Fedora Linux

 AuthUserFile /var/lib/webalizer/passwd
 Require valid-user
</Location>

Create the password file with the htpasswd command:

# htpasswd -c /var/lib/webalizer/passwd chris
New password:
 NeverGuess
Re-type new password:
 NeverGuess
Adding password for user chris

The SELinux context of the directory containing the password file must be changed in order for this to work:

# chcon -t httpd_sys_content_t /var/lib/webalizer/

The statistics reports should now be accessible using a web browser on any computer.

7.12.2. How Does It Work?

The script /etc/cron.daily/00webalizer is started once a day (at around 4:02 a.m.) by crond . This script in turn starts up Webalizer; the default configuration file ( /var/webalizer.conf ) is preset to analyze the main Apache logfile ( /var/log/httpd/access_log ) and place the results in /var/www/usage .

The script file 00webalizer-vhosts obtains the virtual host log filenames from /etc/httpd/conf/httpd.conf and runs Webalizer on each logfile after the main logfile has been processed. 00webalizer-ftp does the same thing for the vsftp logfile, /var/log/xferlog .

The web directory /var/www/usage is initially protected by the file /var/httpd/conf.d/webalizer.conf so that Apache will serve it only to a browser running on the same computer.

Webalizer analyzes web files and logfiles to determine usage patterns; it can process the Apache common and combined logfile formats, and the wuftp logfile formats (which is the same format used by vsftp ). It stores the generated statistics for the last year in the file webalizer.hist , and stores partial statistics for the current reporting period (month) in the file webalizer.current . The data from previous runs of the program is retrieved from those files and combined with data from the current logfile to generate the reports. By default, webalizer.hist and webalizer.current are stored in /var/lib/webalizer ; the changes to the configuration file cause these files to be stored in the output directories so that each report has its own, separate copy of these files.

The generated reports are saved as HTML pages and PNG graphics.

7.12.3. Where Can I Learn More?

? The manpages for webalizer , cron , and crontab

? The Webalizer web site: http://webalizer.org/

? Information on the Apache logfile format: http://httpd.apache.org/docs/2.2/logs.html

? Information on the wu-ftp/vsftp logfile format: http://www.wu-ftpd.org/man/xferlog.html

Chapter 8. Securing Your System

System security maintenance is an essential task when running a computer, but it's never been particularly glamorous or fun. The basic goal of system security is to ensure that the system provides the services it is supposed to provide, cannot be subverted to do things it was not intended to do, and to ensure that the services remain available for use.

Effective security requires a multipronged approach, and Fedora provides effective tools to secure your system in several different ways:

Filtering of network traffic

System activity logging and automatic monitoring tools

Discretionary access controls such as permissions and access control lists

Mandatory access controls through SELinux

Intrusion-detection tools and immutable file attributes to detect and prevent file alteration

Tools to delegate specific system administration privileges to different users

Together with automated software updates, these tools enable you to efficiently maintain your system security.

8.1. Prevent Unwanted Connections

Most Fedora systems are connected to a TCP/IP network. You can guard against unwanted inbound connections to your system by using the built-in firewall.

8.1.1. How Do I Do That?

To adjust the Fedora firewall graphically, select the menu option System>Administration>'Security Level and Firewall.' After you enter the root password, the window shown in Figure 8-1 will appear.

Figure 8-1. Firewall configuration tool

The control at the top of this window enables and disables the firewall. When the firewall is enabled, the lower portion of this window can be used to permit connections to your system for selected services; simply select