%common; ]> Mandos &version; &TIMESTAMP; Björn Påhlsson

belorn@recompile.se

Teddy Hogeborn

teddy@recompile.se

2010 2011 2012 2013 2014 2015 2016 Teddy Hogeborn Björn Påhlsson &COMMANDNAME; 8 &COMMANDNAME; Control or query the operation of the Mandos server &COMMANDNAME; --enable -e --disable -d --bump-timeout -b --start-checker --stop-checker --remove -r --checker COMMAND -c COMMAND --timeout TIME -t TIME --extended-timeout TIME --interval TIME -i TIME --approve-by-default --deny-by-default --approval-delay TIME --approval-duration TIME --interval TIME -i TIME --host STRING -H STRING --secret FILENAME -s FILENAME --approve -A --deny -D --all -a CLIENT &COMMANDNAME; --verbose -v --dump-json -j CLIENT &COMMANDNAME; --is-enabled -V CLIENT &COMMANDNAME; --help -h &COMMANDNAME; --version -v &COMMANDNAME; --check &COMMANDNAME; is a program to control or query the operation of the Mandos server mandos8. This program can be used to change client settings, approve or deny client requests, and to remove clients from the server. The purpose of this is to enable remote and unattended rebooting of client host computer with an encrypted root file system. See for details. --help -h Show a help message and exit --enable -e Enable client(s). An enabled client will be eligble to receive its secret. --disable -d Disable client(s). A disabled client will not be eligble to receive its secret, and no checkers will be started for it. --bump-timeout Bump the timeout of the specified client(s), just as if a checker had completed successfully for it/them. --start-checker Start a new checker now for the specified client(s). --stop-checker Stop any running checker for the specified client(s). --remove -r Remove the specified client(s) from the server. --checker COMMAND -c COMMAND Set the checker option of the specified client(s); see mandos-clients.conf5. --timeout TIME -t TIME Set the timeout option of the specified client(s); see mandos-clients.conf5. --extended-timeout TIME Set the extended_timeout option of the specified client(s); see mandos-clients.conf5. --interval TIME -i TIME Set the interval option of the specified client(s); see mandos-clients.conf5. --approve-by-default --deny-by-default Set the approved_by_default option of the specified client(s) to True or False, respectively; see mandos-clients.conf5. --approval-delay TIME Set the approval_delay option of the specified client(s); see mandos-clients.conf5. --approval-duration TIME Set the approval_duration option of the specified client(s); see mandos-clients.conf5. --host STRING -H STRING Set the host option of the specified client(s); see mandos-clients.conf5. --secret FILENAME -s FILENAME Set the secfile option of the specified client(s); see mandos-clients.conf5. --approve -A Approve client(s) if currently waiting for approval. --deny -D Deny client(s) if currently waiting for approval. --all -a Make the client-modifying options modify all clients. --verbose -v Show all client settings, not just a subset. --dump-json -j Dump client settings as JSON to standard output. --is-enabled -V Check if a single client is enabled or not, and exit with a successful exit status only if the client is enabled. --check Run self-tests. This includes any unit tests, etc. This program is a small utility to generate new OpenPGP keys for new Mandos clients, and to generate sections for inclusion in clients.conf on the server. If the --is-enabled option is used, the exit status will be 0 only if the specified client is enabled. To list all clients: &COMMANDNAME; To list all settings for the clients named foo1.example.org and foo2.example.org: &COMMANDNAME; --verbose foo1.example.org foo2.example.org To enable all clients: &COMMANDNAME; --enable --all To change timeout and interval value for the clients named foo1.example.org and foo2.example.org: &COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org To approve all clients currently waiting for it: &COMMANDNAME; --approve --all This program must be permitted to access the Mandos server via the D-Bus interface. This normally requires the root user, but could be configured otherwise by reconfiguring the D-Bus server. intro 8mandos, mandos 8, mandos-clients.conf 5, mandos-monitor 8