Webmin and ConfigServer Security & Firewall Installation

Webmin If you set up a developer server of any kind, installing the operating system probably won’t include any kind of control panel. The nice thing about that is you get to choose your control panel.

Webmin is an excellent choice because it’s lightweight and secure – it runs on a PERL mini-server and doesn’t need any other application server installed before you can start using it.

What makes Webmin powerful is its modules and you can add more, like ConfigServer Security & Firewall (CSF).

Installing Webmin

While you can install Webmin using APT, it probably won’t be an up-to-date version. If you follow the Webmin developer’s installation instructions, it will be.

I’m not going to tell you how to configure Webmin. I’ve used it as a control panel for more than a couple of years and I only use a fraction of what it’s capable of. More than anything, I set up my cron jobs with it.

If you’re comfortable using the command line, you don’t really need a control panel. Using the command line is tedious, however, and things like CSF will take forever to configure one line at a time.

Installing CSF

Find a directory on your server to work from and run these commands:

tar -xzf csf.tgz
cd csf

Of course, you’re not done yet. Now you need to make sure you log into Webmin and install the CSF module. Go to Webmin/Webmin Configuration/Webmin Modules. Install it from a local file by browsing to /etc/csf/csfwebmin.tgz to do so.

Configuring CSF

You should keep CSF in test mode until you’re positive everything is working correctly. You’ll find “ConfigServer Security & Firewall” under the “System” menu item in Webmin. What you’re looking for after you click that menu item is “Firewall Configuration”, which you also need to click on.

You can read the CSF documentation about what all the options do. For now, we’re concerned with “SECTION:IPv4 Port Settings” and the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT items. You need to make sure you add the port for Webmin and the ports affecting your application servers (web server, FTP server, etc.), including the “pasv” ports used by your FTP server (using a colon to delineate the range, 30000:35000 as a formatting example). You then need to remove the ports you’re not using.

Knowing which ports need to be open or closed is the reason you should install the CSF module after you’ve installed everything else. It’s a good idea to note the port numbers you eventually use while installing everything else. Keeping a list is easier than memorizing. It’s also safer. If you forget a port number, you can easily lock yourself out from a particular application server. While it’s not too difficult to fix your mistakes, fixing them takes time and effort.

July 19, 2013

Web Development

Previous and Next Articles:

« »


Your comment will appear below the form when it's approved. When the page redisplays after hitting the send button (it can take a few seconds), your comment has been sent.

When replying to someone else's comment, please start the comment with "@" and the name so I can put it in the right place.

Books by William James Asberry (a friend)
Comments Policy
Privacy Policy

RTCXpression established Feb 28, 2011
Copyright © 2013-2017 RT Cunningham