There are lot's of Webmin modules which rarely have practical use and most probably they are for home users. However, in most cases we use Webmin/Virtualmin to manage our servers, not home computers, and it is really important to get rid off all unnecessary modules that are automatically installed, loaded into memory and are just sitting there and consuming server resources for no purpose.
So I would suggest to reconfigure the Virtualmin installation script in such a way that it does not load the following modules by default, leaving them available in Webmin's repository (http://www.webmin.com/standard.html), so that whoever needs could pull and enable them any time.
CD Burner
Jabber IM Server
Java File Manager (because we already have excellent File Manager module)
PPP Dialin Server
PPP Dialup Client
Printer Administration
Samba Windows File Sharing
Voicemail Server
And these are just several modules that any Virtualmin server located in remote data-center simply does not need at all.
You would need some of the following Webmin modules If you are building more complex and sophisticated setup, but chances are you never use some of the following modules that have been loaded to your system by Virtualmin installation script:
Virtualmin Mailman, QMail Mail Server (because we use Postfix and Dovecot), ADSL Client, Bacula Backup System (not sure if this one does have anything with Virtualmins in-house backup system), Exim Mailserver (because we use Postfix and Dovecot), Fail2Ban Intrusion Detector, Heartbeat Monitor, IPsec VPN Configuration, Kerberos5, LDAP Client, LDAP Server, LDAP Users and Groups, Linux Firewall , Linux IPv6 Firewall , Linux RAID , Log File Rotation , Logical Volume Management , MIME Type Programs , MON Service Monitor , MySQL Database Server , NFS Exports , NIS Client and Server , Network Configuration , Network Services , Network Services and Protocols , OpenSLP Server , PAM Authentication , PHP Configuration , PHP Pear Modules , PPTP VPN Client , PPTP VPN Server , Partitions on Local Disks , Perl Modules , Postfix Mail Server , PostgreSQL Database Server , ProFTPD Server , Procmail Mail Filter , Protected Web Directories , Read User Mail , Ruby GEMS , Running Processes , SMART Drive Status , SSH Login , SSH Server , SSL Tunnels , Scheduled Commands , Scheduled Cron Jobs , Scheduled Webmin Functions , Sendmail Mail Server , Shoreline Firewall , Shorewall6 Firewall, Software Package Updates , Software Packages , SpamAssassin Mail Filter , Squid Proxy Server , Squid Report Generator , System Documentation , System Logs , System Logs NG , System Status , System Time , System and Server Status , TCP Wrappers , Text Login , Traffic Monitoring , Upload and Download, WU-FTP Server , Webalizer Logfile Analysis , iSCSI Client , iSCSI Server , iSCSI TGTd , iSCSI Target , idmapd daemon.
Comments
Submitted by yngens on Wed, 11/02/2016 - 15:27 Comment #1
Submitted by andreychek on Wed, 11/02/2016 - 16:14 Comment #2
Jamie will be able to comment on this more, but I'll offer that most of those modules appear to be standard Webmin modules. That is, they aren't being installed individually -- instead, those are all part of a standard Webmin installation.
Submitted by JamieCameron on Wed, 11/02/2016 - 23:11 Comment #3
That's correct, they are part of the standard Webmin distribution. They should be hidden under the "Un-used modules" directory though.
Submitted by yngens on Thu, 11/03/2016 - 01:21 Comment #4
I understand they are part od standard Webmin distribution. So can you change the standard Webmin distribution, which mostly used on a remote data-center servers not to include at least modules in the upper list? I mean who would really need things like CD Burner, Voicemail Server or Printer Administration on a web hosting server? And those rare cases when they need they can easily download from the repository and install them.
Submitted by JamieCameron on Thu, 11/03/2016 - 23:24 Comment #5
In theory yes ... but since they are mostly hidden, it keeps packaging simpler for us to still include them.
Submitted by yngens on Sun, 09/03/2017 - 19:51 Comment #6
Is there a way to disable Webmin modules from CLI? We'd like to script disabling Fail2ban as we use another firewall and do not need it installed by default.
Submitted by JamieCameron on Mon, 09/04/2017 - 12:34 Comment #7
There's no API command, but you could write a script which edits /etc/webmin/webmin.acl
Submitted by yngens on Mon, 09/04/2017 - 13:16 Comment #8
So would it suffice for such a script to just remove fail2ban from the list after installation of Virtualmin and restart webmin or something else also should be done?
Submitted by JamieCameron on Mon, 09/04/2017 - 15:17 Comment #9
Yes, that's all you'd need to do. The script could be as simple as :
sed -e 's/fail2ban//' -i /etc/webmin/webmin.aclSubmitted by andreychek on Mon, 09/04/2017 - 16:12 Comment #10
Submitted by yngens on Sun, 10/21/2018 - 04:04 Comment #11
Unfortunately, I have to re-open this, because after disabling fail2ban in the suggested above way and also running
systemctl mask fail2ban && systemctl stop fail2ban, we still regularly get:/etc/cron.daily/logrotate:
ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
because the
/etc/logrotate.ddirectory contains entry for fail2ban.Only the
yum remove fail2ban*command properly removes all the occurrences of undesired package from the system. But then the next *min release will install fail2ban again, won't it?I know the recommended way is just to disable the undesired package, but as you can see there are traces like in
/etc/logrotate.dwhich are still enabled. So I would really appreciate if you, guys, found and suggested the ideal way of permanently disabling undesired Webmin modules.Submitted by andreychek on Sun, 10/21/2018 - 08:33 Comment #12
Submitted by JamieCameron on Sun, 10/21/2018 - 20:13 Comment #13
Regarding comment #11 - those errors are coming from
fail2banitself, which is completely separate from the webmin module for it. You should be able to remove thefail2banpackage even if the webmin module is still installed.Submitted by yngens on Mon, 10/22/2018 - 05:54 Comment #14
That's the most important thing I needed to know. For some reason I had an impression that Webmin modules would install relevant OS packages with every update. If that's not the case then we will just remove all the unnecessary packages from OS without minding Webmin modules to still hang there disabled.
Webmin has no dependencies on the services it manages. Virtualmin uses yum groups and dependency resolution to install various stuff, but fail2ban is a "default" dependency, and not "required", so the package can be removed.
The Webmin modules are part of the Webmin package, though most of those could probably be removed from Webmin's default package in general (and probably should be, since realistically there aren't a lot of PPP dial-in or Jabber servers still in operation). Printer and Samba need to stay, though, as lots of folks still use those, I think (certainly Samba).
Submitted by yngens on Fri, 05/17/2019 - 04:31 Comment #16