Sam

Asked: 2025-01-29 17:30:49 +0800 CST

Securing my NUT UPS Server - Prevent unauthenticated remote access

5

I have a NUT server on an RPi 2, which I’ve configured. From another client, I can connect via port 3493 and monitor the UPS status. However, my issue is that I can enter any username/password, or leave it out entirely, and still connect. I don’t want that. I don’t understand what’s causing this behavior. Does anyone have any ideas about it?

How do I prevent login without user/password from remote clients?

Now I can do this command without authentication from a remote client:

upsc [email protected]

Or isn't upsd.users supposed to be used in this way?

My configuration files look like this:

nut.conf

MODE=netserver

upsd.conf

LISTEN 0.0.0.0 3493

upsd.users

[admin]
    password = pass
    actions = SET
    actions = FSD
    instcmds = ALL

[local]
    password = pass
    upsmon master

[remote]
    password = pass
    upsmon slave

[monuser]
    password = pass
    upsmon slave

upsmon.conf

MINSUPPLIES 1
SHUTDOWNCMD "/sbin/shutdown -h +0"
POLLFREQ 5
POLLFREQALERT 5
HOSTSYNC 30
DEADTIME 25
POWERDOWNFLAG /etc/killpower
RBWARNTIME 43200
NOCOMMWARNTIME 300
FINALDELAY 90
MONITOR apc-bx1600@localhost 1 local pass master

upssched.conf

CMDSCRIPT /bin/upssched-cmd

File permissions

-rw-r--r-- 1 root root  1113 Jan 22 23:40 hosts.conf
-rw-r----- 1 root nut     15 Jan 22 17:29 nut.conf
-rw-r----- 1 root nut    248 Jan 22 23:12 ups.conf
-rw-r----- 1 root nut     19 Jan 22 23:29 upsd.conf
-rw-r----- 1 root nut    253 Jan 23 16:53 upsd.users
-rw-r----- 1 root nut    232 Jan 23 17:27 upsmon.conf
-rw-r----- 1 root nut   4201 Jan 25  2023 upssched.conf
-rw-r--r-- 1 root root  1432 Jan 23 11:23 upsset.conf
-rw-r--r-- 1 root root  3699 Jan 25  2023 upsstats.html
-rw-r--r-- 1 root root  6408 Jan 25  2023 upsstats-single.html

Example of a remote:

TTL

Asked: 2022-04-19 10:57:40 +0800 CST

NUT shuts down UPS even when power is available

1

I have an APC Backup UPS ES 850G2, connected via USB to a RaspberryPi acting as NUT master. The Pi uses the usbhid-ups driver. Several other devices are NUT slaves and poll the Pi for UPS info.

Here's a list of some particular things about the APC:

pi@nut-server:~ $ upsc apc@localhost
Init SSL without certificate database
battery.charge: 92
battery.charge.low: 10
battery.charge.warning: 50
...
battery.runtime: 884
battery.runtime.low: 350
...
driver.name: usbhid-ups
driver.parameter.ondelay: 60
driver.parameter.pollfreq: 30
driver.parameter.pollinterval: 1
driver.parameter.port: auto
driver.parameter.productid: 0002
...
driver.version: 2.7.4
driver.version.data: APC HID 0.96
driver.version.internal: 0.41
...
ups.delay.shutdown: 20
ups.firmware: 938.a2 .I
ups.firmware.aux: a2
ups.load: 31
ups.mfr: American Power Conversion
ups.mfr.date: 2021/05/02
ups.model: Back-UPS ES 850G2
ups.productid: 0002
...
ups.timer.reboot: 0
ups.timer.shutdown: -1
ups.vendorid: 051d

ups.conf

[apc]
    driver = usbhid-ups
    port = auto
    desc = "APC 850VA UPS"
    vendorid = 051d
    productid = 0002
    serial = "xxxxxx"

A few issues I have with it:

I can't set the battery.charge.low parameter, although, I can set the battery.runtime.low using upsrw
when the UPS is online (i.e. getting power from the mains), as soon as the runtime drops below battery.runtime.low due to a high load, the UPS starts beeping and FSD is triggered

Apr 18 16:26:34 nut-server upsmon[477]: UPS apc@localhost battery is low
Apr 18 16:26:34 nut-server upssched[2840]: Executing command: triggerfsd
Apr 18 16:26:34 nut-server upsmon[477]: Signal 10: User requested FSD
Apr 18 16:26:34 nut-server upsd[472]: Client [email protected] set FSD on UPS [apc]
Apr 18 16:26:34 nut-server upsmon[477]: Executing automatic power-fail shutdown
Apr 18 16:26:34 nut-server upsmon[477]: Auto logout and shutdown proceeding
Apr 18 16:26:34 nut-server upssched[2850]: Executing command: turnoffups

when the UPS powers back on having a low battery (i.e. runtime < battery.runtime.low) and turns on the load, it immediately triggers a FSD and none of the devices have time to properly shut down, as the Pi master shuts everything down again.

I have set the battery.runtime.low value to something reasonable, so that the UPS load has time to shut down (especially my QNAP NAS, which shuts down in ~3-4 minutes).

Shouldn't the "Low Battery" flag be triggered only of the UPS is offline? Is what I'm describing normal behavior? Is there anything I set up badly? Do I need to provide any extra config for some help?

From the NUT documentation on upsmon.conf:

LOWBATT UPS is on battery and has a low battery (is critical)

divB

Asked: 2020-09-25 09:31:06 +0800 CST

APC SmartUPS suddenly all lights flashing. What's going on?

0

upsfault: I have a APC SmartUPS 2U 1500 somewhere in a rack far away. Batteries were replaced recently and UPS was working without issues for a long time.

Suddenly yesterday, the entire equipment attached to the UPS was off. I send someone there to see what's going on and all lights in front of the UPS were flashing. It did not beep.

According to the manual, a constant lit and beep would indicate a UPS fault. Furthermore, "Front Panel LEDs Flash Sequentially" would indicate that the UPS has been shut down remotely and will return when utility power returns. But it was not shut down and utility power never went out.

I told the person to push the off button. While this should turn off the UPS, it started the fan. Then I told the person to push the on button. Now all connected devices powered up again but the relay sound is constantly audible.

I cannot connect to the UPS over USB (I use nut and I only get error: Driver not connected). It used to work.

What does that mean and what should I do?

petersohn

Asked: 2020-05-03 23:20:35 +0800 CST

NUT loses communications with the UPS

1

I am using NUT to monitor my UPS. I have a APC Back-UPS ES 550G, and the NUT server runs on a Raspberry Pi. I use the usbhid-ups driver, which works fine most of the time. However, after a few hours of running, it starts to broadcast messages on the network that the UPS is not available, and any attempted queries will return "Data stale". Restarting the driver and the server solves the problem, at least for the next few hours.

I tried adjusting timing settings, but it doesn't seem to help. Currently I have the following settings: on the driver, pollfreq = 5 and pollinterval = 2. In the monitor config, I have POLLFREQ 5, POLLFREQALERT 5 (these are the defaults), and DEADTIME 30.

yanchenko

Asked: 2011-03-11 02:35:58 +0800 CST

APC SC1000I over USB and NUT

1

I've got an APC SC1000I which I want to set up to be monitored with NUT, likely with newhidups.
The basic config doesn't work:

# tail -n 1 /var/log/messages
Poll UPS [apc@localhost] failed - Driver not connected

What puzzles me, is that the UPS connected over USB is detected as

# lsusb
Bus 002 Device 004: ID 067b:2303 Prolific Technology, Inc. PL2303 Serial Port

Is it possible to monitor this given UPS with NUT at all? A working ups.conf section would be welcome.

Securing my NUT UPS Server - Prevent unauthenticated remote access

nut.conf

upsd.conf

upsd.users

upsmon.conf

upssched.conf

File permissions

NUT shuts down UPS even when power is available

APC SmartUPS suddenly all lights flashing. What's going on?

NUT loses communications with the UPS

APC SC1000I over USB and NUT

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Questions[nut](server)

nut.conf

upsd.conf

upsd.users

upsmon.conf

upssched.conf

File permissions