this is my first post here. coming from a previous experience with plesk CPs, I find virtualmin very refreshing.
i installed virtualmin on a fresh centos 5.4 box. i then installed (via SSH), CSFirewall. I have a couple questions:
A) I am not sure if I jumped the gun: does Webmin come with CSF preinstalled? If yes, did I damage anything by re-installing it via command line? Do I need to uninstall it via the command line?
B) Do I need to install a module to control CSF via webmin or is it done via IPtables (Networking/Linux Firewall) ?
C) This box will only run HTTP, FTP, and deliver outbound mail for a few of my own sites. Is there a sample config file I could “borrow” from someone/somewhere?
Unrelated to the firewall situation, it doesnt seem that php is enabled in fast-cgi mode. How would do that?
THANKS in advance.
Webmin/Virtualmin doesn’t install or setup any sort of firewall by default.
I don’t know anything about CSF, but I’m not aware of a module for it. And you’d need a module of some sort in order to configure it from within the GUI
If you look in Webmin -> Networking, you’ll see an option called “Linux Firewall” that allows you to configure IPTables.
It also comes with a module for Shorewall. You could always search around the Net to see if someone created a third party module for configuring CSF.
As far as a sample config goes – are you referring to a firewall config?
I don’t have a sample to provide, but you’d want to make sure you had ports 80 and 443 open for web traffic, port 10000 open for Webmin/Virtualmin, and port 22 for SSH.
Lastly – by default, Virtualmin Pro uses PHP in fcgid mode, the GPL version uses mod_php. In the GPL version, you’d have to do some manual configuration to get it working with fcgid.
Version 3.78 of Virtualmin GPL, which should be released any day now, will come with fcgid enabled by default, just like Pro.
yes, i am referring to the firewall config. I don’t even need 443, but I will need some outbound port for delivering mail. i will figure out what range postfix uses.
as for fcgid, I guess I will just wait for 3.78… trying to keeping fiddling to a minimum here.
I have CSF (ConfigServer Security & Firewall) installed in a Virtualmin server. There is “UI Integration for cPanel, DirectAdmin and Webmin” as they state in their website:
I had it since my CPanel times, so I was to happy to see that they support Webmin/Virtualmin. Very valuable feature, many updates and the best of all: it’s free.
In their install.txt you can find some info on installing the Webmin module:
To install or upgrade the csf webmin module:
- Install csf as above
- Install the csf webmin module in:
Webmin > Webmin Configuration > Webmin Modules > From local file > /etc/csf/csfwebmin.tgz > Install Module
After you install the module, you can simply log in to Virtualmin, chick on Webmin (top left) and then: System > ConfigServer Security & Firewall
CSF is a must for every server imho
I had been running CSF integrated into Virtualmin in the past. After using it for 2 years I decided it was time to learn more about network security and really found that there are better things.
If your running a Linux 2.6.x machine. I would highly recommend using the Virtualmin functionality to help configure IPTables properly. The Linux kernel built-in firewall has excellent performance and is very stable.
If you want additional security you should use a proper Intrusion Detection System(IDS) & Intrusion Prevention System(IPS) like Snort & OSSEC respectively. Both are very configurable, but it can be a bit of a learning curve to get to know them (but well worth the effort in my opinion!).
If that sounds a little too much for you then stick to CSF, as its much easier to install and configure
In addition to CSF, I am also looking at Atomic Secured Linux (http://www.atomicorp.com/wiki/index.php/ASL) an all inclusive security platform. It has, among other things, IDS and IPS.
I’ve looked into Atomic Secured Linux in the past but hadn’t really liked some of the things they’ve chosen to implement. Some popular UNIX distros with reasonably more secure default settings are Fedora and FreeBSD.
But realistically, UNIX/Linux in general can be very secure when configured correctly it’s up to the system administrator when it comes to system security
This directory has changed in response to ‘blehhh’s’ comment
Webmin Module Installation/Upgrade
To install or upgrade the csf webmin module:
Install csf as above
Install the csf webmin module in:
Webmin > Webmin Configuration > Webmin Modules >
From local file > /usr/local/csf/csfwebmin.tgz > Install Module
Removing csf and lfd is even more simple: