Archive

Archive for May, 2012

Webmin and TCP wrappers

May 13, 2012 5 comments

Reverend, reverend, is this a conspiracy?
Crucified for no things, an image beneath me
(Pantera – Cemetery Gates)

Eveyone knows what Webmin is… And Usermin. And Virtualmin. Those pesky anoying admin interfaces for people that don’t know shit about Unix administration. Those stuff should be forbidden by law on servers. But… there’s always someone who forces you to have webmin.

So, the other day, I got a request to limit access to set up Webmin from few FQDNs. Offcourse, ipfilter is out of the question, because you can’t have FQDN in your rules. iptables on Linux are also out, because they work on layer 3, and FQDNs are translated to IP addresses when you load your ruleset. So if for whatever reason (DynDNS being the obvious one) IP address changes, rule is obsolete. Every single admin out there must have thought of TCP wrappers by now…

But Webmin being Webmin, you have a problem that there is no documentation that tells you what Perl modules you need for what functionality. So, if you want SSL enabled, you have to have Net::SSLeay, otherwise you’ll never manage to enable SSL. This took me few hours to figure out. So, this time when I needed the TCP wrappers support, I knew what to look for.

Official Webmin documentation tells us that we can, but there is no such button on that page… Off we go to look for perl modules… So finally I found that Webmin needs libwrap which is provided by Authen::Libwrap module. So I used the build servers in my company, and produced perl-Authen-Libwrap RPM package 🙂 So all you folks out there using Webmin on CentOS/RHEL please don’t forget to:

# yum install perl-Net-SSLeay perl-Authen-Libwrap

PS. If anyone wants the package (Authen::Libwrap) it’s freely available from SRCE repositories:

ftp://ftp.srce.hr/srce-redhat

You’ll hopefully find some other cool stuff there too…

Advertisements
Categories: Linux Tags: , ,
%d bloggers like this: