Hi thanks Roger. Well I'm just using Ubuntu Server 16.04 LTS I only ran that command as a few guides say that's how to establish if a daemon is compiled with tcp wrappers: https://www.cyberciti.biz/faq/tcp-wrappers-hosts-allow-deny-tutorial/ I haven't really used TCP wrappers before so I'm not even sure if my hosts.allow entries are correct: upsd : ipaddressofclientgoeshere ups : monuser at 127.0.0.1/32 monuser at masterstaticIP monuser at slavestaticIP If yourself or anyone could please advise if this should work or if I need something different in my hosts.allow file Thank you very much once again. On 25 November 2016 at 12:00, Roger Price <roger at rogerprice.org> wrote:> On Fri, 25 Nov 2016, Jonah Naylor wrote: > > I don't think nut is built with TCP wrappers support, although the package >> is listed as depending on libwrap... >> > > Why would you have such a dependency if nut didn't use TCP Wrappers? > > I ran this command: ldd /sbin/upsd | grep libwrap.so and it has returned >> no output. >> > > If I run that command I get > > maria:~ # ldd /usr/sbin/upsd > linux-vdso.so.1 (0x00007ffff8fa8000) > libssl.so.1.0.0 => /lib64/libssl.so.1.0.0 (0x00007f05a4ea6000) > libcrypto.so.1.0.0 => /lib64/libcrypto.so.1.0.0 > (0x00007f05a4ab9000) > libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f05a489b000) > libc.so.6 => /lib64/libc.so.6 (0x00007f05a44ed000) > libdl.so.2 => /lib64/libdl.so.2 (0x00007f05a42e9000) > libz.so.1 => /lib64/libz.so.1 (0x00007f05a40d3000) > /lib64/ld-linux-x86-64.so.2 (0x00007f05a510e000) > maria:~ # > > No mention of libwrap, yet I have TCP wrappers compiled in. > > Does this mean I have to compile from source or is there a way to add the >> tcp wrapper support? >> > > If your binary does not include TCP Wrappers, then you don't need to add > it, and you don't need /etc/hosts.allow. If your binary does include it, > you need /etc/hosts.allow. You don't have to have TCP Wrappers, and you > don't have to recompile. > > Does your distribution have a mailing list which could answer the > configuration question? > > > Roger > > _______________________________________________ > Nut-upsuser mailing list > Nut-upsuser at lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20161125/2a815a51/attachment.html>
On Fri, 25 Nov 2016, Jonah Naylor wrote:> upsd : ipaddressofclientgoeshereIf it were me I would write upsd : ipaddressofclient :\ spawn (/bin/mail -r hosts.allow at localhost\ -s '%s@%h accepted access to %d from %c'\ sysadmin at somedomain) & : ALLOW upsd : ALL :\ spawn (/bin/mail -r hosts.allow at localhost\ -s '%s@%h refused access to %d from %c'\ sysadmin at somedomain) & : DENY so I get a trace of what happens, at least during testing.> ups : monuser at 127.0.0.1/32 monuser at masterstaticIP monuser at slavestaticIPI'm not sure what you are trying to do here. In any case, the daemon_list should specify upsd, not ups. See man 5 hosts_access. Rogr
Hi thanks Roger, I've amended my hosts.allow file to your suggested one - thanks for that. I'm still getting "Connection refused on the client cgi screen as well as in the shell it gives me UPS upsname at ipaddresshere is unavailable... Any ideas what I can try next to debug why it's not working. Also should the "allowfrom = clientIPaddresshere" line be in my monuser entry in upsd.users on the master, or should I take that out? Thanks once again for the help. On 25 November 2016 at 12:37, Roger Price <roger at rogerprice.org> wrote:> On Fri, 25 Nov 2016, Jonah Naylor wrote: > > upsd : ipaddressofclientgoeshere >> > > If it were me I would write > > upsd : ipaddressofclient :\ > spawn (/bin/mail -r hosts.allow at localhost\ > -s '%s@%h accepted access to %d from %c'\ > sysadmin at somedomain) & : ALLOW > > upsd : ALL :\ > spawn (/bin/mail -r hosts.allow at localhost\ > -s '%s@%h refused access to %d from %c'\ > sysadmin at somedomain) & : DENY > > so I get a trace of what happens, at least during testing. > > ups : monuser at 127.0.0.1/32 monuser at masterstaticIP monuser at slavestaticIP >> > > I'm not sure what you are trying to do here. In any case, the daemon_list > should specify upsd, not ups. See man 5 hosts_access. > > Rogr > > _______________________________________________ > Nut-upsuser mailing list > Nut-upsuser at lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20161125/ca29f5a2/attachment.html>
Try ALL:ALL in /etc/hosts.allow temporarily. If that still doesn't work, it's likely something else. If it does, only then screw with creating narrow rules . . . - Tim On November 25, 2016 6:37:02 AM CST, Roger Price <roger at rogerprice.org> wrote:>On Fri, 25 Nov 2016, Jonah Naylor wrote: > >> upsd : ipaddressofclientgoeshere > >If it were me I would write > > upsd : ipaddressofclient :\ > spawn (/bin/mail -r hosts.allow at localhost\ > -s '%s@%h accepted access to %d from %c'\ > sysadmin at somedomain) & : ALLOW > > upsd : ALL :\ > spawn (/bin/mail -r hosts.allow at localhost\ > -s '%s@%h refused access to %d from %c'\ > sysadmin at somedomain) & : DENY > >so I get a trace of what happens, at least during testing. > >> ups : monuser at 127.0.0.1/32 monuser at masterstaticIP >monuser at slavestaticIP > >I'm not sure what you are trying to do here. In any case, the >daemon_list should specify upsd, not ups. See man 5 hosts_access. > >Rogr > >_______________________________________________ >Nut-upsuser mailing list >Nut-upsuser at lists.alioth.debian.org >http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser-- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20161125/e32b6ba8/attachment.html>