Paul Brennan's picture

Sorry in advance if this is a dumb question.  The main reason I am trying to use Turnkey is I really don't know much about Linux.

I saw an update available to webmin when I logged in and a message saying this would be the last update for this version as a new version (1.6) was available.

I tried running a few software updates but nothing was available. 

So my question is, how do I update webmin?

Thanks in advance

 

Paul

Forum: 
Jeremy Davis's picture

Unless there is a bug or a feature missing then I wouldn't worry about it. Remember this is a server, not a desktop system...

Paul Brennan's picture

Well I guess there will come a time that a security flaw is exposed (as is common with Open Source software) and I will need to upgrade, so before that time comes I'd like to have an idea of how to achieve it, so as to minimise my exposure when the flaw is all over the net.

Jeremy Davis's picture

It is just that they usually become public knowledge sooner (due to the open nature of the source code). And following on from that they usually get fixed quicker (because anyone with the technical knowhow can provide the fix). If you look at security vulnerabilities by product, you can see that, yes open source software is well represented, but many popular proprietry products also suffer significant security vulnerabilties. Unlike open source software though, the only remedy you have is to not use the software until it is fixed. 

So there is a chance that a security bug occurs in Webmin, but I have been using TKL (and have been an active member of the community for about 5 years and am unaware of any Webmin security exploits that have caused a TKL user grief. Obviously that doesn't mean that it can't or won't (or even hasn't) happened. But I think it's a pretty good track record. And if you look at the security vulnerabilities of Webmin they require fairly elaborate and targetted exploits.

If you are particularly worried about the security of Webmin then perhaps the best thing to do would be to not have it running. I would also stop WebShell too and disable passwords altogether. Using SSH with keys (rather than a password) is much more secure. Even if you want to use Webmin, I recall another particularly security concious TKL user who would log in via SSH, start Webmin, use it for whatever task at hand, then shut it down again.

If you still want Webmin running all the time and decide that you need to update it sooner than the devs do, then you could do that yourself (ie manually). Possibly the best way would be to uninstall it, and then install directly from upstream (ie Webmin themselves), IIRC they have a .deb you can download and install with dpkg.

Add new comment