Credits:
Many thanks go to Russell Kroll <rkroll at exploits.org>who wrote
the CGI programs to work with his UPS Monitoring system named
Network UPS Tools (NUT). Thanks also to Jonathan Benson <jbenson at
technologist.com>for initially adapting the upsstatus.cgi program to work
with apcupsd.
We have enhanced the bar graph program and hope that our changes can
be useful to the original author in his project.
Security Issues:
•apcupsd runs as root.
•If youhave NETSERVER ON in your apcupsd.conf file (which is the
deault), be aware that anyone on the networkcan read the status of
your UPS. This mayor may not pose a problem. If you don’t consider
this information privileged, as is the case for me, there is little risk. In
addition, if you have a firewall betweenyour servers and the Internet,
crackers will not have access to your UPS information. Additionally,
you can restrict who can access your apcupsd server byusing inted to
run the sservice and using access control lists with a TCP wrapper or
by configuring TCP wrappers in apcupsd (see below for TCP Wrapper
details).
•Ifyou are runningmaster/slave networkingwith asingle UPS powering
multiple machines, be aware that it is possible for someone to simulate
the master and send a shutdown request to your slaves. The slaves
do check that the network address of the machine claiming to be the
master is that same as the address returned by DNS corresponding to
the name of the master as specified in your configuration file.
Wrappers
As of apcupsd version 3.8.2, TCP Wrappers are implemented if you turn
them on when configuring (./configure --with-libwrap). With this code
enabled, youmay control who may access your apcupsd via TCP connections
(the Network Information Server, and the Master/Slave code). This control
is done by modifying the file: /etc/hosts.allow. This code is implemented
but untested. If you use it, please send us some feedback.
83