# darkstat and privacy

## wjholden

Darkstat (homepage, portage) is a bandwidth analysis program I just discovered and I'm very excited about it.  However, I've been looking through this forum and google and haven't found a way to password protect what it finds.  If you start the program with no parameters (with root privaledges) the program serves it's starts over http on port 666 on all interfaces, which means that your stats are open for the whole world to see.  While I could bind the program to only the localhost interface, this would mean I couldn't see the stats without logging into it.

Any ideas on password protecting Darkstats?  If all else fails I'll modify the source myself, but it seems like there should be an easy way to do all this.

----------

## daledude

Not familiar with the program, but in general if you want to secure a network daemon you can use xinetd's only_from and redirect feature.

Bind darkstat to localhost.

create the file /etc/xinetd.d/darkstat

 *Quote:*   

> service darkstat
> 
> {
> 
> disable = no
> ...

 

Restart xinetd. Change the only_from ip's to ip's you want to connect from. Also might want to change the user= to some very unpriviledged user on your machine. You might have to change the port= from 666 if your xinetd tries to also bind to localhost.

----------

## wjholden

Umm all you have to do is type darkstat -b 127.0.0.1 to bind it to localhost which I do not want to do because I want to read the stat's from the internet using a password.

You have to use root.  I think that should be fairly obvious by the nature of this program.

----------

## daledude

Uhm, the method I gave gives secure access to darkstat from a specific ip. No need for password. You still have to run darkstat in the background bound to localhost because all this does is redirect the traffic between ports. If you wont connect from the same ip then look into apache and mod_proxy. If you dont understand the xinetd setup I gave then good luck with the proxy.

----------

## wjholden

 *daledude wrote:*   

> Uhm, the method I gave gives secure access to darkstat from a specific ip. No need for password. You still have to run darkstat in the background bound to localhost because all this does is redirect the traffic between ports. If you wont connect from the same ip then look into apache and mod_proxy. If you dont understand the xinetd setup I gave then good luck with the proxy.

 

Ahh I misunderstood.  I've never found a user for Xinetd so I didn't really follow what the config itself did, but rather misunderstood what you had said.  I guess I'll start hacking on the program itself, because I can't guess every IP that I'd want to access my server from would be (wandering all around campus on DHCP, you know how it goes).  You're right, I really don't want to fool around with a proxy.  Thanks for your help though!

----------

