/mandos/release : revision 123

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-31 08:47:38 UTC
Revision ID: teddy@fukt.bsnet.se-20080831084738-uu70kayyt876982d

* mandos-keygen: Minor help text change.

* mandos-keygen.xml: Changed plural "keys" to singular "key"
                     throughout.
  (NAME): Improved wording.
  (DESCRIPTION): Improved wording.
  (OPTIONS): Split options in <term> tags into separate <term> tags.
             Use <option> tags.  Move long options before short
             options.  Uppercase replaceables.
  (OVERVIEW): Improved wording.
  (EXIT STATUS): Also cover --password option.
  (EXAMPLE): Add two examples using the --password option.
  (SECURITY): Improved wording.

* overview.xml: Improved wording.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2009-09-10">

<!ENTITY % common SYSTEM "common.ent">

%common;

<!ENTITY TIMESTAMP "2008-08-31">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

105

<replaceable>DIRECTORY</replaceable></option></arg>

106

<sbr/>

107

<arg><option>--debug</option></arg>

<sbr/>

<sbr/>

108

</cmdsynopsis>

109

110

<command>&COMMANDNAME;</command>

106

122

<arg choice="plain"><option>--check</option></arg>

107

123

</cmdsynopsis>

108

124

</refsynopsisdiv>

109

125

110

126

111

127

<title>DESCRIPTION</title>

112

128

<para>

121

137

Any authenticated client is then given the stored pre-encrypted

122

138

password for that specific client.

123

139

</para>

140

124

141

</refsect1>

125

142

126

143

127

144

<title>PURPOSE</title>

145

128

146

<para>

129

147

The purpose of this is to enable <emphasis>remote and unattended

130

148

rebooting</emphasis> of client host computer with an

131

149

<emphasis>encrypted root file system</emphasis>. See <xref

132

150

linkend="overview"/> for details.

133

151

</para>

152

134

153

</refsect1>

135

154

136

155

137

156

<title>OPTIONS</title>

157

138

158

139

159

160

140

161

141

142

162

143

163

<para>

144

164

Show a help message and exit

145

165

</para>

146

166

</listitem>

147

167

</varlistentry>

148

168

149

169

170

171

150

172

<term><option>--interface</option>

151

173

152

153

154

174

155

175

<xi:include href="mandos-options.xml" xpointer="interface"/>

156

176

</listitem>

157

177

</varlistentry>

158

178

159

179

160

<term><option>--address

161

<replaceable>ADDRESS</replaceable></option></term>

162

<term><option>-a

163

<replaceable>ADDRESS</replaceable></option></term>

180

<term><literal>-a</literal>, <literal>--address <replaceable>

181

ADDRESS</replaceable></literal></term>

164

182

165

183

<xi:include href="mandos-options.xml" xpointer="address"/>

166

184

</listitem>

167

185

</varlistentry>

168

186

169

187

170

<term><option>--port

171

172

<term><option>-p

173

188

189

PORT</replaceable></literal></term>

174

190

175

191

<xi:include href="mandos-options.xml" xpointer="port"/>

176

192

</listitem>

177

193

</varlistentry>

178

194

179

195

180

<term><option>--check</option></term>

196

<term><literal>--check</literal></term>

181

197

182

198

<para>

183

199

Run the server’s self-tests. This includes any unit

185

201

</para>

186

202

</listitem>

187

203

</varlistentry>

188

204

189

205

190

<term><option>--debug</option></term>

206

<term><literal>--debug</literal></term>

191

207

192

208

<xi:include href="mandos-options.xml" xpointer="debug"/>

193

209

</listitem>

194

210

</varlistentry>

195

211

196

212

197

<term><option>--priority <replaceable>

198

PRIORITY</replaceable></option></term>

213

<term><literal>--priority <replaceable>

214

PRIORITY</replaceable></literal></term>

199

215

200

216

<xi:include href="mandos-options.xml" xpointer="priority"/>

201

217

</listitem>

202

218

</varlistentry>

203

219

204

220

205

<term><option>--servicename

206

221

<term><literal>--servicename <replaceable>NAME</replaceable>

222

</literal></term>

207

223

208

224

<xi:include href="mandos-options.xml"

209

225

xpointer="servicename"/>

210

226

</listitem>

211

227

</varlistentry>

212

228

213

229

214

<term><option>--configdir

215

<replaceable>DIRECTORY</replaceable></option></term>

230

<term><literal>--configdir <replaceable>DIR</replaceable>

231

</literal></term>

216

232

217

233

<para>

218

234

Directory to search for configuration files. Default is

224

240

</para>

225

241

</listitem>

226

242

</varlistentry>

227

243

228

244

229

<term><option>--version</option></term>

245

<term><literal>--version</literal></term>

230

246

231

247

<para>

232

248

Prints the program version and exit.

233

249

</para>

234

250

</listitem>

235

251

</varlistentry>

236

237

238

239

240

<xi:include href="mandos-options.xml" xpointer="dbus"/>

241

<para>

242

See also <xref linkend="dbus_interface"/>.

243

</para>

244

</listitem>

245

</varlistentry>

246

247

248

249

250

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

251

</listitem>

252

</varlistentry>

253

252

</variablelist>

254

253

</refsect1>

255

254

256

255

257

256

<title>OVERVIEW</title>

258

257

<xi:include href="overview.xml"/>

259

258

<para>

260

259

This program is the server part. It is a normal server program

261

260

and will run in a normal system environment, not in an initial

262

<acronym>RAM</acronym> disk environment.

261

RAM disk environment.

263

262

</para>

264

263

</refsect1>

265

264

266

265

267

266

<title>NETWORK PROTOCOL</title>

268

267

<para>

320

319

</row>

321

320

</tbody></tgroup></table>

322

321

</refsect1>

323

322

324

323

325

324

<title>CHECKING</title>

326

325

<para>

327

326

The server will, by default, continually check that the clients

328

327

are still up. If a client has not been confirmed as being up

329

328

for some time, the client is assumed to be compromised and is no

330

longer eligible to receive the encrypted password. (Manual

331

intervention is required to re-enable a client.) The timeout,

329

longer eligible to receive the encrypted password. The timeout,

332

330

checker program, and interval between checks can be configured

333

331

both globally and per client; see <citerefentry>

334

332

<refentrytitle>mandos-clients.conf</refentrytitle>

335

333

<manvolnum>5</manvolnum></citerefentry>.

336

334

</para>

337

335

</refsect1>

338

336

339

337

340

338

<title>LOGGING</title>

341

339

<para>

345

343

and also show them on the console.

346

344

</para>

347

345

</refsect1>

348

349

350

<title>D-BUS INTERFACE</title>

351

<para>

352

The server will by default provide a D-Bus system bus interface.

353

This interface will only be accessible by the root user or a

354

Mandos-specific user, if such a user exists.

355

356

</para>

357

</refsect1>

358

346

359

347

360

348

<title>EXIT STATUS</title>

361

349

<para>

363

351

critical error is encountered.

364

352

</para>

365

353

</refsect1>

366

354

367

355

368

356

<title>ENVIRONMENT</title>

369

357

383

371

</varlistentry>

384

372

</variablelist>

385

373

</refsect1>

386

387

374

375

388

376

<title>FILES</title>

389

377

<para>

390

378

Use the <option>--configdir</option> option to change where

413

401

</listitem>

414

402

</varlistentry>

415

403

416

<term><filename>/var/run/mandos.pid</filename></term>

404

<term><filename>/var/run/mandos/mandos.pid</filename></term>

417

405

418

406

<para>

419

407

The file containing the process id of

454

442

Currently, if a client is declared <quote>invalid</quote> due to

455

443

having timed out, the server does not record this fact onto

456

444

permanent storage. This has some security implications, see

457

<xref linkend="clients"/>.

445

<xref linkend="CLIENTS"/>.

458

446

</para>

459

447

<para>

460

448

There is currently no way of querying the server of the current

468

456

Debug mode is conflated with running in the foreground.

469

457

</para>

470

458

<para>

471

The console log messages do not show a time stamp.

472

</para>

473

<para>

474

This server does not check the expire time of clients’ OpenPGP

475

keys.

459

The console log messages does not show a timestamp.

476

460

</para>

477

461

</refsect1>

478

462

513

497

</para>

514

498

</informalexample>

515

499

</refsect1>

516

500

517

501

518

502

<title>SECURITY</title>

519

503

520

504

<title>SERVER</title>

521

505

<para>

522

506

Running this <command>&COMMANDNAME;</command> server program

523

507

should not in itself present any security risk to the host

524

computer running it. The program switches to a non-root user

525

soon after startup.

508

computer running it. The program does not need any special

509

privileges to run, and is designed to run as a non-root user.

526

510

</para>

527

511

</refsect2>

528

512

529

513

<title>CLIENTS</title>

530

514

<para>

531

515

The server only gives out its stored data to clients which

538

522

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

539

523

<manvolnum>5</manvolnum></citerefentry>)

540

524

<emphasis>must</emphasis> be made non-readable by anyone

541

except the user starting the server (usually root).

525

except the user running the server.

542

526

</para>

543

527

<para>

544

528

As detailed in <xref linkend="checking"/>, the status of all

555

539

restarting servers if it is suspected that a client has, in

556

540

fact, been compromised by parties who may now be running a

557

541

fake Mandos client with the keys from the non-encrypted

558

initial <acronym>RAM</acronym> image of the client host. What

559

should be done in that case (if restarting the server program

560

really is necessary) is to stop the server program, edit the

542

initial RAM image of the client host. What should be done in

543

that case (if restarting the server program really is

544

necessary) is to stop the server program, edit the

561

545

configuration file to omit any suspect clients, and restart

562

546

the server program.

563

547

</para>

564

548

<para>

565

549

For more details on client-side security, see

566

<citerefentry><refentrytitle>mandos-client</refentrytitle>

550

<citerefentry><refentrytitle>password-request</refentrytitle>

567

551

<manvolnum>8mandos</manvolnum></citerefentry>.

568

552

</para>

569

553

</refsect2>

570

554

</refsect1>

571

555

572

556

573

557

574

558

<para>

577

561

578

562

<refentrytitle>mandos.conf</refentrytitle>

579

563

580

<refentrytitle>mandos-client</refentrytitle>

564

<refentrytitle>password-request</refentrytitle>

581

565

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

582

566

583

567

</citerefentry>

Older »