Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
upsset.conf(5)
Edit
PageHistory
Diff
Info
LikePages
UPSSET.CONF !!!UPSSET.CONF NAME DESCRIPTION SECURITY REQUIREMENTS SEE ALSO ---- !!NAME upsset.conf - Configuration for Network UPS Tools upsset.cgi !!DESCRIPTION This file only does one job - it lets you convince upsset.cgi(8) that your system's CGI directory is secure. The program will not run until this file has been properly defined. !!SECURITY REQUIREMENTS upsset.cgi(8) allows you to try login name and password combinations. There is no rate limiting, as the program shuts down between every request. Such is the nature of CGI programs. Normally, attackers would not be able to access your upsd(8) server directly as it would be protected by the ACCESS/ACL directives in your upsd.conf(5) file and hopefully local firewall settings in your OS. Since upsset runs on your web server, it could provide a passage from the outside to the inside, bypassing any firewall rules or upsd access control limitations, since it appears to be coming from the web server. This is why you just secure it first. On Apache, you can use the .htaccess file or put the directives in your httpd.conf. It looks something like this, assuming the .htaccess method: You will probably have to set If this doesn't make sense, then stop reading and leave this program alone. It's not something you absolutely need to have anyway. Assuming you have all this done, and it actually works (test it!), then you may add the following directive to this file: I_HAVE_SECURED_MY_CGI_DIRECTORY If you lie to the program and someone beats on your upsd through your web server, don't blame me. !!SEE ALSO upsset.cgi(8) __Internet resources:__ The NUT (Network UPS Tools) home page: http://www.exploits.org/nut/ NUT mailing list archives and information: http://lists.exploits.org/ ----
One page links to
upsset.conf(5)
:
Man5u
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.