Upload
api-3851309
View
1.436
Download
11
Embed Size (px)
DESCRIPTION
Webmin System Modules - A.Aravindan Arun
Citation preview
Aravindan Arun, JRFAravindan Arun, JRF
Contents at a Glance Introduction of WEBMIN
Installing WEBMIN
Secure Your WEBMIN Server
User and Groups
Disk and Network File System
NFS File Sharing
Disk Quotas
Partitions, RAID and LVM
Bootup and Shutdown
Scheduled Commands
Process Management
Software Packages
System Logs
File System Backup
Network Configuration
• Webmin is a web-based system configuration tool for Open Solaris, Linux and other Unix-like systems.
• Webmin running as its own process and web server. It defaults to TCP port 10000 for communicating.
• Webmin is a web-based interface for system administration for Unix.
• It is built around modules, which have an interface to the configuration files and the Webmin server. This makes it easy to add new functionality without much work.
• Webmin also allows for controlling many machines through a single interface, or seamless login on other webmin hosts on the same subnet or LAN.
• No compilation/compilers required.
• Platform Independent Architecture.• Runs over multiple platforms.
INSTALLING WEBMININSTALLING WEBMIN
The Webmin configuration directory
The Webmin log directory
Your Operating system type
Web server port
Web server login and password
Web server hostname
Use SSL
Start Webmin at boot time
EXERCISE 1 - INSTALLING EXERCISE 1 - INSTALLING WEBMINWEBMIN
EXERCISE 1 - INSTALLING EXERCISE 1 - INSTALLING WEBMINWEBMIN
EXERCISE 1 - INSTALLING EXERCISE 1 - INSTALLING WEBMINWEBMIN
SECURE YOUR WEBMIN SERVERSECURE YOUR WEBMIN SERVER
Network Security
Unless you are running Webmin on a system that is never connected to any other network, it is a wise idea to restrict which client network addresses are allowed to log in. Because Webmin is so powerful, anyone who manages to log in will have total control over your system as though they had root shell access.
Even though a username and password is always required to log in, it is always good to have an additional layer of security in case an attacker guesses your password.
IP access control also protects you from any bugs in Webmin that may show up in future that will allow an attacker to log in without a password some older releases have had just this problem.
SECURE YOUR WEBMIN SERVERSECURE YOUR WEBMIN SERVER
SSL Encryption
If you are accessing your Webmin server over an untrusted
network such as the Internet, you should be aware that, by
default, an attacker can capture your login and password by
listening in on network traffic.
This is particularly easy if you are using a non-switched Ethernet
network shared by people that you do not fully trust, such as
those in offices or universities.
USERS AND GROUPS
• The Webmin module Users and Groups that is found under the System category can be used to create, edit, and delete all the LINUX users and groups on your system.
• You should always be careful when using this module to edit existing system users like root and daemon because changing or deleting them could stop your system from working.
• Some users have their home directory set to / (the root directory).
• Deleting such a user would cause all the files on your system to be deleted!
EXERCISE 2 - CREATE USERS AND GROUPS
EXERCISE 2 - CREATE USERS AND GROUPS
EXERCISE 2 - CREATE USERS AND GROUPS
DISK AND NETWORK FILESYSTEMS
• The set of files that is actually mounted at a mount point is called a filesystem.
• Webmin directly modifies this file to manage filesystems that are mounted at boot time, and calls the mount and unmount commands to immediately activate and deactivate filesystems.
• The Disk and Network Filesystems Webmin module also manages with virtual memory.
EXECRISE – 3 DISK AND NETWORK FILESYSTEMS
NFS FILE SHARINGNFS FILE SHARING
NFS is the most common protocol for sharing files between UNIX systems over a network.
NFS servers export directories from their local hard disks to NFS clients, which mount them so that they can be accessed like any other directory.
Unlike other file sharing protocols, such as Windows networking, Netware, and AppleShare, NFS was designed to support client systems that have multiple users.
This means that a client never logs into a server, and that the server almost completely trusts the client to authenticate users.
DISK QUOTASDISK QUOTAS
• A Disk Quota is a limit set by a system administrator that restricts certain aspects of file system usage on modern operating systems.
• An administrator can prevent one user from consuming an entire file system's resources, or create a system of tiered access, whereby users can have different levels of restriction.
• Disk quotas are typically implemented on a per-user or per-group basis. That is, a system administrator defines.
EXERCISE 4 - DISK EXERCISE 4 - DISK QUOTASQUOTAS
PARTITION, RAID AND LVMPARTITION, RAID AND LVM
All hard disks used by Linux and other operating systems on PC hardware are divided into one or more non-overlapping regions called partitions.
Sometimes an entire hard disk will be taken up by one partition, but usually your system will have at least two partitions on the primary disk—one for the root filesystem, and one for virtual memory (also known as swap space).
Each partition can be used for either a single filesystem or for virtual memory.
The Amount of free disk space will be displayed as well. If a partition is being used for software RAID, the raid device that it is part of will be shown. Similarly, if a partition is part of an LVM volume group, the group name will be displayed under the Use column.
EXERCISE 5 - PARTITION, EXERCISE 5 - PARTITION, RAID AND LVMRAID AND LVM
EXERCISE 5 - PARTITION, EXERCISE 5 - PARTITION, RAID AND LVMRAID AND LVM
EXERCISE 5 - PARTITION, EXERCISE 5 - PARTITION, RAID AND LVMRAID AND LVM
BOOTUP AND SHUTDOWNBOOTUP AND SHUTDOWN
• This piece of code is called a boot loader, and is responsible for displaying a menu of operating systems to the user and loading one of them. There are several boot loaders available for Linux, such as LILO and GRUB, but they all do basically the same thing.
• At shutdown time, a series of scripts is also run to shut down servers and unmount filesystems.
• These scripts also have a fixed order so that the deactivation of networking and other basic services happens last. If requested and supported by the hardware, the last step in the shutdown process will be the powering off of the system by the kernel.
EXECRISE 6 - BOOTUP AND EXECRISE 6 - BOOTUP AND SHUTDOWNSHUTDOWN
EXECRISE 6 - BOOTUP AND EXECRISE 6 - BOOTUP AND SHUTDOWNSHUTDOWN
EXECRISE 6 - BOOTUP AND EXECRISE 6 - BOOTUP AND SHUTDOWNSHUTDOWN
EXECRISE 6 - BOOTUP AND EXECRISE 6 - BOOTUP AND SHUTDOWNSHUTDOWN
EXECRISE 6 - BOOTUP AND EXECRISE 6 - BOOTUP AND SHUTDOWNSHUTDOWN
EXECRISE 6 - BOOTUP AND EXECRISE 6 - BOOTUP AND SHUTDOWNSHUTDOWN
SCHEDULED COMMANDSSCHEDULED COMMANDS
• A Cron job is a UNIX term for a command that is run on a regular schedule by the cron daemon.
• Cron jobs are very useful for performing regular system tasks, such as cleaning up log files, synchronizing the system time, backing up files, and so on.
• If multiple commands to execute are entered on separate lines, some may fail due to extra newline characters being added to the at job.
• Scheduled commands created from within Webmin will use environment variables set by Webmin itself, which are not be the same as the variables that would have been set if the command was created by its owner at the shell prompt.
EXECRISE 7 - SCHEDULED EXECRISE 7 - SCHEDULED COMMANDSCOMMANDS
EXECRISE 7 - SCHEDULED EXECRISE 7 - SCHEDULED COMMANDSCOMMANDS
EXECRISE 7 - SCHEDULED EXECRISE 7 - SCHEDULED COMMANDSCOMMANDS
EXECRISE 7 - SCHEDULED EXECRISE 7 - SCHEDULED COMMANDSCOMMANDS
PROCESS MANAGEMENTPROCESS MANAGEMENT
• Every program, server, or command running on a Linux system is a process. At any time, there are dozens of processes running on your system, some for programs that you are interacting with graphically.
• Each process is identified by a unique ID known as the PID, or process ID.
• Each is owned by a single user and is a member of multiple groups, which determine the privileges that the process.
• A process will run until it chooses to exit, or until it is killed by a signal from another process.
EXECRISE 8 - PROCESS EXECRISE 8 - PROCESS MANAGEMENTMANAGEMENT
EXECRISE 8 - PROCESS EXECRISE 8 - PROCESS MANAGEMENTMANAGEMENT
EXECRISE 8 - PROCESS EXECRISE 8 - PROCESS MANAGEMENTMANAGEMENT
EXECRISE 8 - PROCESS EXECRISE 8 - PROCESS MANAGEMENTMANAGEMENT
EXECRISE 8 - PROCESS EXECRISE 8 - PROCESS MANAGEMENTMANAGEMENT
EXECRISE 8 - PROCESS EXECRISE 8 - PROCESS MANAGEMENTMANAGEMENT
SOFTWARE PACKAGESSOFTWARE PACKAGES
All Linux systems use some kind of software packaging system to simplify the process of installing and removing programs.
A package is a collection of commands, configuration files, man pages, shared libraries, and other files that are associated with a single program, combined into a single package file.
When it is installed, the package system extracts all the component files and places them in the correct locations on your system. Because the system knows which package every file came from, when you want to remove a package it knows exactly which files to delete.
EXECRISE 9 - SOFTWARE EXECRISE 9 - SOFTWARE PACKAGESPACKAGES
EXECRISE 9 - SOFTWARE EXECRISE 9 - SOFTWARE PACKAGESPACKAGES
EXECRISE 9 - SOFTWARE EXECRISE 9 - SOFTWARE PACKAGESPACKAGES
EXECRISE 9 - SOFTWARE EXECRISE 9 - SOFTWARE PACKAGESPACKAGES
EXECRISE 9 - SOFTWARE EXECRISE 9 - SOFTWARE PACKAGESPACKAGES
EXECRISE 9 - SOFTWARE EXECRISE 9 - SOFTWARE PACKAGESPACKAGES
SYSTEM LOGSSYSTEM LOGS
• Linux servers generate log messages for errors, warnings, requests, and diagnostic information.
• Logs can be written to a file, sent to another server, passed to another program via a pipe, or even broadcast to all users logged into the system.
• Normally logs are written to files in the /var/log directory.
• On most Linux distributions the file /var/log/messages contains general information, error and warning messages, the file /var/log/mail records incoming and outgoing mail, and /var/log/securerecords successful and failed logins.
FILE SYSTEM BACKUPFILE SYSTEM BACKUP
• All Unix and Linux Systems come with the tar Command, which can backups multiple file and directories into a single file, with all permissions and ownership information preserved.
• Tar is the most common Unix backup format, and although it was originally designed for backups to tape (tar stands for tape archive), it words just as well to local or remote files.
EXERCISE 10 - FILE SYSTEM EXERCISE 10 - FILE SYSTEM BACKUPBACKUP
EXERCISE 10 - FILE SYSTEM EXERCISE 10 - FILE SYSTEM BACKUPBACKUP
EXERCISE 10 - FILE SYSTEM EXERCISE 10 - FILE SYSTEM BACKUPBACKUP
EXERCISE 10 - FILE SYSTEM EXERCISE 10 - FILE SYSTEM BACKUPBACKUP
NETWORK CONFIGURATIONNETWORK CONFIGURATION
• A Linux system can be connected to a network or the Internet in several different ways—for example, via an Ethernet network card, a token ring card, or a PPP (Point-to-Point Protocol) connection over a dial-up modem.
• Every Ethernet network card, PPP connection, wireless card, or other device in your system that can be used for networking is known as an interface.
• Interfaces are usually associated with a piece of hardware (like a network card), but they can also be dynamically created (like PPP connections).
• For an interface to be used, it must first have an IP address assigned, which may be fixed and set from a configuration file on your system or dynamically assigned by a server.
EXERCISE 11 - NETWORK EXERCISE 11 - NETWORK CONFIGURATIONCONFIGURATION
EXERCISE 11 - NETWORK EXERCISE 11 - NETWORK CONFIGURATIONCONFIGURATION
EXERCISE 11 - NETWORK EXERCISE 11 - NETWORK CONFIGURATIONCONFIGURATION
EXERCISE 11 - NETWORK EXERCISE 11 - NETWORK CONFIGURATIONCONFIGURATION
EXERCISE 11 - NETWORK EXERCISE 11 - NETWORK CONFIGURATIONCONFIGURATION
REFERENCEREFERENCE
• Web:Web:
http://www.webmin.comhttp://www.webmin.com
• Books:Books:
webmin - joe coperwebmin - joe coperwebmin - jamiecameronwebmin - jamiecameron
THANK YOUTHANK YOUBY BYBY
ARAVINDAN ARUNARAVINDAN ARUN