[Nut-upsuser] Access restriction on Upgrade Debian lenny -> Debian squeeze
Lukas Haase
lukashaase at gmx.at
Fri Mar 11 10:50:41 UTC 2011
Am 11.03.2011 10:32, schrieb Arnaud Quette:
> [...]
> a full chapter of the user documentation focus on all the security
> mechanisms available with NUT, including TCP-Wrappers, Firewall, (SSL)
> authentication and encryption
> http://www.networkupstools.org/docs/user-manual.chunked/ar01s09.html
Aah, thanks for the pointer!
If I understand correctly, /etc/hosts.deny and .allow should provide the
same functionality as allowFrom/ACL/ALLOW/REJECT.
Fortunately the Debian package is linked to libwrap0 which should
provide this funtionality, should it?!
Nevertheless, I do not understand why you use "ups" in hosts.allow and
"upsd" in hosts.deny?
I somehow tried both but it does somehow not work as expected.
When I add
ups : ALL
upsd : ALL
to hosts.deny, then no communication should be possible. However, I can
access the statistics from another host running upsstats.cgi!
I also tested with "upsc denchi at localhost" - it always works!
However, running upsmon I get the following error in syslog:
upsmon[20181]: Startup successful
upsmon[20184]: Login on UPS [denchi at localhost] failed - got [ERR
ACCESS-DENIED]
When I add
upsd : monmaster at 127.0.0.1/32
to hosts.allow
it works:
upsmon[20213]: Startup successful
upsd[19700]: User monmaster at 127.0.0.1 logged into UPS [denchi]
So it somehow works partially ...
What is the explanation for this?
Regards,
Luke
More information about the Nut-upsuser
mailing list