Webmin and ConfigServer Security & Firewall Installation
Webmin is an excellent choice because it’s lightweight and secure – it runs on a PERL mini-server and doesn’t need any other application server installed before you can start using it.
What makes Webmin powerful is its modules and you can add more, like ConfigServer Security & Firewall (CSF).
While you can install Webmin using APT, it probably won’t be an up-to-date version. If you follow the Webmin developer’s installation instructions, it will be.
I’m not going to tell you how to configure Webmin. I’ve used it as a control panel for more than a couple of years and I only use a fraction of what it’s capable of. More than anything, I set up my cron jobs with it.
If you’re comfortable using the command line, you don’t really need a control panel. Using the command line is tedious, however, and things like CSF will take forever to configure one line at a time.
Find a directory on your server to work from and run these commands:
wget http://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
Of course, you’re not done yet. Now you need to make sure you log into Webmin and install the CSF module. Go to Webmin/Webmin Configuration/Webmin Modules. Install it from a local file by browsing to /etc/csf/csfwebmin.tgz to do so.
You should keep CSF in test mode until you’re positive everything is working correctly. You’ll find “ConfigServer Security & Firewall” under the “System” menu item in Webmin. What you’re looking for after you click that menu item is “Firewall Configuration”, which you also need to click on.
You can read the CSF documentation about what all the options do. For now, we’re concerned with “SECTION:IPv4 Port Settings” and the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT items. You need to make sure you add the port for Webmin and the ports affecting your application servers (web server, FTP server, etc.), including the “pasv” ports used by your FTP server (using a colon to delineate the range, 30000:35000 as a formatting example). You then need to remove the ports you’re not using.
Knowing which ports need to be open or closed is the reason you should install the CSF module after you’ve installed everything else. It’s a good idea to note the port numbers you eventually use while installing everything else. Keeping a list is easier than memorizing. It’s also safer. If you forget a port number, you can easily lock yourself out from a particular application server. While it’s not too difficult to fix your mistakes, fixing them takes time and effort.