2 Security tweaks to enhance Webmin

Webmin is a web-based interface for system administration for Unix and Linux based systems. Using a web browser, you can setup user accounts, web services, DNS, file sharing and much more. In a nutshell Webmin removes the need to manually edit configuration files and lets you manage a system from the console or remotely.

Tweak #1 — Change Webmin port

By default, Webmin operates on port 10000. This can be a security vulnerability. Therefore, it is highly recommended that you change the Webmin port and make it listen on something other than port 10000. You can choose any available random port between 1024 and 65535.

If you don't know which ports are available on your system, you can find out which ports are already in use using the following command:

root@webmin# netstat -tulpn

Once you have decided on which port number you wish to use, either use a terminal session or the Webmin web interface to change the default port to your desired value. In this example we are changing the default port from 10000 to 11000

Change port using terminal

  1. Login to your Webmin server, and switch user to root
  2. Stop Webmin services. For example:
    root@webmin# /etc/init.d/webmin stop
    Stopping Webmin server in /usr/share/webmin
  3. Using your favourite text editor, edit the Webmin server configuration file (/etc/webmin/miniserv.conf). For example:
    root@webmin# vi /etc/webmin/miniserv.conf
  4. Find the line port=10000, and change the value 10000 to your new port number. In or example we are using port 11000:
    From:
    port=10000
    To:
    port=11000
  5. Save your changes, and exit your text editor
  6. Restart Webmin services. For example:
    root@webmin# /etc/init.d/webmin start
    Starting Webmin server in /usr/share/webmin
  7. You can now access Webmin using your newly assigned web port via your favourite web browser. For example: https://10.10.0.12:11000.

Change port using web browser

  1. Using your favourite web browser, login to your Webmin panel
  2. Expand Webmin and select Webmin Configuration
  3. Click in Ports and Addresses
  4. Change Listen on port and change the port number. In or example we will use port 11000: Webmin ports and addresses
  5. Click Save.
  6. You can now access Webmin using your newly assigned web port via your favourite web browser. For example: https://10.10.0.12:11000.

Tweak #2 — Disable Webmin SSL if using Apache

By default Webmin enables SSL and uses it's own SSL certificates. However, if you are running Webmin via the Apache web server, then Webmin security can be enhanced by using Apache built in SSL module.

Disable Webmin SSL using terminal

  1. Login to your Webmin server, and switch user to root
  2. Stop Webmin services. For example:
    root@webmin# /etc/init.d/webmin stop
    Stopping Webmin server in /usr/share/webmin
  3. Using your favourite text editor, edit the Webmin server configuration file (/etc/webmin/miniserv.conf). For example:
    root@webmin# vi /etc/webmin/miniserv.conf
  4. Find the line ssl=1, and change the value 1 to 0
    From:
    ssl=1
    To:
    ssl=0
  5. Save your changes, and exit your text editor
  6. Restart Webmin services. For example:
    root@webmin# /etc/init.d/webmin start
    Starting Webmin server in /usr/share/webmin
  7. Access Webmin using your favourite web browser. For example: https://10.10.0.12:11000.

Changing SSL using web browser