Difference between revisions of "Webmin to remotely administer your LinkStation"

From NAS-Central Buffalo - The Linkstation Wiki
Jump to: navigation, search
(port from linkstationwiki.org)
 
Line 116: Line 116:
  
 
4. Restart Snort and you're good to go. I highly recommend you check out http://www.snort.org and do a more thorough reading on Snort. You can download new rules, learn to create custom rules, and more at the official website.
 
4. Restart Snort and you're good to go. I highly recommend you check out http://www.snort.org and do a more thorough reading on Snort. You can download new rules, learn to create custom rules, and more at the official website.
 +
 +
[[Category:Debian]]
 +
[[Category:Webmin]]

Revision as of 23:06, 25 June 2006

1. I have posted several Webmin screenshots at the end of this page. Install Webmin and its related packages. This will install the core features, the CPAN interface (for installing Perl modules), a java-based file manager, and firewall (iptables) manager. Use the command:

apt-get install webmin webmin-core webmin-cpan webmin-filemanager webmin-inetd webmin-logrotate webmin-firewall

2. If you installed OpenSSH:

apt-get install webmin-sshd

2. If you installed Samba:

apt-get install webmin-samba

3. If you installed Apache:

apt-get install webmin-apache webmin-htaccess 

4. If you installed MySQL:

apt-get install webmin-mysql webmin-exim 

5. If you installed Snort:

apt-get install webmin-snort 

6. Edit /etc/webmin/miniserv.conf to allow your IP address (under the "allow" line).

7. Log in to Webmin as root, using the current root password. The default port is 10000.

8. Select the Webmin Configuration icon and adjust the settings. I highly recommend changing the port to something other than 10000, limiting access to your IP address(es), using SSL encryption (disable non-SSL access), enabling password timeouts and session authentication, and using MD5 encryption for passwords.

9. Also, select System, then Disk and Network Filesystems, and ensure everything is correct (such as the swap space being enabled).

10. Browse around Webmin and you'll find a plethora of things to control/customize. I'll cover the major ones below.

NOTE: For extra security you can disable Webmin when it's not needed and enable it when it is needed. Use the commands:

/etc/webmin/stop 
/etc/webmin/start 

Contents

Configuring Samba

1. Click on the Servers tab, then click on the Samba icon.

2. Let's start by configuring some settings and tuning the performance variables. Click on the Unix Networking Options icon. Here is a good base configuration:


Idle time before disconnect - Never
Trusted hosts/users file - None
Network interfaces - Automatic
Keepalive packets - Don't send any Send every Secs
Maximum packet size - Default Bytes
Listen on address - All
Socket options - TCP_NODELAY, IPTOS_LOWDELAY, SO_SNDBUF 4096

3. Click save after each completing each section. Remember this is only a base configuration and you may need to adjust them for your particular system and needs. Now click on the Windows Networking Options icon. Make sure your correct workgroup is entered. You shouldn't need to change any other settings.

4. Now click on the Authentication icon. Select yes for encrypted passwords, no to null passwords, and no to change Unix passwords.

5. Select Miscellaneous Options. The following is a good base configuration:


Debug Level - Default
Cache getwd() calls? - Yes
Lock directory - Default  
Log file - Default  
Max log size - 1,000 kB
Allow raw reads? - Yes
Allow raw writes? - Yes
Overlapping read size - Default
chroot() directory - None  
Path to smbrun - Default  
Client time offset - 0 Mins
Read prediction? - No

6. It may sound incorrect, but do not select read prediction as it actually decreases performance in most situations.

7. Next click on Convert Unix Users to Samba Users and do just as the title implies.

8. Select Edit Samba Users and Passwords and make sure to enable the accounts you wish to use and disable the accounts you don't wish to use.

9. Then click on Create a New File Share and create a file share via the user you wish to own this share (not root). Make sure that this user has the appropriate permissions to create the share. This is the number one problem users encounter so I will repeat it one more time: Make sure that this user has the appropriate permissions to create the share.

10. Select Security and Access Control and customize the permissions to your needs.

11. Click on Restart Samba Servers and you're done!


Configuring Apache

1. You can configure Apache through Webmin by selecting Servers, then clicking the Apache icon. However, I find it much easier to edit the /etc/apache/httpd.conf file. Everything is clearly documented and virtually idiot-proof.


Configuring MySQL

1. Select Servers, MySQL Database Server, User Permissions, and update the usernames and passwords. Don't delete the default Debian account!

2. Select Backup Databases and set up a backup schedule. This is very, very important (lest you wish to start from scratch)!

3. You can manually add/delete databases, tables, and so on. However, most programs will automatically create their necessary tables and only require that you create an appropriate user.


Configuring Snort

1. Select Servers then Snort IDS. Enable or disable the rules you want. Most rules are enabled by default and will work as such; the rules which are not enabled by default require extensive customization to configure (something I can't cover here).

2. Next select Network Settings and ensure all the port settings are correct.

3. Click on Edit Config File and make sure all your information is correct, including the HTTP_PORTS and RULE_PATH. If you're having trouble with rules not being found, try manually entering the rule path (for example, /etc/snort/rules/local.rules) or completely removing the rule path (for example, local.rules).

4. Restart Snort and you're good to go. I highly recommend you check out http://www.snort.org and do a more thorough reading on Snort. You can download new rules, learn to create custom rules, and more at the official website.