APC UPS control system Power Supply User Manual


 
Credits:
Many thanks go to Russell Kroll <rkroll at exploits.org> who wrote
the CGI programs to work with his UPS Monitoring system named
Network UPS Tools (NUT). Thanks also to Jonathan Benson <jbenson at
technologist.com> for initially adapting the upsstatus.cgi program to work
with apcupsd.
We have enhanced the bar graph program and hope that our changes can
be useful to the original author in his project.
Security Issues:
apcupsd runs as root.
If you have NETSERVER ON in your apcupsd.conf file (which is the
deault), be aware that anyone on the network can read the status of
your UPS. This may or may not pose a problem. If you don’t consider
this information privileged, as is the case for me, there is little risk. In
addition, if you have a firewall between your servers and the Internet,
crackers will not have access to your UPS information. Additionally,
you can restrict who can access your apcupsd server by using inted to
run the sservice and using access control lists with a TCP wrapper or
by configuring TCP wrappers in apcupsd (see below for TCP Wrapper
details).
If you are running master/slave networking with a single UPS powering
multiple machines, be aware that it is possible for someone to simulate
the master and send a shutdown request to your slaves. The slaves
do check that the network address of the machine claiming to be the
master is that same as the address returned by DNS corresponding to
the name of the master as specified in your configuration file.
Wrappers
As of apcupsd version 3.8.2, TCP Wrappers are implemented if you turn
them on when configuring (./configure --with-libwrap). With this code
enabled, you may control who may access your apcupsd via TCP connections
(the Network Information Server, and the Master/Slave code). This control
is done by modifying the file: /etc/hosts.allow. This code is implemented
but untested. If you use it, please send us some feedback.
83