|
Project: Linux  Howtos
Remote administration of Linux
By Trevor Warren <trevor@freeos.com>
Posted: ( 2000-11-13 08:11:57 EST by )
Are you looking for an easy to use and highly flexible method of
administering your Linux box remotely? Does the thought of being able to
walk up to a Windows PC and configure your Linux box back home through a
web browser sound interesting? Read on for details on how to configure a
Web based administration tool on your Linux machine.
The glory of Windows, Gates and the fences surrounding them ... Ever wondered why you pay so much for those closed source products that
help you manage your system remotely on Windows. I guess it comes with the
territory. Realistically speaking there aren't many tools available out
there in the market that make remote administering of Windows a real easy
task. One of the most slick pieces of software that I know of comes from
the stables of Symantec called PC Anywhere. In sharp contrast, the open source movement has several options for
remotely administering your PC. One of them is a nifty utility called
Webmin. Its home page is located at http://www.webmin.com. Webmin as the name suggests is a Web Based tool for configuring and
tweaking your Linux box remotely. By remote I mean via a LAN/WAN or even
accessing a server hosted at some server farm or data center on a
broadband network with your service provider. Where your Linux box is
located doesn't really matter. All that you need to remotely maintain
your Linux box is a browser and a connection to the network. Preferably
you should be using a browser which supports JAVA and SSL. Seasoned Linux users will claim that remote administration can be more
safely accomplished via a simple TELNET or SSH connection to the Linux
box. I do not dispute this point. However, there are a large section of
Linux users who are not comfortable typing cryptic commands at the Unix
shell prompt. A graphical and easy to use web based interface is no doubt
better from their point of view. And even for seasoned Linux users,
web-based administration does give you a certain level of flexibility. For
instance if you are traveling, you could walk up to a cybercafe and
configure your Linux box back home through a Windows based web browser.
Getting and Installing WebminAs I mentioned earlier, you can download Webmin from it's home page
located at http://www.webmin.com or any of the mirrors mentioned out
there. The download size is a manageable 3 MB or so in the RPM format (Red
Hat Package Manager). I would suggest that you download the Webmin RPM's
from the site as they are comparatively easier to install. At present
Webmin is at version 0.82. Before you install Webmin you must make sure
you have Perl, version 5.005 or above, installed on your system. Every
Linux installation comes with Perl pre-loaded, but in case you did not
install Perl, I would suggest that you download the latest compiled
binaries from its homepage located at http://www.perl.com. Having downloaded the Webmin rpm, login into your system as root. Now change into the directory where you have downloaded the Webmin
RPM and issue the following command. rpm -ivh webmin-0.82.rpm
Using WebminNow that Webmin is installed, administering your Linux box is going to be
a piece of cake. Load your browser and point it to http://localhost:10000 Localhost represents the hostname you have assigned your machine and 10000
is the port on which Webmin listens to requests. For security reasons I
would suggest changing this port, keeping in mind that you can only use
ports between 1024 - 65,535. I'll cover this next.
Securing your Webmin setupO.K, so you GUI lovers ultimately have something to really cheer about. On
an operating system whose administration could be simply performed via the
command line, GUI options are not very popular. But as I mentioned
earlier, novices will find them a welcome feature. Beware of the default settings of Webmin, it's open for the world to
connect to, but of course it does have passwords, supports SSL and et al.
The first thing that you need to do after installation is to change those
default settings to make your setup more secure. There are three main settings that need to be modified in Webmin, one is
the PORT on which Webmin listens, the interfaces on which Webmin will
receive connections and the other is a list of the remote IP addresses
which can connect to Webmin. Lets change the port on which Webmin listens as well as the IP address on
which it will accept requests. After having logged into Webmin click on
the icon mentioned below.
Webmin ConfigurationOn the page that is displayed click on the following icon. Port and Addresses The first option is the IP addresses on which Webmin will accept
connections. The whole point here is that, the local machine on which
Webmin is running may have several static and dynamic interfaces. You may
be connected to the Internet in more ways then one, and you surely don't
want Webmin to be accessible to everyone. That's the reason why you have
the option of specifying the interface on which Webmin should listen. The next option allows you to mention the port on which the Webmin server
will accept requests. Change this from the default value of 10000, to any
other port in the range of 1025 - 65535. If possible, make sure no other
services are running on the port that you have chosen. One simple way of
cross checking is to look out for that port in the file /etc/services. If
you see any other service that requires that port and you are using it
already then choose another port.
---- IP Access Control ---- __ Allow from all addresses DDDDDDD
__ Only allow from listed addresses DDDDDDD
__ Deny from listed addresses DDDDDDD Another important setting that I need to touch upon is the remote and
local addresses which can connect to the Webmin server. By default any IP
address can connect to the Webmin server. You should change this setting
to reflect the machine/machines from which you would allow connections to
the Webmin server. The drawback however is that you have to explicitly
mention every IP address that is allowed to make connections to this
server, the IP/Netmask pair doesn't work out here. This is not a problem
because you should allow access to Webmin from only a few trusted
machines. Every time you make a change to any Webmin configuration make it
a point to save the changes. Enabling logging and login timeouts is also
recommended. Webmin features and settings Coming to the main Webmin configuration the various main sections that you
will find in Webmin are as follows. -- Webmin
-- System
-- Servers
-- Hardware
-- Others Webmin - The first section by default is "Webmin" and is meant to help you
configure your Webmin setup as we saw earlier. This section generally
deals with ACCESS privileges, ACL's, ports, logging, user access and
various other parameters related to Webmin setup. I suggest that you give
this section a serious look. System - This section consists of the following settings Bootup and Shutdown This section helps you reboot or shutdown the system and also
configure the different services that are running on your system through
the /etc/rc.d/rc.* scripts. You could always stop, start or restart any
services from the options provided out here. Disk Quotas
This section helps you apply Disk Quotas for your users only if Disk
Quotas have been installed and enabled for your file system during it's
creation. Disk and Network Filesystems This section enables you to monitor the state and size of your
mounted partitions. One could also mount, unmount and change the mount
time parameters using these settings. Manual Pages
This section enables you to search for and read the MAN pages in a
web based format. NFS Exports
This section helps you manage your /etc/exports file, which is used
to create / remove NFS shares. Running Processes
This section helps you view and kill the services running on the
machine. Scheduled Cron Jobs
This section helps you to schedule / reschedule or delete any CRON
jobs that you want to run on your machine. Software Packages
This section allows you to view all the installed software
packages, un-install any of them, install any packages from a local file
system or even upload and install a package. Note the packages we are
talking out here must be in the RPM format. SysV Init Configuration
This section helps you view the various services that are
configured to run in the various run levels, change the run levels or even
create a new init process. System Logs
This section helps one to configure what kind of logging should go
on. Using this section you can change the logging pattern on your Linux
box. For example, send the authentication and kernel output to different
log files unlike the default installation which logs all of them to a
single /var/log/messages file. Users and Groups
This section will help you view / create / modify system users.
Servers
This is one section whose look depends on the nature of the
utilities and servers that you have installed on your system. The
following sections show up on my SuSE installation. -- Apache Webserver
-- BIND 4 DNS Server
-- BIND DNS Server
-- DHCP Server
-- FTP Server
-- Internet Services and Protocols
-- Majordomo List Manager
-- MySQL Database Server
-- PPP Accounts
-- Postfix Configuration
-- PostgreSQL Database Server
-- Samba Windows File Sharing
-- Sendmail Configuration
-- Squid Proxy Server These sections help you configure the relevant servers. As I discovered,
the options included for each services configuration are quite elaborate,
but you may still have to manually edit the CONFIG files in case you
require to do some extensive tweaking.
Hardware
This section consists of the following configuration issues.
Linux Bootup Configuration
This section will help you configure your BOOT manager LILO (LInux
LOader) if you ever need to tweak around with the BOOT preferences.
Linux RAID
Setting up RAID devices on LINUX was never easier, using these menus
you can make good use of the RAID support Linux has to offer. Network Configuration
This section will help you setup your NIC's, Loopback adapters and
even the virtual adapters that you may want and activate / deactivate. You
may also setup your Linux machine as a ROUTER to route packets to other
networks using this section. To configure your /etc/resolv.conf go to the
sub section called "DNS". Partitions on local disks No longer do you have to use FDISK, CFDISK with the ncurses
interface. Partition your HDD's, view the file system status and the free
/ consumed blocks using this section. There are several more sections in Webmin like -- Printer Administration
-- System Time
-- Custom Commands
-- File Manager
-- Telnet Login
One of the most coolest tools that Webmin has is telnet through the
browser and the file manager. If telnet via a browser is the cake then the
file manager is the icing on the cake. The file manager is loaded with
options like the nifty little option of uploading files to the server,
sharing files and directories using either the SMB or the NFS protocol
over the network. Apart from these options, the normal copy, cut and paste
options work very well.
Third party modules There are a lot of third party modules available for Webmin right from
configuring qmail to running a remote Java VNC console in your browser.
All of these modules are available as *.wbm files and you just have to
download these modules from the Webmin homepage or any of the mirrors. Installing these modules is a piece of cake as you'll soon find out. Just go to the section Webmin/Webmin Configuration/Webmin modules and use
the install module option on the page to upload the file to the server and
install it.
As we saw, there is an exhaustive list of utilities, tools and options
that Webmin provides you with to carry out remote administration of your
Linux machine. The whole idea is to make the system administrator's life
easier. Apart from the standard Webmin modules there are many other
non-standard modules available at the site using which you may automate
many administration tasks on your system. I'm a die-hard command line
freak and will always feel more comfortable performing server
configuration tasks via the command line. However, Webmin is definitely an
option that even I find useful.
Webmin Homepage
Other articles by Trevor Warren
Current Rating: [ 6.24 / 10 ]
Number of Times Rated: [ 76 ]
|
