Webserver security and access with hostname only

Help! (Home for newbies)
1
SYSTEM INFORMATION
OS type and version Ubuntu 22.04 and Almalinux 9
Virtualmin version 7.9.0

Hi, I am new with webmin/virtualmin and would like some help with server security.

  1. Disabling ssh root access is possible via UI? Can we add a new user with sudo access?
  2. Can we disable ip based login and use hostname with SSL only to access the webmin server?

as a single user, what steps i can take to protect it? I am getting thousands of failed login with SSH from chinese bots.

Thanks.

2

image
image1233×634 111 KB

Yes, figure out what the sudo group is on your system. On an Ubuntu 20.04 system that’s:

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo	ALL=(ALL:ALL) ALL

Either, admin or sudo, but sudo is probably the right group. Add that as a secondary group to the user you create in Webmin->System->Users and Groups module.

Not that I’m aware of. But, if SSL is enabled, users will always get an SSL connection; they’ll get a certificate warning if they try to connect on an IP. Just don’t hand out the IP, always point people at the name you want them to use.

1 Like