ONLamp.com    
 Published on ONLamp.com (http://www.onlamp.com/)
 See this if you're having trouble printing code examples


FreeBSD Basics

An Introduction to Webmin -- Part Two

11/01/2000

In last week's article, we installed the Webmin utility; this week, I want to start by configuring Webmin for secure access, then take a peek at some of the powerful features that come with the Webmin modules.

Open up your web browser and type in the URL you use to access your Webmin server. Once you've been authenticated, you should see this screen in your web browser.

By the way, most of the screenshots I'm using come from Joe Cooper's Webmin User's Guide. Joe's site is well worth reading through if you want to learn more about using Webmin. The rest of the screenshots are from Webmin's homepage.

Let's start with the "Webmin Configuration" hyperlink. This is where you'll be able to configure most of the additional security measures, which will be especially useful if you are accessing your Webmin server over the Internet. You'll want to poke about yourself, but here's a quick summary of the security related options:

Note: If you ever screw up your configuration and are no longer able to access your Webmin server, all is not lost. Become the superuser on the computer running Webmin, look for and then edit the offending configuration in the /usr/local/etc/webmin/miniserv.conf file.

Now, let's "Return to index" and click on the "Webmin Users" link. You should see something like this, with the user you created next to a listing of all the Webmin modules that user is allowed to access. If you ever decide to give another user access to your Webmin server, you have very fine control over what that user will be able to view and modify. For example, if you click on the "Sendmail Configuration" link, you can specify which configuration files that user can modify, and whose e-mail he is allowed to read.

If you spend some time clicking on the modules in this section, you'll get an idea of what you're capable of doing to the FreeBSD computer running the Webmin server. Aren't you glad you created a non-intuitive username and hard to guess password, and you're reading the logs of all connection attempts?

Now let's see what type of work we can do from the Webmin interface. Return to the index and click on the "System" tab, which should give you something like this. Let's start by clicking on the "Software Packages" link. You should receive the graphical equivalent of the pkg_info command. Now click on one of your packages to read its description and the date it was installed. Those who've been around FreeBSD for a while may not be impressed, as this is the equivalent of cd-ing into that port's directory and doing a more pkg/DESCR. Try clicking on the "List Files" button. Ever install a port and wonder where it put everything and what all it created on your FreeBSD system? Wonder no more, as you now have a list of all the files that were installed with that port, as well as their locations, size, and ownership.

Once you're finished poking about, return to the index and click on the "Running Processes" hyperlink. This is just a graphical output of the ps command, but I love its layout. All running processes can be sorted by PID, user, memory, and CPU. If you sort by PID, you'll receive a tree-like structure, with every child process slightly to the right of its parent process. Each process has a hyperlink to further details about that process. If you need to send a signal to a process, you can click on the TERM button to choose the type of signal. (Do a man 1 kill to learn more about signals -- and never kill a process if you don't know what that process does).

Return to the index and click on the "Scheduled Cron Jobs" hyperlink to see something like this. You will receive a listing of all users' cronjobs. You can edit and create new cronjobs using this interface. If you are a visual person, you may find it easier to click on the desired time slots rather than remembering where to place the right number in vi using the crontab utility.

Return to the index and click on "Users and Groups." If you haven't yet figured out what users and groups get installed with FreeBSD, here's your chance to see them all. Click on an existing user to see their details. Note that you can change a user's login shell or home directory and set password restrictions and account expiry from this screen. Go back a screen and click on "Create a new user." You have more options in this screen than in the equivalent /stand/sysinstall screen.

The last link I want to look at in the System tab is "System Logs." If you click on this link, you'll get a listing of all your system logs and their locations. If you click on one of the logs, you can set its logging facilities and priorities. Even handier, you can click the "View logfile" button. It will display the last 20 lines by default, but you can change this by typing in another number and pressing the "Refresh" button.

Return to the Index and click on the "Servers" tab. This is where you'll see that Webmin is a utility you can grow into as you learn more about your FreeBSD system. As you learn how to build and administer Apache Web servers, BIND DNS servers, MySQL database servers, Samba servers, and Squid proxy servers, you'll have a nice GUI interface to access their configuration files either locally or remotely. None of the servers I just mentioned are built by default, but they can all be added using FreeBSD's ports collection.

I would like you to click on the hyperlink for "Sendmail Configuration," as a working Sendmail server is installed with your FreeBSD system. You should get a screenful of configuration hyperlinks; however, you won't want to muck about with these unless you know what you're doing. For now, you might just want to take note that each hyperlink is much more user-friendly than the sendmail configuration file.

The hyperlink I'd like to look at is the one labeled "User Mailboxes." When you click on this link, you'll receive a table showing all users and how much mail (in bytes) is in their mailbox. Very handy to see which users on your system aren't deleting their mail. If you click on a user, you will see all of their e-mail messages. You can click on a message to read, reply, forward, or delete it. This could provide a very handy way for users to access their e-mail from a browser on any computer with an Internet connection. It would just be a matter of creating another username and password to the Webmin server, and removing that user from all modules except "Sendmail Configuration" in the "Webmin Users" link under the "Webmin" tab. Don't forget to change all the default yes-es to no-s and only give them permission to read their own e-mail.

Let's return to the Index and click on the "Hardware" tab. Then click on "Network Configuration," then "Network Interfaces." This screen shows your current configurations and which interfaces are configured to run at boot time. If you click on an interface, you can change its IP address, subnet mask, and toggle its status as being up or down. If you return to the "Network Configuration" screen, you'll also see hyperlinks to change your default gateway, edit /etc/resolv.conf, and edit /etc/hosts via a GUI screen.

Let's return to the Index and click on the "Webmin" tab and the "Webmin Configuration" hyperlink, then the "Webmin Modules" link. If you scroll down to the bottom half of the screen, you'll see all of the currently installed Webmin modules. If you see any modules that you don't plan on using, you can mark and delete them; they will no longer show up in your browser when you access the Webmin server.

You can also install new modules from this screen. If you surf over to ThirdPartyModules.com, you'll get a description of modules you can install. This site is nicely laid out, as the modules have been organized into the Webmin tabs they will be installed into. The modules themselves are very small files that end with a *.wbm extension. One of my favorite add-on modules is the "Network Utilities" module that installs into the "Networking" tab. This is how I installed it:

mkdir /usr/webmodules

In Netscape, I right-clicked the module to save it into this directory. I then went back to the "Webmin Modules" link, and clicked the ellipse (the button with ... in it) next to the "Install Module from local file" box. Once I had located the downloaded module, I clicked the "Install Module From File" button, and I was finished.

To see if it worked, I clicked on the "Networking" button, and I had a new hyperlink to click on. When I enter this screen, I get hyperlinks to the ping, traceroute, nslookup, nmap, whois, and dig utilities, as well as a handy IPV4 subnet calculator. If I scroll down a bit further, I have the option of typing in an IP address or hostname; I can then Ping It! Trace It! Look Up! Scan It! or Dig It! Note that the nmap utility is the only one that is not installed by default with your FreeBSD system. If you wish, you can build it from the ports collection; please keep in mind that you can get yourself into legal trouble if you nmap hosts other than those in your own network.

Not only can you easily add modules to your Webmin server, you can also upgrade your entire Webmin server without losing your customized configurations. Go back one screen and click on the "Upgrade Webmin" hyperlink to find the screen that allows you to do this.

Hopefully this article has piqued your interest in this powerful utility. We've also covered some concepts that may be new to you. In the next few articles I want to take a deeper look at how FreeBSD manages your system log and at what processes are and how to manipulate them.

Dru Lavigne is a network and systems administrator, IT instructor, author and international speaker. She has over a decade of experience administering and teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux, and BSD systems. A prolific author, she pens the popular FreeBSD Basics column for O'Reilly and is author of BSD Hacks and The Best of FreeBSD Basics.


Read more FreeBSD Basics columns.

Discuss this article in the Operating Systems Forum.

Return to the BSD DevCenter.

 

Copyright © 2009 O'Reilly Media, Inc.