If you have NETSERVER on in your apcupsd.conf file,
be aware that anyone on the network can read the status of your
UPS. This may or may not pose a problem. If you don't consider
this information privileged, as is the case for me, there is little risk. In addition,
if you have a firewall between your servers and the Internet,
hackers will not have access to your UPS information. Additionally,
you can restrict who can access your apcupsd server by
using the INETD services and using access control lists with
a TCP wrapper or by configuring TCP wrappers in apcupsd (see below for TCP Wrapper
details).
If you are running master/slave networking with a single
UPS powering multiple machines, be aware that it is possible
for someone to simulate the master and send a shutdown request
to your slaves. The slaves do check that the network address
of the machine claiming to be the master is that same as the address
returned by DNS corresponding to the name of the master as specified
in your configuration file.
TCP Wrappers
As of apcupsd version 3.8.2, TCP Wrappers are implemented if
you turn them on when configuring (./configure --with-libwrap).
With this code enabled, you may control who may access your
apcupsd via TCP connections (the Network Information Server,
and the Master/Slave code). This control is done by modifying the
file: /etc/hosts.allow. This code is implemented but untested.
If you use it, please send us some feedback.
