Packetwatch.net
Home Contact Research Papers Guides Pen-Testing Resources Site Map

Apcupsd cgi scripts in Red Hat Enterprise Linux



Last modified: Sept. 2, 2011

Contents
1 - Summary
2 - Dependencies
3 - Apcupsd-cgi installation
4 - Service configuration
5 - View status on website
6 - Service check


1 - Summary

This guide will show you how to install apcupsd cgi scripts in Red Hat
Enterprise Linux. Apcupsd is used for power management and controlling of APC
UPS's. In this guide, the apcupsd cgi scripts will be installed and served by
apache so information can be viewed in a web browser. This has been tested in
Red Hat Enterprise Linux 5 x86_64.


2 - Dependencies

Add the EPEL repository. This repository contains extra packages from Red Hat.
# wget http://download.fedora.redhat.com/pub/epel/$rel/$arch/epel-release-$ver.noarch.rpm
# sudo rpm -ivh epel-release-$ver.noarch.rpm
[sudo] password for user:
# rm -f epel-release-$ver.noarch.rpm

Install the apache package. Apache is a web server that will host the cgi
scripts to display information about the UPS.
# sudo yum install httpd.x86_64
[sudo] password for user:

Find where the apache daemon was installed to.
# rpm -ql httpd-* | grep sbin
/usr/sbin/apachectl
/usr/sbin/htcacheclean
/usr/sbin/httpd
/usr/sbin/httpd.event
/usr/sbin/httpd.worker
/usr/sbin/httxt2dbm
/usr/sbin/rotatelogs
/usr/sbin/suexec

Enable the apache service so that it will start when the system starts up.
# sudo /sbin/chkconfig httpd on
[sudo] password for user:
# sudo /sbin/chkconfig --list httpd
[sudo] password for user:
httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off

Find where the configuration file should be put.
# rpm -ql httpd-* | grep init.d
/etc/rc.d/init.d/httpd
# grep httpd.conf /etc/rc.d/init.d/httpd
# config: /etc/httpd/conf/httpd.conf
        CONFFILE=/etc/httpd/conf/httpd.conf
# strings /usr/sbin/httpd | grep httpd.conf
-D SERVER_CONFIG_FILE="conf/httpd.conf"
conf/httpd.conf
        directive in your httpd.conf file to list a non-root

You will need to modify the original configuration file. Add the following. In
this example, I set the websites to be stored in an alernate directory. By the
way, there is already a group named it which includes an account for the web
developers.
  ServerName server.test.com
  DocumentRoot "/data/websites/test/server"
  ErrorLog syslog
  LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" commonvhost
  CustomLog "|/usr/bin/logger" commonvhost
  #Alias /icons/ "/var/www/icons/"
  #<Directory "/var/www/icons">
  #    Options Indexes MultiViews
  #    AllowOverride None
  #    Order allow,deny
  #    Allow from all
  #</Directory>
  #ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
  #<Directory "/var/www/cgi-bin">
  #    AllowOverride None
  #    Options None
  #    Order allow,deny
  #    Allow from all
  #</Directory>
  #Alias /error/ "/var/www/error/"
  ErrorDocument 404 /index.html
  NameVirtualHost *:80
  NameVirtualHost *:443
  <VirtualHost *:80>
          ServerName server.test.com
          Redirect / https://server.test.com/
  </VirtualHost>
  <VirtualHost *:443>
          ServerName server.test.com
          ServerAdmin root@localhost
          DocumentRoot /data/websites/test/server
  </VirtualHost>
# rpm -ql httpd-* | grep "httpd\.conf"
/etc/httpd/conf/httpd.conf
# sudo cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.example
[sudo] password for user:
# sudo vi /etc/httpd/conf/httpd.conf
[sudo] password for user:
# sudo mkdir -p /data/websites/test/server
[sudo] password for user:
# sudo mkdir -p /data/logs/httpd
[sudo] password for user:
# sudo chown -R root:it /data/logs/httpd/
[sudo] password for user:

Install the mod_ssl package for SSL certificate support. Copy in the SSL
certificate files to /etc/httpd/ssl/.
# sudo yum install mod_ssl.x86_64
[sudo] password for user:
# sudo mkdir /etc/httpd/ssl/
[sudo] password for user:
You will need to modify the original configuration file. Add the following.
  #SSLPassPhraseDialog  builtin
  ErrorLog syslog
  SSLCertificateFile /etc/httpd/ssl/test.cer
  SSLCertificateKeyFile /etc/httpd/ssl/test.key.alt
  SSLCertificateChainFile /etc/httpd/ssl/test.crt
# rpm -ql mod_ssl-* | grep conf.d
/etc/httpd/conf.d/ssl.conf
# sudo cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.example
[sudo] password for user:
# sudo vi /etc/httpd/conf.d/ssl.conf
[sudo] password for user:
Create an index file.
  <html>
  <head>
  <title>Test: Network monitoring</title>
  </head>
  <body>
  <a href="https://server.test.com/apcupsd/">UPS information - Apcupsd</a><br>
  </body>
  </html>
# sudo vi /data/websites/test/server/index.html
[sudo] password for user:

Configure syslog appropriately.


3 - Apcupsd-cgi installation

Install the apcupsd-cgi package.
# sudo yum install apcupsd-cgi.x86_64
[sudo] password for user:


4 - Service configuration

Find where the configuration file should be put.
# rpm -ql apcupsd-cgi-* | grep apcupsd.css
/etc/apcupsd/apcupsd.css

You will need to create a configuration file. Have the following.
  TEMPF
  FIELD SYSTEM "System" ""
  FIELD MODEL "Model" ""
  FIELD STATUS "Status" ""
  FIELD battpct "Battery Chg" "%"
  FIELD utility "Utility" "VAC"
  FIELD loadpct "UPS Load" "%"
  FIELD UPSTEMP "UPS Temp" ""
  FIELD runtime "Batt. Run Time" "min."
  FIELD DATA   "Data" "All data"
# sudo vi /etc/apcupsd/multimon.conf
[sudo] password for user:

You will also need to create a configuration file that lists the systems that
will be monitored. Have the following.
  MONITOR server.test.com "SERVER-ROOM"
# sudo vi /etc/apcupsd/hosts.conf
[sudo] password for user:

You will need to modify the original configuration file for apcupsd used by
apache. Have only the following.
  Alias /apcupsd/ "/data/websites/test/server/apcupsd/"
  <Directory "/data/websites/test/server/apcupsd">
      AuthType Basic
      AuthName "Restricted"
      AuthUserFile /etc/httpd/conf/htaccounts
      Require user Administrator
      DirectoryIndex multimon.cgi
      AddHandler cgi-script cgi
      AllowOverride None
      Options ExecCGI Indexes
      Order allow,deny
      Allow from all
  </Directory>
# rpm -ql apcupsd-cgi-* | grep conf.d
/etc/httpd/conf.d/apcupsd.conf
# sudo cp /etc/httpd/conf.d/apcupsd.conf /etc/httpd/conf.d/apcupsd.conf.example
[sudo] password for user:
# sudo vi /etc/httpd/conf.d/apcupsd.conf
[sudo] password for user:

Create a user account using htpasswd that will be allowed to view the UPS
information.
# rpm -ql httpd-* | grep htpasswd
/usr/bin/htpasswd
/usr/share/man/man1/htpasswd.1.gz
# sudo /usr/bin/htpasswd -c -s /etc/httpd/conf/htaccounts Administrator
[sudo] password for user:
New password: ********
Re-type new password: ********
Adding password for user Administrator

Copy the apcupsd web directory and set ownership and permissions. By the way,
there is already a group named it which includes an account for the web
developers.
# grep "\<Directory " /etc/httpd/conf.d/apcupsd.conf.example
<Directory /var/www/apcupsd>
<Directory "/var/www/apcupsd">
# sudo cp -Rp /var/www/apcupsd/ /data/websites/test/server/apcupsd/
[sudo] password for user:
# sudo chown -R apache:it /data/websites/test/server/apcupsd/
[sudo] password for user:
# sudo chmod -R 774 /data/websites/test/server/apcupsd/
[sudo] password for user:

You will need to configure SELinux appropriately. SELinux status can be
found by running sestatus.
# sudo /usr/sbin/sestatus | grep status:
[sudo] password for user:
SELinux status:                 enabled

Before starting the services, make sure that tcp port 80 and 443 are open in
case you are running firewall software. Here are some sample rules.
  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
# sudo /sbin/service iptables stop
[sudo] password for user:
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
# sudo cp /etc/sysconfig/iptables /etc/sysconfig/iptables.previous
[sudo] password for user:
# sudo vi /etc/sysconfig/iptables
[sudo] password for user:
# sudo /sbin/service iptables start
[sudo] password for user:
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]

Start the apache service.
# sudo /sbin/service httpd start
[sudo] password for user:
Starting httpd:                                            [  OK  ]


5 - View status on website

Navigate your web browser to http://server.test.com/. Click on the link for
UPS information - Apcupsd. After you login, you will see screen showing a
summary of the UPS systems specified in the hosts.conf file. Click on the
system in the left-hand column. You can now view the details like battery
capacity, run time remaining and UPS load.


6 - Service check

Reboot your computer. Log in like normal and check to see that the httpd
service is running. That's it, now you have the apcupsd cgi scripts running in
Red Hat Enterprise Linux.
# sudo /sbin/shutdown -r now
[sudo] password for user:
# sudo /sbin/service httpd status
[sudo] password for user:
httpd (pid  3106) is running...

Last modified: Thu Jan 1 00:00:00 1970 UTC
Packetwatch Research 2002-2024.