Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision | ||
opennic:setup:webminbind:debian9u0webmin1u9base [2020-03-26T13:56:56Z] – fouroh-llc | opennic:setup:webminbind:debian9u0webmin1u9base [2020-03-26T19:12:05Z] – fouroh-llc | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Debian 9 with Webmin 1.9xx Fresh Install ===== | + | Configuration, |
- | Again, please make sure you install from within | + | http:// |
+ | Yet from the shell it seems to work fine. | ||
+ | {{: | ||
+ | |||
+ | ===== Fresh Install ===== | ||
+ | This page includes a very brief overview of Webmin | ||
{{: | {{: | ||
In the upper left corner the icon that looks like a gear is the Module Config. In the upper right corner the icon looks like a " | In the upper left corner the icon that looks like a gear is the Module Config. In the upper right corner the icon looks like a " | ||
Line 15: | Line 21: | ||
Use the listed above to plan and test your capacity to recover from errors, attacks or even from ransomware. These are very basic, simple measures to keep your service stacks functional. | Use the listed above to plan and test your capacity to recover from errors, attacks or even from ransomware. These are very basic, simple measures to keep your service stacks functional. | ||
+ | |||
+ | {{: | ||
+ | Linode backups and restores never fail, but they replace your ENTIRE instance. | ||
{{: | {{: | ||
- | The Webmin | + | Webmin |
{{: | {{: | ||
Recover from off-line backup in case of sustained attack going back for weeks or months. | Recover from off-line backup in case of sustained attack going back for weeks or months. | ||
- | === User Management === | + | ==== User Management |
User management from the shell is expanded by Webmin several ways. The most advanced is Usermin via LDAP, which is not really necessary on single instances. However, using the Webmin Users and Groups modules is necessary to allow login via Webmin - otherwise the user is limited to ssh login only. Also - on production servers Webmin shall not be installed to reduce the number of software exploits. | User management from the shell is expanded by Webmin several ways. The most advanced is Usermin via LDAP, which is not really necessary on single instances. However, using the Webmin Users and Groups modules is necessary to allow login via Webmin - otherwise the user is limited to ssh login only. Also - on production servers Webmin shall not be installed to reduce the number of software exploits. | ||
Line 28: | Line 37: | ||
Webmin Users and Groups control access to Modules - but the UNIX user must also exist. | Webmin Users and Groups control access to Modules - but the UNIX user must also exist. | ||
- | === Module Management === | + | ==== Module Management |
These should be the IP4 addresses of the OpenNIC Tier-2s. Normally you use Google' | These should be the IP4 addresses of the OpenNIC Tier-2s. Normally you use Google' | ||
Line 34: | Line 43: | ||
The DNS administrator has full access to the DNS module and a few others like backup/ | The DNS administrator has full access to the DNS module and a few others like backup/ | ||
- | === DNSSEC Initialization | + | ==== Network Security ==== |
- | Access both screens, and set as you wish. Webmin | + | Debian does not assume anything about the purpose of the system, it does not install or configure additional software, and it does not start services by default. // |
+ | |||
+ | {{: | ||
+ | If you start iptables with a wrong configuration you might lose access to your instance! | ||
+ | |||
+ | ==== Webmin | ||
+ | Some modules in Webmin are matured and well-rounded - the BIND module, for example. Some are obsolete, no longer maintained, and these days they are only included for backwards compatibility | ||
+ | |||
+ | {{: | ||
+ | Webmin has good support for FirewallD - but it must be installed from the shell. | ||
- | === Module Config | + | ==== Logging ==== |
- | Finally, click on the gear in the upper left corner, and change from the defaults: | + | Webmin provides access to several logging facilities, with management for logging added for BIND and for Webmin. |
- | {{: | + | {{: |
- | If you want to run under chroot set it here.\\ | + | Security starts with these logs, as nearly all attacks |
- | If reverse zone is REQUIRED | + | |
- | More to come later | + | |
- | {{: | + | ==== Conclusion ==== |
- | More to come later | + | You may write your own scripts and use a tool such as Ansible |
- | {{: | ||
- | More to come later | ||
- | //NOTE: Editing of this page is suspended until information for a production server becomes available.// | ||