[Nut-upsuser] Access restriction on Upgrade Debian lenny -> Debian squeeze
Arnaud Quette
aquette.dev at gmail.com
Fri Mar 11 09:32:28 UTC 2011
2011/3/11 Charles Lepple <clepple at gmail.com>
> On Mar 10, 2011, at 4:41 PM, Lukas Haase wrote:
>
> However, after upgrading from Debian lenny to Debian squeeze (version
>> 2.4.3-1.1squeeze1) I get the messages in syslog:
>>
>> ACL in upsd.conf is no longer supported - switch to LISTEN
>> ACCEPT in upsd.conf is no longer supported - switch to LISTEN
>> REJECT in upsd.conf is no longer supported - switch to LISTEN
>> allowfrom in upsd.users is no longer used
>>
>> Well, I commented out the lines and it works now. However, there is no
>> access restriction anymore! :-( Why have these wonderful features been
>> dropped? Are there at least any alternatives for ACL, ACCEPT, REJECT and
>> allowFrom?
>>
>
> The following web page indicates that the Debian squeeze packages of NUT
> were linked against libwrap, which has had a much longer track record of
> user-space connection filtering than NUT:
>
> http://packages.debian.org/squeeze/nut
>
> This information should be in /usr/share/doc/nut/UPGRADING.gz.
>
> The NUT mailing list archives have a number of threads where the reasoning
> for this change has been discussed.
>
> You also might want to consider kernel-level firewall rules. That means
> that you won't be exposed to bugs in either NUT's connection handling, or
> that of libwrap.
>
>
a full chapter of the user documentation focus on all the security
mechanisms available with NUT, including TCP-Wrappers, Firewall, (SSL)
authentication and encryption
http://www.networkupstools.org/docs/user-manual.chunked/ar01s09.html
cheers,
Arnaud
--
Linux / Unix Expert R&D - Eaton - http://powerquality.eaton.com
Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org/
Debian Developer - http://www.debian.org
Free Software Developer - http://arnaud.quette.free.fr/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20110311/037ae7d3/attachment.htm>
More information about the Nut-upsuser
mailing list