nut-debian/docs/man/upsset.conf.txt

65 lines
1.9 KiB
Plaintext
Raw Normal View History

2011-01-26 11:35:08 +02:00
UPSSET.CONF(5)
==============
2010-03-26 01:20:59 +02:00
2011-01-26 11:35:08 +02:00
NAME
----
2010-03-26 01:20:59 +02:00
2011-01-26 11:35:08 +02:00
upsset.conf - Configuration for Network UPS Tools upsset.cgi
DESCRIPTION
-----------
This file only does one job--it lets you convince linkman:upsset.cgi[8]
2010-03-26 01:20:59 +02:00
that your system's CGI directory is secure. The program will not run
until this file has been properly defined.
2011-01-26 11:35:08 +02:00
SECURITY REQUIREMENTS
---------------------
2010-03-26 01:20:59 +02:00
2011-01-26 11:35:08 +02:00
linkman:upsset.cgi[8] allows you to try login name and password combinations.
2010-03-26 01:20:59 +02:00
There is no rate limiting, as the program shuts down between every request.
Such is the nature of CGI programs.
2011-01-26 11:35:08 +02:00
Normally, attackers would not be able to access your linkman:upsd[8] server
directly as it would be protected by the LISTEN directives in
your linkman:upsd.conf[5] file, tcp-wrappers (if available when NUT was built),
and hopefully local firewall settings in your OS.
2010-03-26 01:20:59 +02:00
2011-01-26 11:35:08 +02:00
*upsset* runs on your web server, so upsd will see it as a connection from
2022-07-10 10:23:45 +03:00
a host on an internal network. It doesn't know that the connection is
actually coming from someone on the outside. This is why you must
2010-03-26 01:20:59 +02:00
secure it.
On Apache, you can use the .htaccess file or put the directives in your
httpd.conf. It looks something like this, assuming the .htaccess
method:
<Files upsset.cgi>
deny from all
allow from your.network.addresses
</Files>
2022-07-10 10:23:45 +03:00
You will probably have to set "AllowOverride Limit" for this directory
2011-01-26 11:35:08 +02:00
in your server-level configuration file as well.
2010-03-26 01:20:59 +02:00
2022-07-10 10:23:45 +03:00
If this doesn't make sense, then stop reading and leave this program
2010-03-26 01:20:59 +02:00
alone. It's not something you absolutely need to have anyway.
Assuming you have all this done, and it actually works (test it!), then
you may add the following directive to this file:
I_HAVE_SECURED_MY_CGI_DIRECTORY
If you lie to the program and someone beats on your upsd through your
web server, don't blame me.
2011-01-26 11:35:08 +02:00
SEE ALSO
--------
2022-07-10 10:23:45 +03:00
2011-01-26 11:35:08 +02:00
linkman:upsset.cgi[8]
2010-03-26 01:20:59 +02:00
2011-01-26 11:35:08 +02:00
Internet resources:
~~~~~~~~~~~~~~~~~~~
2022-07-10 10:23:45 +03:00
2010-03-26 01:20:59 +02:00
The NUT (Network UPS Tools) home page: http://www.networkupstools.org/