How do I make webmin secure? [closed]

web-server ubuntu

Solution 1:

Securing it really depends on how it's being served. But by default it comes with it's own web server. /etc/webmin/miniserv.conf has allow and deny directives. So you can use this to only allow access from the localhost.

Then as you say just ssh in using port tunneling to access it. At that point in theory it would be as secure as your ssh setup is. If someone gains ssh access to your server then you already have issues.

Solution 2:

How I secured mine:

  • Create a Webmin only user with a unique password. Delete all other webmin users
  • Change the default port
  • Limit access via IP addresses at both the firewall and the webmin panel

Solution 3:

Probably the easiest way to achieve this is to use mod_access to control access to the directory tree that Webmin lives in. Here is a quickstart page on the subject. Here is a second option.

Related

SELinux symlinks?
Why could a new IIS7 install be showing blank pages for all files?
how to provide a web interface to sftp server
psql empty database before restore
Using Active Directory as an LDAP server for Linux clients
Rsync ignore time comparison
Can a Windows Active Directory user have aliases?
I need to replace munin with something more scalable [closed]
Twitter.com's weird WHOIS: what is going on?
Deleting an Amazon AWS S3 bucket with many thousands of files/keys
How can I keep Apache from falling over?
Lighttpd sending wrong headers for UTF-8 content