Upon first install Virtualmin, you will need to set a few configuration parameters:
- I recommend running Clam and SpamAssassin as servers, if you handle email. If you delegate all email to a separate server, leave these off.
We will be disabling root login to webmin / virtualmin. Start by creating an administration group:
From the Virtualmin control panel, click at the top: Webmin
Open the webmin drop-down on the left
Click Webmin Users
Under Webmin Groups, click Create a new Webmin group
Call it "admins" or "devel" or as you wish. There is a Select All link at the bottom of the list of permissions; use it.
Back on the Webmin User panel, click Convert Unix users to Webmin users
Click in the radio-button for "Users with group" and put "wheel" into the box (see previous post, where we set our administrator users into the wheel group)
The default should be to use Unix authentication for the Webmin users. That means, resetting your Unix password will update your Webmin login as well.
Logout of Webmin and then back in with your username. Go back to Webmin Users and click on the 'root' user in the list of users. Set the password to "No password accepted" and voilá, your Webmin is now a little more secure.
Disabling Unused Cronjobs
CentOS in particular puts unwanted tasks in the cron entries. They do not appear in the 'crontab' proper but in /etc/cron.daily and /etc/cron.hourly. Rename these files to be their hidden dotfile equivalents:
cron.daily/.00webalizer cron.daily/.freshclam cron.daily/.makewhatis.cron cron.hourly/.awstats
Otherwise, awstats will run every hour for every domain, regardless of the settings you make in Virtualmin. Also I disabled 'makewhatis' 'webalizer' and 'freshclam' as I am not using them.