[Nut-upsdev] Remote Monitoring From Web
Arnaud Quette
aquette.dev at gmail.com
Wed Nov 25 10:15:39 UTC 2009
what has surfaced with this kind of feedback is the lack of
documentation of this change.
we should complete the user manual in that direction, § 5.2.3. "Data
server configuration (upsd)" and § 7. "Securisation notes"
highlighting the removal of ACL and describing the TCP Wrapper +
firewall switch.
@Arjen: if you have some content in mind, don't hesitate to send it to me.
I have something planned but have not yet reached that point.
Arnaud
2009/11/23 Arjen de Korte <nut+users at de-korte.org>:
> Citeren Eric Wilde <ewilde at bsmdevelopment.com>:
>
>> When I use LISTEN, I see an error message about upsd not listening on
>> port 3493. For example:
>>
>> LISTEN 192.168.1.1 3493
>>
>> gives
>>
>> not listening on 192.168.1.1 port 3493
>
> Most likely, the port is already in use. What does 'netstat' say here.
>
>> Any attempts to monitor this system's UPS from the Web UI is then met
>> with:
>>
>> error: Connection failure: Connection refused
>>
>> Did anybody think this through before breaking it?
>
> Sure. And if you would have read the archives, you would also know why we
> did.
>
>> Apart from the fact
>> that LISTEN seems to be broken, how is one supposed to accept connections
>> from part of a network (e.g. 192.168.1.1/24) or reject connections from
>> a specific machine or range of machines.
>
> Use a firewall and read the chapter on ACCESS CONTROL in 'man 8 upsd'.
> Together they will give you the same level of granularity.
>
>> LISTEN doesn't come even close
>> to the flexibility of ACL/ACCEPT.
>
> There is nothing you can do with the previous ACL/ACCEPT mechanism that
> can't be done through LISTEN, tcp-wrappers and a firewall. And instead of
> giving you a false sense of security of the previous mechanism, this will
> actually work against attacks on your upsd server.
>
> Best regards, Arjen
> --
> Please keep list traffic on the list
>
>
> _______________________________________________
> Nut-upsdev mailing list
> Nut-upsdev at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/nut-upsdev
>
More information about the Nut-upsdev
mailing list