KBTAG: kben10000044
URL: http://www.securityportal.com/lskb/10000000/kben10000044.html
Date created: 03/07/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: WWW based administrative tools for Linux
Keywords: Administration/Tools
There are a number of WWW based admin tools for Linux. The advantage being that access to the WWW is becoming very universal (phones, palm pilots, kiosks, etc.) so you can administer your system while on the go.
Webmin
Webmin is one of the better remote administration tools for Linux, written primarily in Perl it is easy to use and easy to setup. You can assign different 'users' (usernames and passwords are held internally by webmin) varying levels of access, for example you could assign bob access to shutdown the server only, and give john access to create/delete and manipulate users only. In addition to this it works on most Linux platforms and a variety of other UNIX platforms. The main 'problem' with webmin is somewhat poor documentation in some areas of usage, and the fact that the username/password pair are sent in clear text over the network unless you specifically install and enable SSL encryption, (this is minimized slightly by the ability to grant access to only certain hosts(s) and networks). Most importantly it makes the system more accessible to non-technical people who must administer systems in such a way that you do not have to grant them actual accounts on the server. Webmin is available at: http://www.webmin.com/webmin/, and is currently free. Documentation on how to install SSL support for Webmin is at: http://www.webmin.com/webmin/ssl.html. Webmin defaults to running on port 10000 and should be firewalled:
ipfwadm -I -a accept -P tcp -S 10.0.0.0/8 -D 0.0.0.0/0 10000
ipfwadm -I -a accept -P tcp -S some.trusted.host -D 0.0.0.0/0
10000
ipfwadm -I -a deny -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 10000
or in ipchains:
ipchains -A input -p all -j ACCEPT -s 10.0.0.0/8 -d 0.0.0.0/0
10000
ipchains -A input -p all -j ACCEPT -s some.trusted.host -d
0.0.0.0/0 10000
ipchains -A input -p all -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 10000
Linuxconf
Linuxconf is a general purpose Linux administration tool that is usable from the command line, from within X, or via it's built in www server. It is my preferred tool for automated system administration (I primarily use it for doing strange network configurations), as it is relatively light from the command line (it is actually split up into several modules). From within X it provides an overall view of everything that can be configured (PPP, users, disks, etc.). To use it via a www browser you must first run Linuxconf on the machine and add the host(s) or network(s) you want to allow to connect (Conf > Misc > Linuxconf network access), save changes and quit. Then when you connect to the machine (by default Linuxconf runs on port 98) you must enter a username and password. By default Linuxconf only accepts root as the account, and Linuxconf doesn't support any encryption (it runs standalone on port 901), so I would have to recommend very strongly against using this feature across networks unless you have IPSec or some other form of IP level security. Linuxconf ships with Red Hat Linux and is available at: http://www.solucorp.qc.ca/linuxconf/. Linuxconf also doesn't seem to ship with any man pages/etc, the help is contained internally which is slightly irritating.
COAS
The COAS project (Caldera Open Administration System) is a very ambitious project to provide an open framework for administering systems, from a command line (with semi graphical interface), from within X (using the qt widget set) to the web. It abstracts the actual configuration data by providing a middle layer, thus making it suitable for use on disparate Linux platforms. Version 1.0 was just released, so it looks like Caldera is finally pushing ahead with it. The COAS site is at: http://www.coas.org/.
WebRAT
WebRAT is a web based administration tool for networks. You can get it at: http://hq.hellug.gr/~webrat/.