Re: Apache log analyzer
On Mon, Aug 04, 2003 at 10:17:40AM -0700, Wade Richards wrote:
> On Mon, 04 Aug 2003 13:00:33 +0300, Sami Haahtinen writes:
> >awstats
> > It does the best job of these three, it collects just about every bit
> > of data that i can think of (and more) but the way it's packaged makes
> > it unusable on a default debian installation (you need to either
> > compromise on security or tweak apache configuration files)
>
> Can you please elaborate on the problems with awstats and security? I
> didn't see any open bug reports for awstats in the BTS.
The way awstats needs to be set up on a debian box causes this.. (there
are no known exploits, but i'm paranoid..;) as README.Debian says, you
have 2 ways of setting up awstats, _manually_ setting the script owner
to adm or fixing up the apache provided logrotate script to create files
that are readable by the script. This is not something i consider
reasonable..
I like awstats, but i try to avoid manual tweaks on files that get
overwritten (/usr/*) or might get other changes (apache logrotate
script)
Regards, Sami
--
-< Sami Haahtinen >-
-[ Notify immediately if you do not receive this message ]-
-< 2209 3C53 D0FB 041C F7B1 F908 A9B6 F730 B83D 761C >-
Reply to: