Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages

RedHat 9 (Linux i386) - man page for upsset.conf (redhat section 5)

UPSSET.CONF(5)			     Network UPS Tools (NUT)			   UPSSET.CONF(5)

NAME
       upsset.conf - Configuration for Network UPS Tools upsset.cgi

DESCRIPTION
       This  file  only  does one job - it lets you convince upsset.cgi(8) that your system's CGI
       directory is secure.  The program will not run until this file has been properly defined.

SECURITY REQUIREMENTS
       upsset.cgi(8) allows you to try login name and password combinations.  There  is  no  rate
       limiting, as the program shuts down between every request.  Such is the nature of CGI pro-
       grams.

       Normally, attackers would not be able to access your upsd(8) server directly as	it  would
       be  protected  by  the ACCESS/ACL directives in your upsd.conf(5) file and hopefully local
       firewall settings in your OS.

       Since upsset runs on your web server, it could provide a passage from the outside  to  the
       inside,	bypassing any firewall rules or upsd access control limitations, since it appears
       to be coming from the web server.  This is why you must secure it first.

       On Apache, you can use the .htaccess file or put the directives in  your  httpd.conf.   It
       looks something like this, assuming the .htaccess method:

		   <Files upsset.cgi>
		   deny from all
		   allow from your.network.addresses
		   </Files>

       You  will  probably  have  to set "AllowOverride Limit" for this directory in your server-
       level configuration file as well.

       If this doesn't make sense, then stop reading and leave	this  program  alone.	It's  not
       something you absolutely need to have anyway.

       Assuming  you  have  all this done, and it actually works (test it!), then you may add the
       following directive to this file:

	    I_HAVE_SECURED_MY_CGI_DIRECTORY

       If you lie to the program and someone beats on your upsd through your  web  server,  don't
       blame me.

SEE ALSO
       upsset.cgi(8)

   Internet resources:
       The NUT (Network UPS Tools) home page: http://www.exploits.org/nut/

       NUT mailing list archives and information: http://lists.exploits.org/

					 Tue Jul 30 2002			   UPSSET.CONF(5)


All times are GMT -4. The time now is 07:21 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
UNIX.COM Login
Username:
Password:  
Show Password