Installing Webmin on a Linux Systems - Paiet/SEC-440-Webmin GitHub Wiki

Installing Webmin on a Debian-based system, such as Ubuntu or Linux Mint, is EZ-PZ because we can rely on the excellent package management system -- Advanced Packaging Tool (APT). APT resolves and installs dependencies automatically and ensures that Webmin will be updated automatically when performing a system update.

So, Nick. How do we do that..?

Well, I'm glad you asked. To install Webmin, first, perform the following steps:

  1. Webmin is not part of the standard Debian package repository, so your first step will be to add the URL of Webmin's repository to your package sources file. Open the /etc/apt/sources.list file in a text editor and add the following lines to it:
deb http://download.webmin.com/download/repository sarge contrib 
deb http://webmin.mirror.somersettechsolutions.co.uk/repositor y sarge contrib
  1. We also need to add the GPG key with which Webmin's repository is signed to the list of keys used by APT to authenticate packages. This can be done by issuing the following command: $ wget -qO sudo apt-key - http://www.webmin.com/jcameron-key.asc add - |
  2. You can now refresh the APT cache to include the contents of Webmin's repository. This is done with the following command: $ sudo apt-get update
  3. With these preliminaries out of the way, you can install Webmin with the following command: $ sudo apt-get install webmin

So, how does this all work exactly..?

Yet, another great question. Webmin provides an online repository with DEB installation packages compatible with Debian-based systems. We need to give our system the address of this repository to take advantage of it. The list of available repositories is kept in the /etc/apt/sources.list file as well as other *.list files stored in the /etc/apt/source.list.d/ directory.

Every package is cryptographically signed to ensure that even if someone breaks into the repository and uploads a package pretending to be Webmin, we don't install it accidentally. We downloaded the public GPG key needed to verify this signature using wget and added it to our list of trusted keys by using the apt-key add command. GNU Privacy Guard (GPG) is an open-source alternative to Pretty Good Privacy (PGP), a cryptographic software suite that provides encryption and authentication functions. Every Webmin package contains a GPG cryptographic signature, which could only be generated using a private key kept secret by Webmin's author Jamie Cameron. A corresponding public key, which is made freely available, may be used to verify that the signature was generated using that private key. If a single bit of the package code were modified after the package was signed, the signature would no longer match. This ensures that nobody tampers with Webmin on its way between the author and your system. APT checks the signature automatically. We need to provide it with Webmin's public key.