How to protect Munin Web statistics with password
on GNU / Linux
I just installed
munin to track in web the performance of
few Debian servers. I've configured munin to open via a
Virtualhosts in Apache. As its always wise to protect any
statistics data about the server from the unwanted possible
security violators, I decided to
protect Munin with Apache
.htaccess.
The munin
htmldir output dir is configured to be in
/var/www/munin, hence I protected my munin with password by:
1. Creating .htaccess file in /var/www/munin with
following content
AuthUserFile /etc/apache2/.munin_htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require user admin
2. Creating /etc/apache2/.munin_htpasswd with htpasswd
(htaccess password generator cmd)
debian:/var/www/munin# htpasswd -c
/etc/apache2/.munin_htpasswd admin
New password:
Re-type new password:
Adding password for user admin
Another important thing I had to do is
set my VirtualHost
file to be configured with
AllowOverride All , if
AllowOverride All is missing the
.htaccess and
.htpasswd are not red at all.
Afterwards munin is protected with password, and when my
virtualdomain where munin lays e.g.
http://munin.mydomain.com is accessed the .htpasswd password
dialog pops up ;)