Ok, going from an old ensim into virtualmin - and there are lots more things in virtualmin!
Ran install.sh on my new server, install went great.
Now I want to secure it a bit. I used apf on my old server, and don't know (and don't see much documentation on) how to use the firewall module in virtualmin.
First, I changed sftp to a different port, that was easy enough. But what do I need to do in the firewall to open the port I changed to and close 22?
Then to turn off ftp, I stopped ProFTPD Server, will it restart on reboot or stay stopped? Should I close related ports (how?). //edit - oh, found the bootup module and disabled it -
And in another thread it was suggested to create a user other than root, and give them root privlages, instead of logging in as root. I see where to create a new user, but to give them root privlages, do I just assign them to the /root group? If not, how? (I don't rent out space on the server, it's just my own sites).
Thanks for any suggestions,
Chris
Post edited by: christophera, at: 2009/05/01 09:56<br><br>Post edited by: christophera, at: 2009/05/01 10:10
<div class='quote'>First, I changed sftp to a different port, that was easy enough. But what do I need to do in the firewall to open the port I changed to and close 22?</div>
While I don't use the firewall module (I use Shorewall and just manually edit text files), in theory what you'd be able to do is go into Webmin -> Networking -> Linux Firewall.
From there, you should be able to add, modify, and delete rules, and ultimately tweak your firewall the way you want.
<div class='quote'>Then to turn off ftp, I stopped ProFTPD Server, will it restart on reboot or stay stopped? </div>
Sounds like you found how to solve this one -- that's exactly it, just telling it not to start on bootup.
<div class='quote'>And in another thread it was suggested to create a user other than root, and give them root privlages, instead of logging in as root. I see where to create a new user, but to give them root privlages, do I just assign them to the /root group? If not, how?</div>
Whether or not to do this is personal preference.
In my opinion, when there's only one "master" user involved, you don't gain anything in Virtualmin by logging in as a user other than root -- unless access to the root account itself is disabled. And I'm not sure how to do that :-)
However, you could accomplish giving a general user "admin" access by setting them up in the /etc/sudoers file to have full privileges.
At that point, when that user logs into Virtualmin, they'd have master admin access.
-Eric
an alternative to adding a user to the sudoers file is to create a user under webmin-webmin-Webmin Users nad select all the options you really need for that user. specifically under Available Webmin modules
in that field you can also limit options per module.
also you can limit access for root to only allow connection to webmin from a specific IP such as your static home IP, after you are completely happy with the administrative role of the new user (Who isn't called admin or other obvious names)
Thank you for your help! I'm learning :)
The other thing I thought I would do is change the virtualmin port from 10000. But for the life of me, I can find where that setting is.
I see the webmin ports and settings, do I change it there for virtualmin as well?
and in ports and settings, what does 'listen for broadcasts on udp port' refer to? Does it need to match the 'listen on ip and ports' setting?
ha, am I in over my head? Virtualmin has so many configuable settings that I am used to!
<div class='quote'>I see the webmin ports and settings, do I change it there for virtualmin as well?</div>
Virtualmin is a module of Webmin. So, yes. Webmin network settings effects Virtualmin.
<div class='quote'>and in ports and settings, what does 'listen for broadcasts on udp port' refer to? Does it need to match the 'listen on ip and ports' setting?</div>
So, here's the funny thing. I have never, in my entire 9 years of using Webmin, thought about that particular option. ;-)
I do think, however, that the option is probably for the automatic Webmin server detection features (for when you have lots of Webmin boxes on your network and want a central server to "learn" about all of them).
--
Check out the forum guidelines!