Securing WebMin on Ubuntu: Best Practices for Localhost Access & SSH Tunneling


2 views

To restrict WebMin access to localhost only, modify the WebMin configuration file:

sudo nano /etc/webmin/miniserv.conf

Find and update these parameters:

bind=127.0.0.1
allow=127.0.0.1
deny=all

Then restart WebMin:

sudo service webmin restart

Create an SSH tunnel from your local machine:

ssh -L 10000:localhost:10000 user@your-server-ip -N

Now access WebMin securely through your browser at:

https://localhost:10000

1. Change Default Port:

port=12345  # In miniserv.conf

2. Enable Two-Factor Authentication:

sudo /usr/share/webmin/authentic-theme/setup.pl 2fa

3. Configure Fail2Ban:

[webmin-auth]
enabled = true
filter = webmin-auth
port = 10000
logpath = /var/webmin/miniserv.log
maxretry = 3

4. Implement SSL Certificate:

ssl=1
ssl_cert_file=/path/to/cert.pem
ssl_key_file=/path/to/key.pem

For Ubuntu's UFW firewall:

sudo ufw deny 10000/tcp
sudo ufw allow from 127.0.0.1 to any port 10000

Set up log monitoring with this shell command:

sudo tail -f /var/webmin/miniserv.log | grep -i 'failed\|denied'

To restrict Webmin access to localhost only, modify the Webmin configuration file:


sudo nano /etc/webmin/miniserv.conf

Find and update these directives:


allow=127.0.0.1
listen=127.0.0.1 10000

Restart Webmin to apply changes:


sudo service webmin restart

Create a secure tunnel from your local machine:


ssh -L 10000:localhost:10000 user@your-server-ip -N

Now access Webmin through your local browser at:


https://localhost:10000

1. Fail2Ban Integration:


sudo apt-get install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Add this section to /etc/fail2ban/jail.local:


[webmin-auth]
enabled  = true
port     = 10000
filter   = webmin-auth
logpath  = /var/log/auth.log
maxretry = 3

2. Two-Factor Authentication:


sudo apt-get install libpam-google-authenticator

Edit /etc/pam.d/webmin:


auth required pam_google_authenticator.so

Block external access to Webmin port:


sudo ufw deny 10000
sudo ufw enable

Set up log monitoring with this cron job:


sudo crontab -e

Add this line:


0 * * * * grep 'Failed password' /var/log/auth.log | mail -s "Webmin Login Attempts" admin@example.com