Closed ctrlbrk42 closed 5 years ago
Have you considered running the dashboard within a Docker container? This should add another level of security.
Alternatively, if you're running a distribution with SELinux enabled you can configure your system to only allow your web server to open the vnstat binary.
Thank you so much for the fast reply. I can't use Docker in this case, it's a production server and we don't permit that. We are running Debian on the server.
I was hoping there was some sort of workaround, as we have 10 years of vnstat data on this server and would be great to have a GUI for it on top. My thought was maybe a cron job to get the output you need, and read it by script -- I realize that is a hack, but if you could do it I would be grateful.
Unfortunately, I don't believe there is going to be a way to do this at the moment.
For the time being, I will close this issue. If anyone finds a way, feel free to re-open.
I would love to use your dashboard, but fopen is disabled for security reasons on my server. If you come up with an alternative, please do let me know! I will not be enabling fopen.