/mandos/release : revision 13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

Committer: Björn Påhlsson
Date: 2008-07-20 02:52:20 UTC
Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6

Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

overview.xml

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/mandos-client.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

mandos-ctl.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-ctl">

<!ENTITY TIMESTAMP "2016-06-27">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

</refmeta>

<refname><command>&COMMANDNAME;</command></refname>

Control or query the operation of the Mandos server

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--enable</option></arg>

<sbr/>

<arg choice="plain"><option>--disable</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--bump-timeout</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--start-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--stop-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--remove</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--checker

<replaceable>COMMAND</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>COMMAND</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--timeout

<arg choice="plain"><option>-t

100

101

</group>

102

<sbr/>

103

<group>

104

<arg choice="plain"><option>--extended-timeout

105

106

</group>

107

<sbr/>

108

<group>

109

<arg choice="plain"><option>--interval

110

111

<arg choice="plain"><option>-i

112

113

</group>

114

<sbr/>

115

<group>

116

<arg choice="plain"><option>--approve-by-default</option

117

></arg>

118

<sbr/>

119

<arg choice="plain"><option>--deny-by-default</option></arg>

120

</group>

121

<sbr/>

122

<group>

123

<arg choice="plain"><option>--approval-delay

124

125

</group>

126

<sbr/>

127

<group>

128

<arg choice="plain"><option>--approval-duration

129

130

</group>

131

<sbr/>

132

<group>

133

<arg choice="plain"><option>--interval

134

135

<arg choice="plain"><option>-i

136

137

</group>

138

<sbr/>

139

<group>

140

<arg choice="plain"><option>--host

141

<replaceable>STRING</replaceable></option></arg>

142

<arg choice="plain"><option>-H

143

<replaceable>STRING</replaceable></option></arg>

144

</group>

145

<sbr/>

146

<group>

147

<arg choice="plain"><option>--secret

148

<replaceable>FILENAME</replaceable></option></arg>

149

<arg choice="plain"><option>-s

150

<replaceable>FILENAME</replaceable></option></arg>

151

</group>

152

<sbr/>

153

<group>

154

<arg choice="plain"><option>--approve</option></arg>

155

156

<sbr/>

157

158

159

</group>

160

</group>

161

<sbr/>

162

163

164

165

166

<replaceable>CLIENT</replaceable>

167

</arg>

168

</group>

169

</cmdsynopsis>

170

171

<command>&COMMANDNAME;</command>

172

<group>

173

<arg choice="plain"><option>--verbose</option></arg>

174

175

<sbr/>

176

177

178

</group>

179

<group>

180

181

<replaceable>CLIENT</replaceable>

182

</arg>

183

</group>

184

</cmdsynopsis>

185

186

<command>&COMMANDNAME;</command>

187

188

<arg choice="plain"><option>--is-enabled</option></arg>

189

190

</group>

191

<arg choice='plain'><replaceable>CLIENT</replaceable></arg>

192

</cmdsynopsis>

193

194

<command>&COMMANDNAME;</command>

195

196

197

198

</group>

199

</cmdsynopsis>

200

201

<command>&COMMANDNAME;</command>

202

203

<arg choice="plain"><option>--version</option></arg>

204

205

</group>

206

</cmdsynopsis>

207

208

<command>&COMMANDNAME;</command>

209

<arg choice="plain"><option>--check</option></arg>

210

</cmdsynopsis>

211

</refsynopsisdiv>

212

213

214

<title>DESCRIPTION</title>

215

<para>

216

<command>&COMMANDNAME;</command> is a program to control or

217

query the operation of the Mandos server

218

<citerefentry><refentrytitle>mandos</refentrytitle><manvolnum

219

>8</manvolnum></citerefentry>.

220

</para>

221

<para>

222

This program can be used to change client settings, approve or

223

deny client requests, and to remove clients from the server.

224

</para>

225

</refsect1>

226

227

228

<title>PURPOSE</title>

229

<para>

230

The purpose of this is to enable <emphasis>remote and unattended

231

rebooting</emphasis> of client host computer with an

232

<emphasis>encrypted root file system</emphasis>. See <xref

233

linkend="overview"/> for details.

234

</para>

235

</refsect1>

236

237

238

<title>OPTIONS</title>

239

240

241

242

243

244

245

<para>

246

Show a help message and exit

247

</para>

248

</listitem>

249

</varlistentry>

250

251

252

<term><option>--enable</option></term>

253

254

255

<para>

256

Enable client(s). An enabled client will be eligble to

257

receive its secret.

258

</para>

259

</listitem>

260

</varlistentry>

261

262

263

<term><option>--disable</option></term>

264

265

266

<para>

267

Disable client(s). A disabled client will not be eligble

268

to receive its secret, and no checkers will be started for

269

it.

270

</para>

271

</listitem>

272

</varlistentry>

273

274

275

<term><option>--bump-timeout</option></term>

276

277

<para>

278

Bump the timeout of the specified client(s), just as if a

279

checker had completed successfully for it/them.

280

</para>

281

</listitem>

282

</varlistentry>

283

284

285

<term><option>--start-checker</option></term>

286

287

<para>

288

Start a new checker now for the specified client(s).

289

</para>

290

</listitem>

291

</varlistentry>

292

293

294

<term><option>--stop-checker</option></term>

295

296

<para>

297

Stop any running checker for the specified client(s).

298

</para>

299

</listitem>

300

</varlistentry>

301

302

303

<term><option>--remove</option></term>

304

305

306

<para>

307

Remove the specified client(s) from the server.

308

</para>

309

</listitem>

310

</varlistentry>

311

312

313

<term><option>--checker

314

<replaceable>COMMAND</replaceable></option></term>

315

<term><option>-c

316

<replaceable>COMMAND</replaceable></option></term>

317

318

<para>

319

Set the <varname>checker</varname> option of the specified

320

client(s); see <citerefentry><refentrytitle

321

>mandos-clients.conf</refentrytitle><manvolnum

322

>5</manvolnum></citerefentry>.

323

</para>

324

</listitem>

325

</varlistentry>

326

327

328

<term><option>--timeout

329

330

<term><option>-t

331

332

333

<para>

334

Set the <varname>timeout</varname> option of the specified

335

client(s); see <citerefentry><refentrytitle

336

>mandos-clients.conf</refentrytitle><manvolnum

337

>5</manvolnum></citerefentry>.

338

</para>

339

</listitem>

340

</varlistentry>

341

342

343

<term><option>--extended-timeout

344

345

346

<para>

347

Set the <varname>extended_timeout</varname> option of the

348

specified client(s); see <citerefentry><refentrytitle

349

>mandos-clients.conf</refentrytitle><manvolnum

350

>5</manvolnum></citerefentry>.

351

</para>

352

</listitem>

353

</varlistentry>

354

355

356

<term><option>--interval

357

358

<term><option>-i

359

360

361

<para>

362

Set the <varname>interval</varname> option of the

363

specified client(s); see <citerefentry><refentrytitle

364

>mandos-clients.conf</refentrytitle><manvolnum

365

>5</manvolnum></citerefentry>.

366

</para>

367

</listitem>

368

</varlistentry>

369

370

371

<term><option>--approve-by-default</option></term>

372

<term><option>--deny-by-default</option></term>

373

374

<para>

375

Set the <varname>approved_by_default</varname> option of

376

the specified client(s) to <literal>True</literal> or

377

<literal>False</literal>, respectively; see

378

<citerefentry><refentrytitle

379

>mandos-clients.conf</refentrytitle><manvolnum

380

>5</manvolnum></citerefentry>.

381

</para>

382

</listitem>

383

</varlistentry>

384

385

386

<term><option>--approval-delay

387

388

389

<para>

390

Set the <varname>approval_delay</varname> option of the

391

specified client(s); see <citerefentry><refentrytitle

392

>mandos-clients.conf</refentrytitle><manvolnum

393

>5</manvolnum></citerefentry>.

394

</para>

395

</listitem>

396

</varlistentry>

397

398

399

<term><option>--approval-duration

400

401

402

<para>

403

Set the <varname>approval_duration</varname> option of the

404

specified client(s); see <citerefentry><refentrytitle

405

>mandos-clients.conf</refentrytitle><manvolnum

406

>5</manvolnum></citerefentry>.

407

</para>

408

</listitem>

409

</varlistentry>

410

411

412

<term><option>--host

413

<replaceable>STRING</replaceable></option></term>

414

<term><option>-H

415

<replaceable>STRING</replaceable></option></term>

416

417

<para>

418

Set the <varname>host</varname> option of the specified

419

client(s); see <citerefentry><refentrytitle

420

>mandos-clients.conf</refentrytitle><manvolnum

421

>5</manvolnum></citerefentry>.

422

</para>

423

</listitem>

424

</varlistentry>

425

426

427

<term><option>--secret

428

<replaceable>FILENAME</replaceable></option></term>

429

<term><option>-s

430

<replaceable>FILENAME</replaceable></option></term>

431

432

<para>

433

Set the <varname>secfile</varname> option of the specified

434

client(s); see <citerefentry><refentrytitle

435

>mandos-clients.conf</refentrytitle><manvolnum

436

>5</manvolnum></citerefentry>.

437

</para>

438

</listitem>

439

</varlistentry>

440

441

442

<term><option>--approve</option></term>

443

444

445

<para>

446

Approve client(s) if currently waiting for approval.

447

</para>

448

</listitem>

449

</varlistentry>

450

451

452

453

454

455

<para>

456

Deny client(s) if currently waiting for approval.

457

</para>

458

</listitem>

459

</varlistentry>

460

461

462

463

464

465

<para>

466

Make the client-modifying options modify <emphasis

467

>all</emphasis> clients.

468

</para>

469

</listitem>

470

</varlistentry>

471

472

473

<term><option>--verbose</option></term>

474

475

476

<para>

477

Show all client settings, not just a subset.

478

</para>

479

</listitem>

480

</varlistentry>

481

482

483

484

485

486

<para>

487

Dump client settings as JSON to standard output.

488

</para>

489

</listitem>

490

</varlistentry>

491

492

493

<term><option>--is-enabled</option></term>

494

495

496

<para>

497

Check if a single client is enabled or not, and exit with

498

a successful exit status only if the client is enabled.

499

</para>

500

</listitem>

501

</varlistentry>

502

503

504

<term><option>--check</option></term>

505

506

<para>

507

Run self-tests. This includes any unit tests, etc.

508

</para>

509

</listitem>

510

</varlistentry>

511

512

</variablelist>

513

</refsect1>

514

515

516

<title>OVERVIEW</title>

517

<xi:include href="overview.xml"/>

518

<para>

519

This program is a small utility to generate new OpenPGP keys for

520

new Mandos clients, and to generate sections for inclusion in

521

<filename>clients.conf</filename> on the server.

522

</para>

523

</refsect1>

524

525

526

<title>EXIT STATUS</title>

527

<para>

528

If the <option>--is-enabled</option> option is used, the exit

529

status will be 0 only if the specified client is enabled.

530

</para>

531

</refsect1>

532

533

534

535

<xi:include href="bugs.xml"/>

536

</refsect1>

537

538

539

<title>EXAMPLE</title>

540

541

<para>

542

To list all clients:

543

</para>

544

<para>

545

<userinput>&COMMANDNAME;</userinput>

546

</para>

547

</informalexample>

548

549

550

<para>

551

To list <emphasis>all</emphasis> settings for the clients

552

named <quote>foo1.example.org</quote> and <quote

553

>foo2.example.org</quote>:

554

</para>

555

<para>

556

557

558

<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>

559

560

</para>

561

</informalexample>

562

563

564

<para>

565

To enable all clients:

566

</para>

567

<para>

568

<userinput>&COMMANDNAME; --enable --all</userinput>

569

</para>

570

</informalexample>

571

572

573

<para>

574

To change timeout and interval value for the clients

575

named <quote>foo1.example.org</quote> and <quote

576

>foo2.example.org</quote>:

577

</para>

578

<para>

579

580

581

<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>

582

583

</para>

584

</informalexample>

585

586

587

<para>

588

To approve all clients currently waiting for it:

589

</para>

590

<para>

591

<userinput>&COMMANDNAME; --approve --all</userinput>

592

</para>

593

</informalexample>

594

</refsect1>

595

596

597

<title>SECURITY</title>

598

<para>

599

This program must be permitted to access the Mandos server via

600

the D-Bus interface. This normally requires the root user, but

601

could be configured otherwise by reconfiguring the D-Bus server.

602

</para>

603

</refsect1>

604

605

606

607

<para>

608

<citerefentry><refentrytitle>intro</refentrytitle>

609

<manvolnum>8mandos</manvolnum></citerefentry>,

610

<citerefentry><refentrytitle>mandos</refentrytitle>

611

<manvolnum>8</manvolnum></citerefentry>,

612

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

613

<manvolnum>5</manvolnum></citerefentry>,

614

<citerefentry><refentrytitle>mandos-monitor</refentrytitle>

615

616

</para>

617

</refsect1>

618

619

</refentry>

620

621

622

623

624

Older »