On Fri, 4 Oct 2013 08:18:12 -0400 Charles Lepple <clepple at gmail.com> wrote:> On Oct 1, 2013, at 11:58 PM, David N Melik wrote: > > > I followed the NUT instructions that are on the projects site, I > > think, > > ^ The official NUT site? Feel free to post the URL. > > > and they said to set up USBD, so I did. Is that necessary for > > average users using one PC (rather than servers), or will something > > not work right if I reread and turn off USBD? > > > I think Alexander explained upsd well, but here's some additional > history and explanation.Thanks... and I did mean UPSD> What are you trying to optimize?nothing, but I just did not want another daemon running, or at least I do not want a port open that can access the UPS, because I will not be using it; it is more of a minor security issue than anything. The instructions I read said to set up that port in NUT configuration, but I would rather not set that.
On Oct 7, 2013, at 4:48 AM, David N Melik wrote:>> What are you trying to optimize? > > nothing, but I just did not want another daemon running, or at least I > do not want a port open that can access the UPS, because I will not be > using it; it is more of a minor security issue than anything. The > instructions I read said to set up that port in NUT configuration, but I > would rather not set that.I forgot to mention: by default, NUT listens on localhost. If you are using Linux, you could add a "-m owner --uid-owner" rule to iptables to only match the UID for the NUT system user. -- Charles Lepple clepple at gmail
On Tue, 15 Oct 2013 21:56:16 -0400 Charles Lepple <clepple at gmail.com> wrote:> >> What are you trying to optimize? > > > > nothing, but I just did not want another daemon running, or at > > least I do not want a port open that can access the UPS, because I > > will not be using it; it is more of a minor security issue than > > anything. The instructions I read said to set up that port in NUT > > configuration, but I would rather not set that. > > I forgot to mention: by default, NUT listens on localhost. If you are > using Linux, you could add a "-m owner --uid-owner" rule to iptables > to only match the UID for the NUT system user.Thanks; if it listens on localhost by default, that is enough for me, though I recall that is not as secure as listening on 127.0.0.1. I never really used iptables much and am not using it now, so I do not think I will need to do. I do not see why I cannot just turn off the port usage, since I have root access and only ever use NUT from a shell.