How To Install, Secure, And Automate AWStats (CentOS/RHEL)

AWStats is a free and very powerful tool that generates advanced web, streaming, ftp or mail server statistics, graphically. It can analyze log files from all major server tools and convert them into nice graphical display. There are a lot of articles out there for AWStats, the reason I decided to write this one was to consolidate all the different tips and tricks I've learned through my journey into one comprehensive article associating the fantastic efforts of so many out there. There are a few methods of installing AWStats, this article will describe the simpler method of the two utilizing YUM.

This article assumes that you have root/sudo access to achieve all the goals required for a functional setup. This article also assumes you have SELinux set to permissive or disabled and that IPTables configuration is either disabled or customized for AWStats. Let's begin.



Add RPMForge Yum Repository:

For x86 (32-bit) systems:

rpm -Uhv

from Dag Wieers.

For x64 (64-bit) systems:

rpm -Uhv

from Dag Wieers.


Install & Configure Prerequisites

Install Apache:

yum install httpd

Configure Apache to start on boot:

/sbin/chkconfig --levels 345 httpd on

Configure iptables to allow Apache traffic:

/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart


Install & Configure AWStats

Now that YUM has its additional repository we are ready to install. From the commandline type:

yum install awstats

Modify AWStats Apache Configuration:

Edit /etc/httpd/conf.d/awstats.conf (Note: When putting your conf file in the /etc/httpd/conf.d/ folder it's automatically loaded as part of the Apache configuration. There is no need to add it again into httpd.conf. This setup is usually for one of two reasons; A cleaner approach and separating of different applications in their own configuration files, or you are in a hosted environment that does not allow for direct editing of httpd.conf):

Alias /awstats/icon/ /var/www/awstats/icon/

ScriptAlias /awstats/ /var/www/awstats/
<Directory /var/www/awstats/>
        Options ExecCGI
        order deny,allow
        allow from all

Alias /awstatsclasses "/var/www/awstats/lib/"
Alias /awstats-icon/ "/var/www/awstats/icon/"
Alias /awstatscss "/var/www/awstats/examples/css"

Note: the mod_cgi module of Apache must be pre-loaded into Apache otherwise Apache will not try to view the file, it will try to execute it. This can be done in two ways, either enable for the entire web server, or utilizing VirtualHosts, enable for AWStats.

Edit the following lines in the default awstats configuration file /etc/awstats/awstats.localhost.localdomain.conf:

SiteDomain="<server name>.<domain>"
HostAliases="<any aliases for the server>"

Rename config file:

mv /etc/awstats/awstats.localhost.localdomain.conf /etc/awstats/awstats.<server name>.<domain>.conf

Update Statistics (Note: By default, statistics will be updated every hour.):

/usr/bin/ now -confdir="/etc" -awstatsprog="/var/www/awstats/"

Start Apache:

/etc/init.d/httpd start

To automate startup of Apache on boot up, type

chkconfig --add httpd


Verify Install

Go to http://<server name>.<domain>/awstats/<server name>.<domain>


Securing AWStats

Setting File System Permissions

The webserver needs only read-access to your files in order for you to be able to access AWStats from the browser. Limiting your own permissions will keep you from accidentally messing with files. Just remember that with this setup you will have to run Perl to execute scripts rather than executing the scripts themselves.

$ find ./awstats -type d -exec chmod 701 '{}' \;
$ find ./awstats -not -type d -exec chmod 404 '{}' \;

Apache doesn't need direct access to AWStats configuration files therefore we can secure them tightly and not affect the relationship between them. To ensure that your .htaccess files are not readable via browser:

chmod 400 /etc/awstats/*.conf


Protecting The AWStats Directory With And Adding .htaccess

To secure the Awstats folder(s), is a measured process. Ensuring ownership of the AWStats folder is owned by the user that needs access to it, creating an htpasswd.users file and adding the corresponding .htaccess file to authenticate against it. Let's first secure the AWStats folder by typing the below from the command-line:

find ./awstats -type d -exec chmod 701 '{}' \;
find ./awstats -not -type d -exec chmod 404 '{}' \;

Now that our folders have been secured, we'll need to create the .htpasswd.users file. Go to the /etc/awstats folder and execute the following command:

htpasswd -c /etc/awstats/htpasswd.users user

(Select whatever username you'd like.)

It'll ask you to add a password for the user you've selected, add it and re-type it for confirmation and then save. The final step is to create a .htaccess file pointing to the .htpasswd file for authentication. Go to /var/www/awstats/ and create a new file called .htaccess using your favorite editor, typically nano or vi tend to be the more popular ones. In this example, we'll use vi. From the command line type

vi .htaccess

An alternate method of creating a .htaccess file is using the Htaccess Password Generator. Add the following content to your newly created .htaccess file:

AuthName "STOP - Do not continue unless you are authorized to view this site! - Server Access"
AuthType Basic
AuthUserFile /etc/awstats/htpasswd.users
Require valid-user
htpasswd -c /etc/awstat/htpasswd.users awstats_online

Once done, secure the .htaccess file by typing:

chmod 404 awstats/.htaccess
Share this page:

3 Comment(s)