did?



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
webmin troubles - Failed to write to /etc/webmin/module.infos.cache : No space left o coal-fire-ice Linux - Software 1 07-28-2005 11:08 AM
VSFTPD with secure & non-secure logins Ricci Graham Linux - Software 5 04-07-2005 05:12 PM
regarding webmin... zameer_india Linux - General 20 01-13-2005 04:29 AM
Secure email (SSL vs. secure authentication) jrdioko Linux - Newbie 2 11-28-2004 02:39 PM
vsftpd very very secure, so secure i can't use it... baronsam Linux - Networking 4 10-06-2003 07:12 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:04 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration