Unix/Linux Go Back    

RedHat 9 (Linux i386) - man page for upsset.conf (redhat section 5)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

UPSSET.CONF(5)			     Network UPS Tools (NUT)			   UPSSET.CONF(5)

       upsset.conf - Configuration for Network UPS Tools upsset.cgi

       This  file  only  does one job - it lets you convince upsset.cgi(8) that your system's CGI
       directory is secure.  The program will not run until this file has been properly defined.

       upsset.cgi(8) allows you to try login name and password combinations.  There  is  no  rate
       limiting, as the program shuts down between every request.  Such is the nature of CGI pro-

       Normally, attackers would not be able to access your upsd(8) server directly as	it  would
       be  protected  by  the ACCESS/ACL directives in your upsd.conf(5) file and hopefully local
       firewall settings in your OS.

       Since upsset runs on your web server, it could provide a passage from the outside  to  the
       inside,	bypassing any firewall rules or upsd access control limitations, since it appears
       to be coming from the web server.  This is why you must secure it first.

       On Apache, you can use the .htaccess file or put the directives in  your  httpd.conf.   It
       looks something like this, assuming the .htaccess method:

		   <Files upsset.cgi>
		   deny from all
		   allow from your.network.addresses

       You  will  probably  have  to set "AllowOverride Limit" for this directory in your server-
       level configuration file as well.

       If this doesn't make sense, then stop reading and leave	this  program  alone.	It's  not
       something you absolutely need to have anyway.

       Assuming  you  have  all this done, and it actually works (test it!), then you may add the
       following directive to this file:


       If you lie to the program and someone beats on your upsd through your  web  server,  don't
       blame me.


   Internet resources:
       The NUT (Network UPS Tools) home page: http://www.exploits.org/nut/

       NUT mailing list archives and information: http://lists.exploits.org/

					 Tue Jul 30 2002			   UPSSET.CONF(5)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 02:48 PM.