This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Customizing WebAdmin Page to Distinguish Between Two UTMs?

Twice in the last year, I have accidentally shutdown the production (company) UTM when I meant to shutdown the home UTM. It is embarrassing, to say the least. The problem is that the WebAdmin user interfaces look so much like each other.

I tried changing the logo (Management->Customization). Unfortunately, it doesn't change the logo at the top left corner of the WebAdmin web pages. Of course the fine print text is different. If I really pay attention, I know which is which.

Does anyone have any suggestion on how to make the WebAdmin pages look different in a way that stands out and makes it obvious, even when I am not wearing my glasses?  :-(



This thread was automatically locked due to age.
Parents

  • Here is a summary of the three solutions I have found so far. The third solution shows how to edit the graphic images at the top of the WebAdmin page, but it comes with risks. Be sure you read everything carefully. I hope this helps someone.

    PROBLEM STATEMENT

    If you are managing multiple UTMs, the WebAdmin user interfaces look so much alike, that you can easily shutdown or make changes to the wrong UTM.

    OBJECTIVE

    Make the WebAdmin pages for each UTM distinct from one another, to reduce the chances that you might make a change to the wrong UTM.

    SOLUTIONS

    There are multiple solutions. Solutions 1 and 2 are simple and approved by Sophos. Solution 3 may void your Sophos UTM warranty - take care!

    1. Change the Web Page Title Bar that Appears in Your Browser.

    In WebAdmin, select Management -> WebAdmin Settings -> User Preferences -> WebAdmin Browser Title Customization. Change the title as desired. See the notes on the right to include hostname, username, and IP address. Click the Apply button.

    Pros: Simple. Sophos approved.

    Cons: The change is subtle and easily overlooked. Try UPPER CASE. My browser cuts off at only a few characters.

    2. Rearrange the Order of the Dashboard Columns

    In WebAdmin, select Dashboard. Click on the Settings (gear) icon in the upper right corner of the page. Use the checkboxes and up/down carats to rearrange the two columns so that each UTM is unique.

    Pros: Simple. May be more visible than a simple text change. Sophos approved.

    Cons: May not be as visible as you wish. If you have many UTMs, you may lose track of which configuration belongs to which UTM.

    3. Edit the Top Banner on the WebAdmin Pages

    Pros: Much more visible, depending on the changes you make.

    Cons: Complex procedure. May void your Sophos support and warranty.

    IMPORTANT NOTE: Paid licensees doing this procedure will void their support and warranty by making changes on the backend!! USE AT YOUR OWN RISK!

    If you ever need remote support from Sophos, be sure to change it back to the original logo first!

    Extra note: I submitted a support ticket request to change the file described below, and Sophos Support gave me permission to change it. It keeps our warranty and support intact. They did warn me that this change is not update-safe. You may have to repeat the procedure below after a UTM update.

    Procedure Notes:

    • I have a Mac and use the terminal (Unix commands). Linux commands should be identical.
    • The various SSH shell and terminal commands are case sensitive. Example: SSH -p and SCP -P both specify the port number, but the case is different.
    • If you are running Windows, you will need an SSH/SCP program. Vilic recommended WinSCP (winscp.net). Another popular program is PuTTY (www.chiark.greenend.org.uk/~sgtatham/putty/). Sorry but I do not remember the exact configurations and usage for those programs. It should be easy for an experienced user. Perhaps someone else can offer suggestions.
    • In the procedure below, I am going to assume that you want to edit the top left logo in the WebAdmin page. It seems like the best choice to me.
    • I used SCP to download and upload files. SFTP did not work.
    •  
    • This darn forum software inserts unwanted hypens at the end of some lines containing terminal commands. For terminal commands, remove hyphens, but only if they appear at the end of a line. It also removed all my bullets and left only the indentations, which really messes up readability. Doh! Sorry!

    PROCEDURE

    a. Enable SSH on your UTM. Management -> System Settings -> Shell Access.

    • Shell User Passwords: Leave blank. You will using a public key.
    • Allowed Networks: Internal (Network)   You may choose Any instead of Internal, but at your own peril and be sure you know what you are doing. That will allow someone from the Internet to access your UTM shell. Bad idea (tm).
    • Authentication:
      • Allow password authentication: Disabled/Unchecked.
      • Allow public key authentication: Enabled/Checked.
      • Allow root login: Root access but only with SSH key.
    • On your desktop computer, create a public/private key pair for SSH authentication. Load your public key only (do not include your private key) under Authorized Keys for root. This procedure is too complex to document here. Search for "Generate SSH Keys Mac" or "Generate SSH Keys WinSCP" or "Generate SSH Keys PuTTY"...
    • SSH Daemon Listen Port: User preference. The default port is 22, which is okay. I use a random high port (between 30000 and 49000). Others strongly recommend an unused well-known port (0-1023) for very good security reasons. Whichever port you choose, some people will agree and others will vehemently claim that you're an idiot.
    • Enable SSH shell access to "1" (on) by clicking the button in the upper right.
    • Test SSH to verify that you can connect. (The same as step b, below.)

    b. Open an SSH terminal session with your UTM.

    • Mac: ssh -p <UTMport> root@<UTM_URL>
    • Windows: Use WinSCP or PuTTY to connect using SSH. You should see the UTM SSH Shell, a Linux terminal window with a prompt.

    c. Change directory to where the top bar logos are stored:

    • UTM SSH Shell: cd /var/sec/chroot-httpd/var/webadmin/core/img/topbar/

    d. Copy the original file to a new file in the same directory to keep it safe:

    • UTM SSH Shell: cp -p topbar_left.png topbar_left_orig.png  (The "-p" preserves file dates, ownership, etc.)

    e. Leave the SSH Shell window open. Open a new separate terminal window for SCP, to copy the file to your local computer:

    • Mac: cd <local directory where you want your downloaded file to be saved>
    • Mac: scp -v -P <UTMport> root@<UTM_UTL>:/var/sec/chroot-httpd/var/webadmin/core/img/topbar/topbar_left_orig.png topbar_left_new.png
    • Windows: Use WinSCP or PuTTY to use the SCP protocol to download the topbar_left_orig.png file to your computer.

    f. Notice that the file on your local computer is named "topbar_left_new.png" (If it has not been renamed, rename it to "topbar_left_new.png" now.)

    g. Using your favorite graphic editor (GIMP, Photoshop, GraphicConverter, whatever) edit the new logo file. Do not change the dimensions of the image. I would leave the Sophos logos intact. I added bright red lettering with the company name below Sophos and UTM9.  

    h. Upload the edited file.

    • Mac: scp -v -P <UTMport> topbar_left_new.png root@UTM_URL:/var/sec/chroot-httpd/var/webadmin/core/img/topbar/topbar_left_new.png
    • Windows: Use WinSCP or PuTTY to use the SCP protocol to upload the topbar_left_new.png file to /var/sec/chroot-httpd/var/webadmin/core/img/topbar/topbar_left_new.png on the UTM.

    i. Go back to the SSH terminal session window that you opened in step b.

    j. Check that your files are there:

    • UTM SSH Shell: ls -l

    k. You should see all three files in the directory listing:

    • topbar_left_new.png
    • topbar_left_orig.png
    • topbar_left.png

    l. Copy your new, edited logo file to replace the current one:

    • UTM SSH Shell: cp -p topbar_left_new.png topbar_left.png

    m. Verify that the update now works. Open WebAdmin in your browser. If the logo has not changed, flush the cache in your browser, then try again.

    n. Unless you require it for other uses, disable SSH access to your UTM. Management -> System Settings -> Shell Access.

    • Click the SSH shell access button to "0" (off) by clicking the button in the upper right.

    To Restore the Original Logo:

    • Repeat steps a, b, and c, above.
    • Copy the original logo back: cp -p topbar_left_orig.png topbar_left.png
    • Repeat steps m and n, above.

    Good luck!

    (Edits: Added comment about searching the web to learn how to generate SSH keys, corrected left/right error on the position of the SSH access button.)

Reply

  • Here is a summary of the three solutions I have found so far. The third solution shows how to edit the graphic images at the top of the WebAdmin page, but it comes with risks. Be sure you read everything carefully. I hope this helps someone.

    PROBLEM STATEMENT

    If you are managing multiple UTMs, the WebAdmin user interfaces look so much alike, that you can easily shutdown or make changes to the wrong UTM.

    OBJECTIVE

    Make the WebAdmin pages for each UTM distinct from one another, to reduce the chances that you might make a change to the wrong UTM.

    SOLUTIONS

    There are multiple solutions. Solutions 1 and 2 are simple and approved by Sophos. Solution 3 may void your Sophos UTM warranty - take care!

    1. Change the Web Page Title Bar that Appears in Your Browser.

    In WebAdmin, select Management -> WebAdmin Settings -> User Preferences -> WebAdmin Browser Title Customization. Change the title as desired. See the notes on the right to include hostname, username, and IP address. Click the Apply button.

    Pros: Simple. Sophos approved.

    Cons: The change is subtle and easily overlooked. Try UPPER CASE. My browser cuts off at only a few characters.

    2. Rearrange the Order of the Dashboard Columns

    In WebAdmin, select Dashboard. Click on the Settings (gear) icon in the upper right corner of the page. Use the checkboxes and up/down carats to rearrange the two columns so that each UTM is unique.

    Pros: Simple. May be more visible than a simple text change. Sophos approved.

    Cons: May not be as visible as you wish. If you have many UTMs, you may lose track of which configuration belongs to which UTM.

    3. Edit the Top Banner on the WebAdmin Pages

    Pros: Much more visible, depending on the changes you make.

    Cons: Complex procedure. May void your Sophos support and warranty.

    IMPORTANT NOTE: Paid licensees doing this procedure will void their support and warranty by making changes on the backend!! USE AT YOUR OWN RISK!

    If you ever need remote support from Sophos, be sure to change it back to the original logo first!

    Extra note: I submitted a support ticket request to change the file described below, and Sophos Support gave me permission to change it. It keeps our warranty and support intact. They did warn me that this change is not update-safe. You may have to repeat the procedure below after a UTM update.

    Procedure Notes:

    • I have a Mac and use the terminal (Unix commands). Linux commands should be identical.
    • The various SSH shell and terminal commands are case sensitive. Example: SSH -p and SCP -P both specify the port number, but the case is different.
    • If you are running Windows, you will need an SSH/SCP program. Vilic recommended WinSCP (winscp.net). Another popular program is PuTTY (www.chiark.greenend.org.uk/~sgtatham/putty/). Sorry but I do not remember the exact configurations and usage for those programs. It should be easy for an experienced user. Perhaps someone else can offer suggestions.
    • In the procedure below, I am going to assume that you want to edit the top left logo in the WebAdmin page. It seems like the best choice to me.
    • I used SCP to download and upload files. SFTP did not work.
    •  
    • This darn forum software inserts unwanted hypens at the end of some lines containing terminal commands. For terminal commands, remove hyphens, but only if they appear at the end of a line. It also removed all my bullets and left only the indentations, which really messes up readability. Doh! Sorry!

    PROCEDURE

    a. Enable SSH on your UTM. Management -> System Settings -> Shell Access.

    • Shell User Passwords: Leave blank. You will using a public key.
    • Allowed Networks: Internal (Network)   You may choose Any instead of Internal, but at your own peril and be sure you know what you are doing. That will allow someone from the Internet to access your UTM shell. Bad idea (tm).
    • Authentication:
      • Allow password authentication: Disabled/Unchecked.
      • Allow public key authentication: Enabled/Checked.
      • Allow root login: Root access but only with SSH key.
    • On your desktop computer, create a public/private key pair for SSH authentication. Load your public key only (do not include your private key) under Authorized Keys for root. This procedure is too complex to document here. Search for "Generate SSH Keys Mac" or "Generate SSH Keys WinSCP" or "Generate SSH Keys PuTTY"...
    • SSH Daemon Listen Port: User preference. The default port is 22, which is okay. I use a random high port (between 30000 and 49000). Others strongly recommend an unused well-known port (0-1023) for very good security reasons. Whichever port you choose, some people will agree and others will vehemently claim that you're an idiot.
    • Enable SSH shell access to "1" (on) by clicking the button in the upper right.
    • Test SSH to verify that you can connect. (The same as step b, below.)

    b. Open an SSH terminal session with your UTM.

    • Mac: ssh -p <UTMport> root@<UTM_URL>
    • Windows: Use WinSCP or PuTTY to connect using SSH. You should see the UTM SSH Shell, a Linux terminal window with a prompt.

    c. Change directory to where the top bar logos are stored:

    • UTM SSH Shell: cd /var/sec/chroot-httpd/var/webadmin/core/img/topbar/

    d. Copy the original file to a new file in the same directory to keep it safe:

    • UTM SSH Shell: cp -p topbar_left.png topbar_left_orig.png  (The "-p" preserves file dates, ownership, etc.)

    e. Leave the SSH Shell window open. Open a new separate terminal window for SCP, to copy the file to your local computer:

    • Mac: cd <local directory where you want your downloaded file to be saved>
    • Mac: scp -v -P <UTMport> root@<UTM_UTL>:/var/sec/chroot-httpd/var/webadmin/core/img/topbar/topbar_left_orig.png topbar_left_new.png
    • Windows: Use WinSCP or PuTTY to use the SCP protocol to download the topbar_left_orig.png file to your computer.

    f. Notice that the file on your local computer is named "topbar_left_new.png" (If it has not been renamed, rename it to "topbar_left_new.png" now.)

    g. Using your favorite graphic editor (GIMP, Photoshop, GraphicConverter, whatever) edit the new logo file. Do not change the dimensions of the image. I would leave the Sophos logos intact. I added bright red lettering with the company name below Sophos and UTM9.  

    h. Upload the edited file.

    • Mac: scp -v -P <UTMport> topbar_left_new.png root@UTM_URL:/var/sec/chroot-httpd/var/webadmin/core/img/topbar/topbar_left_new.png
    • Windows: Use WinSCP or PuTTY to use the SCP protocol to upload the topbar_left_new.png file to /var/sec/chroot-httpd/var/webadmin/core/img/topbar/topbar_left_new.png on the UTM.

    i. Go back to the SSH terminal session window that you opened in step b.

    j. Check that your files are there:

    • UTM SSH Shell: ls -l

    k. You should see all three files in the directory listing:

    • topbar_left_new.png
    • topbar_left_orig.png
    • topbar_left.png

    l. Copy your new, edited logo file to replace the current one:

    • UTM SSH Shell: cp -p topbar_left_new.png topbar_left.png

    m. Verify that the update now works. Open WebAdmin in your browser. If the logo has not changed, flush the cache in your browser, then try again.

    n. Unless you require it for other uses, disable SSH access to your UTM. Management -> System Settings -> Shell Access.

    • Click the SSH shell access button to "0" (off) by clicking the button in the upper right.

    To Restore the Original Logo:

    • Repeat steps a, b, and c, above.
    • Copy the original logo back: cp -p topbar_left_orig.png topbar_left.png
    • Repeat steps m and n, above.

    Good luck!

    (Edits: Added comment about searching the web to learn how to generate SSH keys, corrected left/right error on the position of the SSH access button.)

Children
  • The warning from Sophos was correct. If you run a UTM update (Up2Date), it will overwrite your topbar_left.png file with a "Sophos original" version. If you kept a copy of your edited topbar_left_new.png file, you can copy it over the replacement. Here is the quick fix procedure, which assumes that you followed the procedure in Solution #3, above:

    Login to your Sophos UTM as root, just as you did above.

    Change directory to where the top bar logos are stored:

    • cd /var/sec/chroot-httpd/var/webadmin/core/img/topbar/

    Save the Sophos replacement (original) file:

    • cp -p topbar_left.png topbar_left_orig.png

    Copy your edited file over the Sophos file:

    • cp -p topbar_left_new.png topper_left.png

    You're done. Remember that your browser may still have cached images, so your change may not take effect immediately. You can logout of the UTM and reset your browser cache if it you really need it now.