To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos.xml
- browse files at revision 110
- compare with another revision
- download diff
- download tarball
- view history from revision 110
- Committer: Teddy Hogeborn
- Date: 2008-08-29 05:53:59 UTC
- Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus
* mandos.xml (EXAMPLE): Replaced all occurences of command name with
"&COMMANDNAME;".
* plugins.d/password-prompt.c (main): Improved some documentation
strings. Do perror() of
tcgetattr() fails. Add debug
output if interrupted by signal.
Loop over write() instead of
using fwrite() when outputting
password. Add debug output if
getline() returns 0, unless it
was caused by a signal. Add
exit status code to debug
output.
* plugins.d/password-prompt.xml: Changed all single quotes to double
quotes for consistency. Removed
<?xml-stylesheet>.
(ENTITY TIMESTAMP): New. Automatically updated by Emacs time-stamp
by using Emacs local variables.
(/refentry/refentryinfo/title): Changed to "Mandos Manual".
(/refentry/refentryinfo/productname): Changed to "Mandos".
(/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
(/refentry/refentryinfo/copyright): Split copyright holders.
(/refentry/refnamediv/refpurpose): Improved wording.
(SYNOPSIS): Fix to use correct markup. Add short options.
(DESCRIPTION, OPTIONS): Improved wording.
(OPTIONS): Improved wording. Use more correct markup. Document
short options.
(EXIT STATUS): Add text.
(ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
(FILES): REMOVED.
(BUGS): Add text.
(EXAMPLE): Added some examples.
(SECURITY): Added text.
(SEE ALSO): Remove reference to mandos(8). Add reference to
crypttab(5).
"&COMMANDNAME;".
* plugins.d/password-prompt.c (main): Improved some documentation
strings. Do perror() of
tcgetattr() fails. Add debug
output if interrupted by signal.
Loop over write() instead of
using fwrite() when outputting
password. Add debug output if
getline() returns 0, unless it
was caused by a signal. Add
exit status code to debug
output.
* plugins.d/password-prompt.xml: Changed all single quotes to double
quotes for consistency. Removed
<?xml-stylesheet>.
(ENTITY TIMESTAMP): New. Automatically updated by Emacs time-stamp
by using Emacs local variables.
(/refentry/refentryinfo/title): Changed to "Mandos Manual".
(/refentry/refentryinfo/productname): Changed to "Mandos".
(/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
(/refentry/refentryinfo/copyright): Split copyright holders.
(/refentry/refnamediv/refpurpose): Improved wording.
(SYNOPSIS): Fix to use correct markup. Add short options.
(DESCRIPTION, OPTIONS): Improved wording.
(OPTIONS): Improved wording. Use more correct markup. Document
short options.
(EXIT STATUS): Add text.
(ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
(FILES): REMOVED.
(BUGS): Add text.
(EXAMPLE): Added some examples.
(SECURITY): Added text.
(SEE ALSO): Remove reference to mandos(8). Add reference to
crypttab(5).
- files added:
- .bzrignore
- files modified:
- Makefile
added
removed
mandos.xml
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY VERSION "1.0">
5
5
<!ENTITY COMMANDNAME "mandos">
6
<!ENTITY OVERVIEW SYSTEM "overview.xml">
7
6
]>
8
7
9
<refentry>
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
10
9
<refentryinfo>
11
10
<title>&COMMANDNAME;</title>
12
11
<!-- NWalsh’s docbook scripts use this to generate the footer: -->
73
72
<refsynopsisdiv>
74
73
<cmdsynopsis>
75
74
<command>&COMMANDNAME;</command>
76
<arg choice="opt">--interface<arg choice="plain">IF</arg></arg>
77
<arg choice="opt">--address<arg choice="plain">ADDRESS</arg></arg>
78
<arg choice="opt">--port<arg choice="plain">PORT</arg></arg>
79
<arg choice="opt">--priority<arg choice="plain">PRIORITY</arg></arg>
80
<arg choice="opt">--servicename<arg choice="plain">NAME</arg></arg>
81
<arg choice="opt">--configdir<arg choice="plain">DIRECTORY</arg></arg>
82
<arg choice="opt">--debug</arg>
83
</cmdsynopsis>
84
<cmdsynopsis>
85
<command>&COMMANDNAME;</command>
86
<arg choice="opt">-i<arg choice="plain">IF</arg></arg>
87
<arg choice="opt">-a<arg choice="plain">ADDRESS</arg></arg>
88
<arg choice="opt">-p<arg choice="plain">PORT</arg></arg>
89
<arg choice="opt">--priority<arg choice="plain">PRIORITY</arg></arg>
90
<arg choice="opt">--servicename<arg choice="plain">NAME</arg></arg>
91
<arg choice="opt">--configdir<arg choice="plain">DIRECTORY</arg></arg>
92
<arg choice="opt">--debug</arg>
93
</cmdsynopsis>
94
<cmdsynopsis>
95
<command>&COMMANDNAME;</command>
96
<arg choice="plain">--help</arg>
75
<arg>--interface<arg choice="plain">NAME</arg></arg>
76
<arg>--address<arg choice="plain">ADDRESS</arg></arg>
77
<arg>--port<arg choice="plain">PORT</arg></arg>
78
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
79
<arg>--servicename<arg choice="plain">NAME</arg></arg>
80
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
81
<arg>--debug</arg>
82
</cmdsynopsis>
83
<cmdsynopsis>
84
<command>&COMMANDNAME;</command>
85
<arg>-i<arg choice="plain">NAME</arg></arg>
86
<arg>-a<arg choice="plain">ADDRESS</arg></arg>
87
<arg>-p<arg choice="plain">PORT</arg></arg>
88
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
89
<arg>--servicename<arg choice="plain">NAME</arg></arg>
90
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
91
<arg>--debug</arg>
92
</cmdsynopsis>
93
<cmdsynopsis>
94
<command>&COMMANDNAME;</command>
95
<group choice="req">
96
<arg choice="plain">-h</arg>
97
<arg choice="plain">--help</arg>
98
</group>
97
99
</cmdsynopsis>
98
100
<cmdsynopsis>
99
101
<command>&COMMANDNAME;</command>
148
150
</varlistentry>
149
151
150
152
<varlistentry>
151
<term><literal>-i</literal>, <literal>--interface <replaceable>
152
IF</replaceable></literal></term>
153
<term><literal>-i</literal>, <literal>--interface <replaceable
154
>NAME</replaceable></literal></term>
153
155
<listitem>
154
<para>
155
Only announce the server and listen to requests on network
156
interface <replaceable>IF</replaceable>. Default is to
157
use all available interfaces.
158
</para>
156
<xi:include href="mandos-options.xml" xpointer="interface"/>
159
157
</listitem>
160
158
</varlistentry>
161
159
163
161
<term><literal>-a</literal>, <literal>--address <replaceable>
164
162
ADDRESS</replaceable></literal></term>
165
163
<listitem>
166
<para>
167
If this option is used, the server will only listen to a
168
specific address. This must currently be an IPv6 address;
169
an IPv4 address can be specified using the
170
<quote><literal>::FFFF:192.0.2.3</literal></quote> syntax.
171
Also, if a link-local address is specified, an interface
172
should be set, since a link-local address is only valid on
173
a single interface. By default, the server will listen to
174
all available addresses.
175
</para>
164
<xi:include href="mandos-options.xml" xpointer="address"/>
176
165
</listitem>
177
166
</varlistentry>
178
167
180
169
<term><literal>-p</literal>, <literal>--port <replaceable>
181
170
PORT</replaceable></literal></term>
182
171
<listitem>
183
<para>
184
If this option is used, the server to bind to that
185
port. By default, the server will listen to an arbitrary
186
port given by the operating system.
187
</para>
172
<xi:include href="mandos-options.xml" xpointer="port"/>
188
173
</listitem>
189
174
</varlistentry>
190
175
201
186
<varlistentry>
202
187
<term><literal>--debug</literal></term>
203
188
<listitem>
204
<para>
205
If the server is run in debug mode, it will run in the
206
foreground and print a lot of debugging information. The
207
default is <emphasis>not</emphasis> to run in debug mode.
208
</para>
189
<xi:include href="mandos-options.xml" xpointer="debug"/>
209
190
</listitem>
210
191
</varlistentry>
211
192
213
194
<term><literal>--priority <replaceable>
214
195
PRIORITY</replaceable></literal></term>
215
196
<listitem>
216
<para>
217
GnuTLS priority string for the TLS handshake with the
218
clients. The default is
219
<quote><literal>SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP</literal></quote>.
220
See <citerefentry><refentrytitle>gnutls_priority_init
221
</refentrytitle><manvolnum>3</manvolnum></citerefentry>
222
for the syntax. <emphasis>Warning</emphasis>: changing
223
this may make the TLS handshake fail, making communication
224
with clients impossible.
225
</para>
197
<xi:include href="mandos-options.xml" xpointer="priority"/>
226
198
</listitem>
227
199
</varlistentry>
228
200
230
202
<term><literal>--servicename <replaceable>NAME</replaceable>
231
203
</literal></term>
232
204
<listitem>
233
<para>
234
Zeroconf service name. The default is
235
<quote><literal>Mandos</literal></quote>. You only need
236
to change this if you for some reason want to run more
237
than one server on the same <emphasis>host</emphasis>,
238
which would not normally be useful. If there are name
239
collisions on the same <emphasis>network</emphasis>, the
240
newer server will automatically rename itself to
241
<quote><literal>Mandos #2</literal></quote>, and so on;
242
therefore, this option is not needed in that case.
243
</para>
205
<xi:include href="mandos-options.xml"
206
xpointer="servicename"/>
244
207
</listitem>
245
208
</varlistentry>
246
209
272
235
273
236
<refsect1 id="overview">
274
237
<title>OVERVIEW</title>
275
&OVERVIEW;
238
<xi:include href="overview.xml"/>
276
239
<para>
277
240
This program is the server part. It is a normal server program
278
241
and will run in a normal system environment, not in an initial
311
274
<entry>-><!-- → --></entry>
312
275
</row>
313
276
<row>
314
<entry><quote><literal>1\r\en</literal></quote></entry>
277
<entry><quote><literal>1\r\n</literal></quote></entry>
315
278
<entry>-><!-- → --></entry>
316
279
</row>
317
280
<row>
347
310
longer eligible to receive the encrypted password. The timeout,
348
311
checker program, and interval between checks can be configured
349
312
both globally and per client; see <citerefentry>
350
<refentrytitle>mandos.conf</refentrytitle>
351
<manvolnum>5</manvolnum></citerefentry> and <citerefentry>
352
313
<refentrytitle>mandos-clients.conf</refentrytitle>
353
314
<manvolnum>5</manvolnum></citerefentry>.
354
315
</para>
357
318
<refsect1 id="logging">
358
319
<title>LOGGING</title>
359
320
<para>
360
The server will send log messaged with various severity levels
361
to <filename>/dev/log</filename>. With the
321
The server will send log message with various severity levels to
322
<filename>/dev/log</filename>. With the
362
323
<option>--debug</option> option, it will log even more messages,
363
324
and also show them on the console.
364
325
</para>
372
333
</para>
373
334
</refsect1>
374
335
336
<refsect1 id="environment">
337
<title>ENVIRONMENT</title>
338
<variablelist>
339
<varlistentry>
340
<term><varname>PATH</varname></term>
341
<listitem>
342
<para>
343
To start the configured checker (see <xref
344
linkend="checking"/>), the server uses
345
<filename>/bin/sh</filename>, which in turn uses
346
<varname>PATH</varname> to search for matching commands if
347
an absolute path is not given. See <citerefentry>
348
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
349
</citerefentry>.
350
</para>
351
</listitem>
352
</varlistentry>
353
</variablelist>
354
</refsect1>
355
375
356
<refsect1 id="file">
376
357
<title>FILES</title>
377
358
<para>
418
399
</para>
419
400
</listitem>
420
401
</varlistentry>
402
<varlistentry>
403
<term><filename>/bin/sh</filename></term>
404
<listitem>
405
<para>
406
This is used to start the configured checker command for
407
each client. See <citerefentry>
408
<refentrytitle>mandos-clients.conf</refentrytitle>
409
<manvolnum>5</manvolnum></citerefentry> for details.
410
</para>
411
</listitem>
412
</varlistentry>
421
413
</variablelist>
422
414
</refsect1>
423
415
424
416
<refsect1 id="bugs">
425
417
<title>BUGS</title>
426
418
<para>
427
419
This server might, on especially fatal errors, emit a Python
428
420
backtrace. This could be considered a feature.
429
421
</para>
422
<para>
423
Currently, if a client is declared <quote>invalid</quote> due to
424
having timed out, the server does not record this fact onto
425
permanent storage. This has some security implications, see
426
<xref linkend="CLIENTS"/>.
427
</para>
428
<para>
429
There is currently no way of querying the server of the current
430
status of clients, other than analyzing its <systemitem
431
class="service">syslog</systemitem> output.
432
</para>
433
<para>
434
There is no fine-grained control over logging and debug output.
435
</para>
436
<para>
437
Debug mode is conflated with running in the foreground.
438
</para>
439
<para>
440
The console log messages does not show a timestamp.
441
</para>
430
442
</refsect1>
431
432
<refsect1 id="examples">
433
<title>EXAMPLES</title>
443
444
<refsect1 id="example">
445
<title>EXAMPLE</title>
434
446
<informalexample>
435
447
<para>
436
448
Normal invocation needs no options:
437
449
</para>
438
450
<para>
439
<userinput>mandos</userinput>
451
<userinput>&COMMANDNAME;</userinput>
440
452
</para>
441
453
</informalexample>
442
454
<informalexample>
449
461
<para>
450
462
451
463
<!-- do not wrap this line -->
452
<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>
464
<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>
453
465
454
466
</para>
455
467
</informalexample>
461
473
<para>
462
474
463
475
<!-- do not wrap this line -->
464
<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>
476
<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>
465
477
466
478
</para>
467
479
</informalexample>
469
481
470
482
<refsect1 id="security">
471
483
<title>SECURITY</title>
472
<refsect2>
484
<refsect2 id="SERVER">
473
485
<title>SERVER</title>
474
486
<para>
475
Running this &COMMANDNAME; server program should not in itself
476
present any security risk to the host computer running it.
477
The program does not need any special privileges to run, and
478
is designed to run as a non-root user.
487
Running this <command>&COMMANDNAME;</command> server program
488
should not in itself present any security risk to the host
489
computer running it. The program does not need any special
490
privileges to run, and is designed to run as a non-root user.
479
491
</para>
480
492
</refsect2>
481
<refsect2>
493
<refsect2 id="CLIENTS">
482
494
<title>CLIENTS</title>
483
495
<para>
484
496
The server only gives out its stored data to clients which
499
511
compromised if they are gone for too long.
500
512
</para>
501
513
<para>
514
If a client is compromised, its downtime should be duly noted
515
by the server which would therefore declare the client
516
invalid. But if the server was ever restarted, it would
517
re-read its client list from its configuration file and again
518
regard all clients therein as valid, and hence eligible to
519
receive their passwords. Therefore, be careful when
520
restarting servers if it is suspected that a client has, in
521
fact, been compromised by parties who may now be running a
522
fake Mandos client with the keys from the non-encrypted
523
initial RAM image of the client host. What should be done in
524
that case (if restarting the server program really is
525
necessary) is to stop the server program, edit the
526
configuration file to omit any suspect clients, and restart
527
the server program.
528
</para>
529
<para>
502
530
For more details on client-side security, see
503
531
<citerefentry><refentrytitle>password-request</refentrytitle>
504
532
<manvolnum>8mandos</manvolnum></citerefentry>.
508
536
509
537
<refsect1 id="see_also">
510
538
<title>SEE ALSO</title>
539
<para>
540
<citerefentry>
541
<refentrytitle>mandos.conf</refentrytitle>
542
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
543
<refentrytitle>mandos-clients.conf</refentrytitle>
544
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
545
<refentrytitle>password-request</refentrytitle>
546
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
547
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
548
</citerefentry>
549
</para>
511
550
<variablelist>
512
551
<varlistentry>
513
552
<term>
514
<citerefentry>
515
<refentrytitle>password-request</refentrytitle>
516
<manvolnum>8mandos</manvolnum>
517
</citerefentry>
518
</term>
519
<listitem>
520
<para>
521
This is the actual program which talks to this server.
522
Note that it is normally not invoked directly, and is only
523
run in the initial RAM disk environment, and not on a
524
fully started system.
525
</para>
526
</listitem>
527
</varlistentry>
528
<varlistentry>
529
<term>
530
553
<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>
531
554
</term>
532
555
<listitem>
549
572
</varlistentry>
550
573
<varlistentry>
551
574
<term>
552
<ulink
553
url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>
575
<ulink url="http://www.gnu.org/software/gnutls/"
576
>GnuTLS</ulink>
554
577
</term>
555
578
<listitem>
556
579
<para>
562
585
</varlistentry>
563
586
<varlistentry>
564
587
<term>
565
<citation>RFC 4291: <citetitle>IP Version 6 Addressing
566
Architecture</citetitle>, section 2.5.6, Link-Local IPv6
567
Unicast Addresses</citation>
588
RFC 4291: <citetitle>IP Version 6 Addressing
589
Architecture</citetitle>
568
590
</term>
569
591
<listitem>
570
<para>
571
The clients use IPv6 link-local addresses, which are
572
immediately usable since a link-local addresses is
573
automatically assigned to a network interfaces when it is
574
brought up.
575
</para>
592
<variablelist>
593
<varlistentry>
594
<term>Section 2.2: <citetitle>Text Representation of
595
Addresses</citetitle></term>
596
<listitem><para/></listitem>
597
</varlistentry>
598
<varlistentry>
599
<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6
600
Address</citetitle></term>
601
<listitem><para/></listitem>
602
</varlistentry>
603
<varlistentry>
604
<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast
605
Addresses</citetitle></term>
606
<listitem>
607
<para>
608
The clients use IPv6 link-local addresses, which are
609
immediately usable since a link-local addresses is
610
automatically assigned to a network interfaces when it
611
is brought up.
612
</para>
613
</listitem>
614
</varlistentry>
615
</variablelist>
576
616
</listitem>
577
617
</varlistentry>
578
618
<varlistentry>
579
619
<term>
580
<citation>RFC 4346: <citetitle>The Transport Layer Security
581
(TLS) Protocol Version 1.1</citetitle></citation>
620
RFC 4346: <citetitle>The Transport Layer Security (TLS)
621
Protocol Version 1.1</citetitle>
582
622
</term>
583
623
<listitem>
584
624
<para>
588
628
</varlistentry>
589
629
<varlistentry>
590
630
<term>
591
<citation>RFC 4880: <citetitle>OpenPGP Message
592
Format</citetitle></citation>
631
RFC 4880: <citetitle>OpenPGP Message Format</citetitle>
593
632
</term>
594
633
<listitem>
595
634
<para>
599
638
</varlistentry>
600
639
<varlistentry>
601
640
<term>
602
<citation>RFC 5081: <citetitle>Using OpenPGP Keys for
603
Transport Layer Security</citetitle></citation>
641
RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
642
Security</citetitle>
604
643
</term>
605
644
<listitem>
606
645
<para>
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0