installing webmin

Now we got the basic setup done i install Webmin to make life a bit easier.

first login to server and become root, then i do

wget http://prdownloads.sourceforge.net/webadmin/webmin-1.500-1.noarch.rpm

this will download the webmin rpm (check if their is a newer version first)
then we install it

rpm -U webmin-1.500-1.noarch.rpm

The rest of the install will be done automatically to the directory /usr/libexec/webmin, the administration username will be set to "root" and the password to your current "root password". You should now be able to login to Webmin at the URL http://192.168.0.200:10000/ (change the ip to whatever you use).

Now we need to change a few settings to make it a bit more secure, this can all be done from webmins admin page. So go to http://192.168.0.200:10000/ and login.
the first thing i do is force webmin to use SSL, on the left menu click "webmin" then click "Webmin Configuration" you should now see something like this in the main window

select "SSL Encryption" and set "Enable SSL if available?" to yes, then click "save". You will have to accept the self-signed SSL certificate.

Next i go to "Authentication" and set the options to your liking, here's what i use.

Then go to "Ports and Addresses" and change the port used to connect (make sure nothing else uses the port you pick).

As you can see i force Webmin to only listen on IP:192.168.0.200 and port:10542, once you have done this the link to connect to webmin has changed it now becomes https://192.168.0.200:10542/

If your really want to lock down who can login to webmin you can do this by restricting the ip's that can login, this can be done in "IP Access Control".
I don't use this method as i access webmin from loads of different places plus other people i give access to have dynamic ips that are always changing.

Finally i setup the Firewall, on the left menu select "Networking" then "Linux Firewall" the first rule i setup is to always allow my ip (so i can't be locked out) and the second is to allow SSH, to do this look for the part that is listed as "Incoming packets (INPUT)" (should be the top section) and click "Add Rule" on the next page you put in what you want.

The above picture will always allow my ip to have access but only if i make sure its at the top of the list on the main page.
The firewall rules work from the top down so if you have a rule that allows access to port 80 as rule 1 and a rule to block an ip address below as rule 2 the ip will only be blocked if it tries to access anything other than port 80.
Now add other rules to allow access to any services you are using i.e ssh, http, https, smtp, pop3, imap, ftp. Once all the rules you want are added click "Apply Configuration" to make them permanent.

I also change the default port numbers for SSH and FTP, you can find the settings for this in their own section.