|Linux & Unix Commands - Search Man Pages
UPSSET.CONF(5) Network UPS Tools (NUT) UPSSET.CONF(5)
upsset.conf - Configuration for Network UPS Tools upsset.cgi
This file only does one job - it lets you convince upsset.cgi(8) that your system's CGI
directory is secure. The program will not run until this file has been properly defined.
upsset.cgi(8) allows you to try login name and password combinations. There is no rate
limiting, as the program shuts down between every request. Such is the nature of CGI pro-
Normally, attackers would not be able to access your upsd(8) server directly as it would
be protected by the ACCESS/ACL directives in your upsd.conf(5) file and hopefully local
firewall settings in your OS.
Since upsset runs on your web server, it could provide a passage from the outside to the
inside, bypassing any firewall rules or upsd access control limitations, since it appears
to be coming from the web server. This is why you must secure it first.
On Apache, you can use the .htaccess file or put the directives in your httpd.conf. It
looks something like this, assuming the .htaccess method:
deny from all
allow from your.network.addresses
You will probably have to set "AllowOverride Limit" for this directory in your server-
level configuration file as well.
If this doesn't make sense, then stop reading and leave this program alone. It's not
something you absolutely need to have anyway.
Assuming you have all this done, and it actually works (test it!), then you may add the
following directive to this file:
If you lie to the program and someone beats on your upsd through your web server, don't
The NUT (Network UPS Tools) home page: http://www.exploits.org/nut/
NUT mailing list archives and information: http://lists.exploits.org/
Tue Jul 30 2002 UPSSET.CONF(5)
All times are GMT -4. The time now is 02:48 PM.