=== added file 'INSTALL' --- INSTALL 1970-01-01 00:00:00 +0000 +++ INSTALL 2008-09-08 12:03:16 +0000 @@ -0,0 +1,73 @@ +-*- org -*- + +* Prerequisites + + Debian 5.0 "lenny" or Ubuntu 8.04 "Hardy Heron". + + The following libraries and packages are needed. (It is possible + that it might work with older versions of some of these, but these + versions are confirmed to work. Newer versions are almost certainly + OK.) + +** Documentation + These are required to build the manual pages for both the server + and client: + + + DocBook 4.5 http://www.docbook.org/ + + DocBook XSL stylesheets 1.71.0 + http://wiki.docbook.org/topic/DocBookXslStylesheets + +** Mandos Server + + GnuTLS 2.4 http://www.gnu.org/software/gnutls/ + + Avahi 0.6.16 http://www.avahi.org/ + + Python 2.4 http://www.python.org/ + + Python-GnuTLS 1.1.5 http://pypi.python.org/pypi/python-gnutls/ + + dbus-python 0.82.4 http://dbus.freedesktop.org/doc/dbus-python/ + + python-ctypes 1.0.0 http://pypi.python.org/pypi/ctypes + + Strongly recommended: + + fping 2.4b2-to-ipv6 http://www.fping.com/ + +** Mandos Client + + initramfs-tools 0.85i + http://packages.qa.debian.org/i/initramfs-tools.html + + GnuTLS 2.4 http://www.gnu.org/software/gnutls/ + + Avahi 0.6.16 http://www.avahi.org/ + + GnuPG 1.4.9 http://www.gnupg.org/ + + GPGME 1.1.6 http://www.gnupg.org/related_software/gpgme/ + +* Installing the Mandos server + + + Do "make doc". + + + On the computer to run as a Mandos server, run the following + command: "sudo make install-server". + + (This creates a configuration without any clients configured; we + need an actually configured client to do that; see below.) + +* Installing the Mandos client. + + + Do "make all doc". + + + On the computer to run as a Mandos server, run the following + command: "sudo make install-client". This will also create an + OpenPGP key, which will take some time and entropy, so either wait + patiently or frob your mouse until it's done. + + + Run "mandos-keygen --password". When prompted, enter the + password/passphrase for the encrypted root file system on this + client computer. It will output a section of text, starting with + a [section header]. Copy and paste this into the + "/etc/mandos/clients.conf" file *on the server computer*. + + + On the server computer, start the server by running the command + "invoke-rc.d mandos start". + +* Further customizations + + You may want to tighten or loosen the timeouts in the server + configuration files; see mandos.conf(5) and mandos-clients.conf(5). + Is IPsec is not used, it is suggested that a more cryptographically + secure checker program is used and configured, since without IPsec + ping packets can be faked. === modified file 'mandos-keygen' --- mandos-keygen 2008-09-06 15:34:21 +0000 +++ mandos-keygen 2008-09-08 12:03:16 +0000 @@ -35,6 +35,10 @@ KEYCOMMENT_ORIG="$KEYCOMMENT" mode=keygen +if [ ! -d "$KEYDIR" ]; then + KEYDIR="/etc/mandos/keys" +fi + # Parse options TEMP=`getopt --options vhd:t:l:n:e:c:x:f \ --longoptions version,help,password,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \