Imported Upstream version 2.6.0
This commit is contained in:
parent
26fb71b504
commit
459aaf9392
510 changed files with 40508 additions and 18859 deletions
62
docs/man/upsset.conf.txt
Normal file
62
docs/man/upsset.conf.txt
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
UPSSET.CONF(5)
|
||||
==============
|
||||
|
||||
NAME
|
||||
----
|
||||
|
||||
upsset.conf - Configuration for Network UPS Tools upsset.cgi
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
|
||||
This file only does one job--it lets you convince linkman:upsset.cgi[8]
|
||||
that your system's CGI directory is secure. The program will not run
|
||||
until this file has been properly defined.
|
||||
|
||||
SECURITY REQUIREMENTS
|
||||
---------------------
|
||||
|
||||
linkman:upsset.cgi[8] allows you to try login name and password combinations.
|
||||
There is no rate limiting, as the program shuts down between every request.
|
||||
Such is the nature of CGI programs.
|
||||
|
||||
Normally, attackers would not be able to access your linkman:upsd[8] server
|
||||
directly as it would be protected by the LISTEN directives in
|
||||
your linkman:upsd.conf[5] file, tcp-wrappers (if available when NUT was built),
|
||||
and hopefully local firewall settings in your OS.
|
||||
|
||||
*upsset* runs on your web server, so upsd will see it as a connection from
|
||||
a host on an internal network. It doesn't know that the connection is
|
||||
actually coming from someone on the outside. This is why you must
|
||||
secure it.
|
||||
|
||||
On Apache, you can use the .htaccess file or put the directives in your
|
||||
httpd.conf. It looks something like this, assuming the .htaccess
|
||||
method:
|
||||
|
||||
<Files upsset.cgi>
|
||||
deny from all
|
||||
allow from your.network.addresses
|
||||
</Files>
|
||||
|
||||
You will probably have to set "AllowOverride Limit" for this directory
|
||||
in your server-level configuration file as well.
|
||||
|
||||
If this doesn't make sense, then stop reading and leave this program
|
||||
alone. It's not something you absolutely need to have anyway.
|
||||
|
||||
Assuming you have all this done, and it actually works (test it!), then
|
||||
you may add the following directive to this file:
|
||||
|
||||
I_HAVE_SECURED_MY_CGI_DIRECTORY
|
||||
|
||||
If you lie to the program and someone beats on your upsd through your
|
||||
web server, don't blame me.
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
linkman:upsset.cgi[8]
|
||||
|
||||
Internet resources:
|
||||
~~~~~~~~~~~~~~~~~~~
|
||||
The NUT (Network UPS Tools) home page: http://www.networkupstools.org/
|
||||
Loading…
Add table
Add a link
Reference in a new issue