Paul Brennan's picture

Sorry in advance if this is a dumb question.  The main reason I am trying to use Turnkey is I really don't know much about Linux.

I saw an update available to webmin when I logged in and a message saying this would be the last update for this version as a new version (1.6) was available.

I tried running a few software updates but nothing was available. 

So my question is, how do I update webmin?

Thanks in advance



Jeremy Davis's picture

Unless there is a bug or a feature missing then I wouldn't worry about it. Remember this is a server, not a desktop system...

Paul Brennan's picture

Well I guess there will come a time that a security flaw is exposed (as is common with Open Source software) and I will need to upgrade, so before that time comes I'd like to have an idea of how to achieve it, so as to minimise my exposure when the flaw is all over the net.

Jeremy Davis's picture

It is just that they usually become public knowledge sooner (due to the open nature of the source code). And following on from that they usually get fixed quicker (because anyone with the technical knowhow can provide the fix). If you look at security vulnerabilities by product, you can see that, yes open source software is well represented, but many popular proprietry products also suffer significant security vulnerabilties. Unlike open source software though, the only remedy you have is to not use the software until it is fixed. 

So there is a chance that a security bug occurs in Webmin, but I have been using TKL (and have been an active member of the community for about 5 years and am unaware of any Webmin security exploits that have caused a TKL user grief. Obviously that doesn't mean that it can't or won't (or even hasn't) happened. But I think it's a pretty good track record. And if you look at the security vulnerabilities of Webmin they require fairly elaborate and targetted exploits.

If you are particularly worried about the security of Webmin then perhaps the best thing to do would be to not have it running. I would also stop WebShell too and disable passwords altogether. Using SSH with keys (rather than a password) is much more secure. Even if you want to use Webmin, I recall another particularly security concious TKL user who would log in via SSH, start Webmin, use it for whatever task at hand, then shut it down again.

If you still want Webmin running all the time and decide that you need to update it sooner than the devs do, then you could do that yourself (ie manually). Possibly the best way would be to uninstall it, and then install directly from upstream (ie Webmin themselves), IIRC they have a .deb you can download and install with dpkg.

Paul Brennan's picture

Firstly thanks for the time to respond.

As I mentioned previously, whilst I am comfrotable with many forms of system, LINUX is just not one of them.  This is the main reason I have sought a package such as Turnkey with the GUI management tool in order to provide the solution I need.

Yes, I take your point that I could disable certain services (i would need to google how to do this, but don't see this as too much of a challenge), but if I wanted to continue hosting whatever service it is on this platform I would really need some way of updating all aspects of the system, including any GUI.

I would really help people like me (and again for clarification purpose I would class myself as technical - I am a Cisco Certified Network Engineer with many additional security related qualification, but in all honesty I don't have the time to learn LINUX) to have some automated update, or at least perhaps some kind of documentation on how to upgrade components.


Add new comment