[Nut-upsuser] why upsc need no authentication?
Charles Lepple
clepple at gmail.com
Fri Sep 11 02:11:20 UTC 2015
On Sep 10, 2015, at 10:23 AM, d tbsky <tbskyd at gmail.com> wrote:
>
> Hi:
> I found I can setup password for uspmon. but upsc can connect to
> any upsd without authentication. although the ups data is not very
> confidential, but I would like not to expose it to anyone who can
> connect to server.
>
> is there any method to harden upsd? thanks for hint.
There are a few different approaches. If your version of NUT was build with TCP-wrappers, you can configure NUT to only allow certain clients to connect.
However, in most cases where you would consider TCP-wrappers, you would probably be better served with a kernel-level firewall.
There is also an option to compile NUT to verify client SSL certificates: http://www.networkupstools.org/docs/user-manual.chunked/ar01s09.html#_upsd_optional_client_authentication
--
Charles Lepple
clepple at gmail
More information about the Nut-upsuser
mailing list