Prevent unnecessary Webmin modules from auto-installing

There are lot's of Webmin modules which rarely have practical use and most probably they are for home users. However, in most cases we use Webmin/Virtualmin to manage our servers, not home computers, and it is really important to get rid off all unnecessary modules that are automatically installed, loaded into memory and are just sitting there and consuming server resources for no purpose.

So I would suggest to reconfigure the Virtualmin installation script in such a way that it does not load the following modules by default, leaving them available in Webmin's repository (http://www.webmin.com/standard.html), so that whoever needs could pull and enable them any time.

CD Burner
Jabber IM Server
Java File Manager (because we already have excellent File Manager module)
PPP Dialin Server
PPP Dialup Client
Printer Administration
Samba Windows File Sharing
Voicemail Server

And these are just several modules that any Virtualmin server located in remote data-center simply does not need at all.

You would need some of the following Webmin modules If you are building more complex and sophisticated setup, but chances are you never use some of the following modules that have been loaded to your system by Virtualmin installation script:

Virtualmin Mailman, QMail Mail Server (because we use Postfix and Dovecot), ADSL Client, Bacula Backup System (not sure if this one does have anything with Virtualmins in-house backup system), Exim Mailserver (because we use Postfix and Dovecot), Fail2Ban Intrusion Detector, Heartbeat Monitor, IPsec VPN Configuration, Kerberos5, LDAP Client, LDAP Server, LDAP Users and Groups, Linux Firewall , Linux IPv6 Firewall , Linux RAID , Log File Rotation , Logical Volume Management , MIME Type Programs , MON Service Monitor , MySQL Database Server , NFS Exports , NIS Client and Server , Network Configuration , Network Services , Network Services and Protocols , OpenSLP Server , PAM Authentication , PHP Configuration , PHP Pear Modules , PPTP VPN Client , PPTP VPN Server , Partitions on Local Disks , Perl Modules , Postfix Mail Server , PostgreSQL Database Server , ProFTPD Server , Procmail Mail Filter , Protected Web Directories , Read User Mail , Ruby GEMS , Running Processes , SMART Drive Status , SSH Login , SSH Server , SSL Tunnels , Scheduled Commands , Scheduled Cron Jobs , Scheduled Webmin Functions , Sendmail Mail Server , Shoreline Firewall , Shorewall6 Firewall, Software Package Updates , Software Packages , SpamAssassin Mail Filter , Squid Proxy Server , Squid Report Generator , System Documentation , System Logs , System Logs NG , System Status , System Time , System and Server Status , TCP Wrappers , Text Login , Traffic Monitoring , Upload and Download, WU-FTP Server , Webalizer Logfile Analysis , iSCSI Client , iSCSI Server , iSCSI TGTd , iSCSI Target , idmapd daemon.

Status: 
Active

Comments

Jamie will be able to comment on this more, but I'll offer that most of those modules appear to be standard Webmin modules. That is, they aren't being installed individually -- instead, those are all part of a standard Webmin installation.

That's correct, they are part of the standard Webmin distribution. They should be hidden under the "Un-used modules" directory though.

I understand they are part od standard Webmin distribution. So can you change the standard Webmin distribution, which mostly used on a remote data-center servers not to include at least modules in the upper list? I mean who would really need things like CD Burner, Voicemail Server or Printer Administration on a web hosting server? And those rare cases when they need they can easily download from the repository and install them.

In theory yes ... but since they are mostly hidden, it keeps packaging simpler for us to still include them.

Is there a way to disable Webmin modules from CLI? We'd like to script disabling Fail2ban as we use another firewall and do not need it installed by default.

There's no API command, but you could write a script which edits /etc/webmin/webmin.acl

So would it suffice for such a script to just remove fail2ban from the list after installation of Virtualmin and restart webmin or something else also should be done?

Yes, that's all you'd need to do. The script could be as simple as :

sed -e 's/fail2ban//' -i /etc/webmin/webmin.acl
Status: Active » Closed (works as designed)

Unfortunately, I have to re-open this, because after disabling fail2ban in the suggested above way and also running systemctl mask fail2ban && systemctl stop fail2ban, we still regularly get:

/etc/cron.daily/logrotate:

ERROR  Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

because the /etc/logrotate.d directory contains entry for fail2ban.

Only the yum remove fail2ban* command properly removes all the occurrences of undesired package from the system. But then the next *min release will install fail2ban again, won't it?

I know the recommended way is just to disable the undesired package, but as you can see there are traces like in /etc/logrotate.d which are still enabled. So I would really appreciate if you, guys, found and suggested the ideal way of permanently disabling undesired Webmin modules.

Regarding comment #11 - those errors are coming from fail2ban itself, which is completely separate from the webmin module for it. You should be able to remove the fail2ban package even if the webmin module is still installed.

You should be able to remove the fail2ban package even if the webmin module is still installed.

That's the most important thing I needed to know. For some reason I had an impression that Webmin modules would install relevant OS packages with every update. If that's not the case then we will just remove all the unnecessary packages from OS without minding Webmin modules to still hang there disabled.

Joe's picture
Submitted by Joe on Mon, 10/22/2018 - 13:23 Pro Licensee

Webmin has no dependencies on the services it manages. Virtualmin uses yum groups and dependency resolution to install various stuff, but fail2ban is a "default" dependency, and not "required", so the package can be removed.

The Webmin modules are part of the Webmin package, though most of those could probably be removed from Webmin's default package in general (and probably should be, since realistically there aren't a lot of PPP dial-in or Jabber servers still in operation). Printer and Samba need to stay, though, as lots of folks still use those, I think (certainly Samba).