be necessary if you use the default apcupsd.conf, since it is already turned
on.
Although this method is simple, it affords no protection from the outside
world accessing your network server unless you are behind a firewall. In
addition, if there is a bug in the network server code, or if a malicious user
sends bad data, it may be possible for apcnis to die, in which case, though
it is not supposed to, apcupsd may also exit, thus leaving your machine
without shutdown protection. In addition, since apcupsd is running at root
level, all threads or any child process will do so also. That being said, most
of us prefer to run the server this way.
With apcupsd version 3.8.2 and later, you may enable the TCP Libwrap
subroutines to add additional security. In this case, access to the network
server will be controlled by the statements you put in /etc/hosts.allow.
Running apcnisd from INETD
This is probably the most secure and most desirable way of running the
network information server. Unfortunately, it is a bit more complicated
to set up. However, once running, the server remains unexecuted until a
connection is attempted, at which point, inetd will invoke apcnisd. Once
apcnisd has responded to the client’s requests, it will exit. None of the
disadvantages of running it standalone apply since apcnisd runs only when
a client is requesting data. Note, running in this manner works only if you
are using the old forking code and have pthreads explicitly turned off. The
pthreads version of apcupsd does not support the shared memory calls that
are necessary for apcnisd to access the internal state of apcupsd.
An additional advantage of this method of running the network information
server is that you can call it with a TCP wrapper and thus use access control
lists (ACL) such as hosts.allow. See the man pages for hosts.allow for more
details.
To configure apcnisd to run from INETD, you must first put an entry in
/etc/services as follows:
apcnisd 3551/tcp
This defines the port number (3551) and the service (TCP) that apcnisd will
be using. This statement can go anywhere in the services file. Normally,
one adds local changes such as these to the end of the file.
116