2011-01-26 11:35:08 +02:00
|
|
|
UPSSET.CONF(5)
|
|
|
|
==============
|
2010-03-26 01:20:59 +02:00
|
|
|
|
2011-01-26 11:35:08 +02:00
|
|
|
NAME
|
|
|
|
----
|
2010-03-26 01:20:59 +02:00
|
|
|
|
2011-01-26 11:35:08 +02:00
|
|
|
upsset.conf - Configuration for Network UPS Tools upsset.cgi
|
|
|
|
|
|
|
|
DESCRIPTION
|
|
|
|
-----------
|
|
|
|
|
|
|
|
This file only does one job--it lets you convince linkman:upsset.cgi[8]
|
2010-03-26 01:20:59 +02:00
|
|
|
that your system's CGI directory is secure. The program will not run
|
|
|
|
until this file has been properly defined.
|
|
|
|
|
2011-01-26 11:35:08 +02:00
|
|
|
SECURITY REQUIREMENTS
|
|
|
|
---------------------
|
2010-03-26 01:20:59 +02:00
|
|
|
|
2011-01-26 11:35:08 +02:00
|
|
|
linkman:upsset.cgi[8] allows you to try login name and password combinations.
|
2010-03-26 01:20:59 +02:00
|
|
|
There is no rate limiting, as the program shuts down between every request.
|
|
|
|
Such is the nature of CGI programs.
|
|
|
|
|
2011-01-26 11:35:08 +02:00
|
|
|
Normally, attackers would not be able to access your linkman:upsd[8] server
|
|
|
|
directly as it would be protected by the LISTEN directives in
|
|
|
|
your linkman:upsd.conf[5] file, tcp-wrappers (if available when NUT was built),
|
|
|
|
and hopefully local firewall settings in your OS.
|
2010-03-26 01:20:59 +02:00
|
|
|
|
2011-01-26 11:35:08 +02:00
|
|
|
*upsset* runs on your web server, so upsd will see it as a connection from
|
2010-03-26 01:20:59 +02:00
|
|
|
a host on an internal network. It doesn't know that the connection is
|
|
|
|
actually coming from someone on the outside. This is why you must
|
|
|
|
secure it.
|
|
|
|
|
|
|
|
On Apache, you can use the .htaccess file or put the directives in your
|
|
|
|
httpd.conf. It looks something like this, assuming the .htaccess
|
|
|
|
method:
|
|
|
|
|
|
|
|
<Files upsset.cgi>
|
|
|
|
deny from all
|
|
|
|
allow from your.network.addresses
|
|
|
|
</Files>
|
|
|
|
|
|
|
|
You will probably have to set "AllowOverride Limit" for this directory
|
2011-01-26 11:35:08 +02:00
|
|
|
in your server-level configuration file as well.
|
2010-03-26 01:20:59 +02:00
|
|
|
|
|
|
|
If this doesn't make sense, then stop reading and leave this program
|
|
|
|
alone. It's not something you absolutely need to have anyway.
|
|
|
|
|
|
|
|
Assuming you have all this done, and it actually works (test it!), then
|
|
|
|
you may add the following directive to this file:
|
|
|
|
|
|
|
|
I_HAVE_SECURED_MY_CGI_DIRECTORY
|
|
|
|
|
|
|
|
If you lie to the program and someone beats on your upsd through your
|
|
|
|
web server, don't blame me.
|
|
|
|
|
2011-01-26 11:35:08 +02:00
|
|
|
SEE ALSO
|
|
|
|
--------
|
|
|
|
linkman:upsset.cgi[8]
|
2010-03-26 01:20:59 +02:00
|
|
|
|
2011-01-26 11:35:08 +02:00
|
|
|
Internet resources:
|
|
|
|
~~~~~~~~~~~~~~~~~~~
|
2010-03-26 01:20:59 +02:00
|
|
|
The NUT (Network UPS Tools) home page: http://www.networkupstools.org/
|