Webmin to remotely administer your LinkStation
1. I have posted several Webmin screenshots at the end of this page. Install Webmin and its related packages. This will install the core features, the CPAN interface (for installing Perl modules), a java-based file manager, and firewall (iptables) manager. Use the command:
apt-get install webmin webmin-core webmin-cpan webmin-filemanager webmin-inetd webmin-logrotate webmin-firewall
2. If you installed OpenSSH:
apt-get install webmin-sshd
2. If you installed Samba:
apt-get install webmin-samba
3. If you installed Apache:
apt-get install webmin-apache webmin-htaccess
4. If you installed MySQL:
apt-get install webmin-mysql webmin-exim
5. If you installed Snort:
apt-get install webmin-snort
6. Edit /etc/webmin/miniserv.conf to allow your IP address (under the "allow" line).
7. Log in to Webmin as root, using the current root password. The default port is 10000.
8. Select the Webmin Configuration icon and adjust the settings. I highly recommend changing the port to something other than 10000, limiting access to your IP address(es), using SSL encryption (disable non-SSL access), enabling password timeouts and session authentication, and using MD5 encryption for passwords.
9. Also, select System, then Disk and Network Filesystems, and ensure everything is correct (such as the swap space being enabled).
10. Browse around Webmin and you'll find a plethora of things to control/customize. I'll cover the major ones below.
NOTE: For extra security you can disable Webmin when it's not needed and enable it when it is needed. Use the commands:
1. Click on the Servers tab, then click on the Samba icon.
2. Let's start by configuring some settings and tuning the performance variables. Click on the Unix Networking Options icon. Here is a good base configuration:
Idle time before disconnect - Never Trusted hosts/users file - None Network interfaces - Automatic Keepalive packets - Don't send any Send every Secs Maximum packet size - Default Bytes Listen on address - All Socket options - TCP_NODELAY, IPTOS_LOWDELAY, SO_SNDBUF 4096
3. Click save after each completing each section. Remember this is only a base configuration and you may need to adjust them for your particular system and needs. Now click on the Windows Networking Options icon. Make sure your correct workgroup is entered. You shouldn't need to change any other settings.
4. Now click on the Authentication icon. Select yes for encrypted passwords, no to null passwords, and no to change Unix passwords.
5. Select Miscellaneous Options. The following is a good base configuration:
Debug Level - Default Cache getwd() calls? - Yes Lock directory - Default Log file - Default Max log size - 1,000 kB Allow raw reads? - Yes Allow raw writes? - Yes Overlapping read size - Default chroot() directory - None Path to smbrun - Default Client time offset - 0 Mins Read prediction? - No
6. It may sound incorrect, but do not select read prediction as it actually decreases performance in most situations.
7. Next click on Convert Unix Users to Samba Users and do just as the title implies.
8. Select Edit Samba Users and Passwords and make sure to enable the accounts you wish to use and disable the accounts you don't wish to use.
9. Then click on Create a New File Share and create a file share via the user you wish to own this share (not root). Make sure that this user has the appropriate permissions to create the share. This is the number one problem users encounter so I will repeat it one more time: Make sure that this user has the appropriate permissions to create the share.
10. Select Security and Access Control and customize the permissions to your needs.
11. Click on Restart Samba Servers and you're done!
1. You can configure Apache through Webmin by selecting Servers, then clicking the Apache icon. However, I find it much easier to edit the /etc/apache/httpd.conf file. Everything is clearly documented and virtually idiot-proof.
1. Select Servers, MySQL Database Server, User Permissions, and update the usernames and passwords. Don't delete the default Debian account!
2. Select Backup Databases and set up a backup schedule. This is very, very important (lest you wish to start from scratch)!
3. You can manually add/delete databases, tables, and so on. However, most programs will automatically create their necessary tables and only require that you create an appropriate user.
1. Select Servers then Snort IDS. Enable or disable the rules you want. Most rules are enabled by default and will work as such; the rules which are not enabled by default require extensive customization to configure (something I can't cover here).
2. Next select Network Settings and ensure all the port settings are correct.
3. Click on Edit Config File and make sure all your information is correct, including the HTTP_PORTS and RULE_PATH. If you're having trouble with rules not being found, try manually entering the rule path (for example, /etc/snort/rules/local.rules) or completely removing the rule path (for example, local.rules).
4. Restart Snort and you're good to go. I highly recommend you check out http://www.snort.org and do a more thorough reading on Snort. You can download new rules, learn to create custom rules, and more at the official website.