To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos.xml
- browse files at revision 231
- compare with another revision
- download diff
- download tarball
- view history from revision 231
- Committer: Teddy Hogeborn
- Date: 2008-10-15 19:54:11 UTC
- Revision ID: teddy@fukt.bsnet.se-20081015195411-y5rr8hh3u7koihgi
* debian/copyright: Removed non-standard headers.
- files added:
- .bzr-builddeb
- debian
- debian/po
- files removed:
- plugins.d/usplash
- files renamed:
- plugins.d/password-request.c => plugins.d/mandos-client.c
- plugins.d/password-request.xml => plugins.d/mandos-client.xml
- files modified:
- Makefile
added
removed
mandos.xml
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "mandos">
5
<!ENTITY TIMESTAMP "2008-10-03">
6
<!ENTITY % common SYSTEM "common.ent">
7
%common;
6
8
]>
7
9
8
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
9
<refentryinfo>
10
<title>&COMMANDNAME;</title>
11
<refentryinfo>
12
<title>Mandos Manual</title>
11
13
<!-- NWalsh’s docbook scripts use this to generate the footer: -->
12
<productname>&COMMANDNAME;</productname>
13
<productnumber>&VERSION;</productnumber>
14
<productname>Mandos</productname>
15
<productnumber>&version;</productnumber>
16
<date>&TIMESTAMP;</date>
14
17
<authorgroup>
15
18
<author>
16
19
<firstname>Björn</firstname>
32
35
<holder>Teddy Hogeborn</holder>
33
36
<holder>Björn Påhlsson</holder>
34
37
</copyright>
35
<legalnotice>
36
<para>
37
This manual page is free software: you can redistribute it
38
and/or modify it under the terms of the GNU General Public
39
License as published by the Free Software Foundation,
40
either version 3 of the License, or (at your option) any
41
later version.
42
</para>
43
44
<para>
45
This manual page is distributed in the hope that it will
46
be useful, but WITHOUT ANY WARRANTY; without even the
47
implied warranty of MERCHANTABILITY or FITNESS FOR A
48
PARTICULAR PURPOSE. See the GNU General Public License
49
for more details.
50
</para>
51
52
<para>
53
You should have received a copy of the GNU General Public
54
License along with this program; If not, see
55
<ulink url="http://www.gnu.org/licenses/"/>.
56
</para>
57
</legalnotice>
38
<xi:include href="legalnotice.xml"/>
58
39
</refentryinfo>
59
40
60
41
<refmeta>
61
42
<refentrytitle>&COMMANDNAME;</refentrytitle>
62
43
<manvolnum>8</manvolnum>
65
46
<refnamediv>
66
47
<refname><command>&COMMANDNAME;</command></refname>
67
48
<refpurpose>
68
Sends encrypted passwords to authenticated Mandos clients
49
Gives encrypted passwords to authenticated Mandos clients
69
50
</refpurpose>
70
51
</refnamediv>
71
52
72
53
<refsynopsisdiv>
73
54
<cmdsynopsis>
74
55
<command>&COMMANDNAME;</command>
75
<arg>--interface<arg choice="plain">IF</arg></arg>
76
<arg>--address<arg choice="plain">ADDRESS</arg></arg>
77
<arg>--port<arg choice="plain">PORT</arg></arg>
78
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
79
<arg>--servicename<arg choice="plain">NAME</arg></arg>
80
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
81
<arg>--debug</arg>
82
</cmdsynopsis>
83
<cmdsynopsis>
84
<command>&COMMANDNAME;</command>
85
<arg>-i<arg choice="plain">IF</arg></arg>
86
<arg>-a<arg choice="plain">ADDRESS</arg></arg>
87
<arg>-p<arg choice="plain">PORT</arg></arg>
88
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
89
<arg>--servicename<arg choice="plain">NAME</arg></arg>
90
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
91
<arg>--debug</arg>
56
<group>
57
<arg choice="plain"><option>--interface
58
<replaceable>NAME</replaceable></option></arg>
59
<arg choice="plain"><option>-i
60
<replaceable>NAME</replaceable></option></arg>
61
</group>
62
<sbr/>
63
<group>
64
<arg choice="plain"><option>--address
65
<replaceable>ADDRESS</replaceable></option></arg>
66
<arg choice="plain"><option>-a
67
<replaceable>ADDRESS</replaceable></option></arg>
68
</group>
69
<sbr/>
70
<group>
71
<arg choice="plain"><option>--port
72
<replaceable>PORT</replaceable></option></arg>
73
<arg choice="plain"><option>-p
74
<replaceable>PORT</replaceable></option></arg>
75
</group>
76
<sbr/>
77
<arg><option>--priority
78
<replaceable>PRIORITY</replaceable></option></arg>
79
<sbr/>
80
<arg><option>--servicename
81
<replaceable>NAME</replaceable></option></arg>
82
<sbr/>
83
<arg><option>--configdir
84
<replaceable>DIRECTORY</replaceable></option></arg>
85
<sbr/>
86
<arg><option>--debug</option></arg>
92
87
</cmdsynopsis>
93
88
<cmdsynopsis>
94
89
<command>&COMMANDNAME;</command>
95
90
<group choice="req">
96
<arg choice="plain">-h</arg>
97
<arg choice="plain">--help</arg>
91
<arg choice="plain"><option>--help</option></arg>
92
<arg choice="plain"><option>-h</option></arg>
98
93
</group>
99
94
</cmdsynopsis>
100
95
<cmdsynopsis>
101
96
<command>&COMMANDNAME;</command>
102
<arg choice="plain">--version</arg>
97
<arg choice="plain"><option>--version</option></arg>
103
98
</cmdsynopsis>
104
99
<cmdsynopsis>
105
100
<command>&COMMANDNAME;</command>
106
<arg choice="plain">--check</arg>
101
<arg choice="plain"><option>--check</option></arg>
107
102
</cmdsynopsis>
108
103
</refsynopsisdiv>
109
104
110
105
<refsect1 id="description">
111
106
<title>DESCRIPTION</title>
112
107
<para>
121
116
Any authenticated client is then given the stored pre-encrypted
122
117
password for that specific client.
123
118
</para>
124
125
119
</refsect1>
126
120
127
121
<refsect1 id="purpose">
128
122
<title>PURPOSE</title>
129
130
123
<para>
131
124
The purpose of this is to enable <emphasis>remote and unattended
132
125
rebooting</emphasis> of client host computer with an
133
126
<emphasis>encrypted root file system</emphasis>. See <xref
134
127
linkend="overview"/> for details.
135
128
</para>
136
137
129
</refsect1>
138
130
139
131
<refsect1 id="options">
140
132
<title>OPTIONS</title>
141
142
133
<variablelist>
143
134
<varlistentry>
144
<term><literal>-h</literal>, <literal>--help</literal></term>
135
<term><option>--help</option></term>
136
<term><option>-h</option></term>
145
137
<listitem>
146
138
<para>
147
139
Show a help message and exit
148
140
</para>
149
141
</listitem>
150
142
</varlistentry>
151
143
152
144
<varlistentry>
153
<term><literal>-i</literal>, <literal>--interface <replaceable>
154
IF</replaceable></literal></term>
145
<term><option>--interface</option>
146
<replaceable>NAME</replaceable></term>
147
<term><option>-i</option>
148
<replaceable>NAME</replaceable></term>
155
149
<listitem>
156
150
<xi:include href="mandos-options.xml" xpointer="interface"/>
157
151
</listitem>
158
152
</varlistentry>
159
153
160
154
<varlistentry>
161
<term><literal>-a</literal>, <literal>--address <replaceable>
162
ADDRESS</replaceable></literal></term>
155
<term><option>--address
156
<replaceable>ADDRESS</replaceable></option></term>
157
<term><option>-a
158
<replaceable>ADDRESS</replaceable></option></term>
163
159
<listitem>
164
160
<xi:include href="mandos-options.xml" xpointer="address"/>
165
161
</listitem>
166
162
</varlistentry>
167
163
168
164
<varlistentry>
169
<term><literal>-p</literal>, <literal>--port <replaceable>
170
PORT</replaceable></literal></term>
165
<term><option>--port
166
<replaceable>PORT</replaceable></option></term>
167
<term><option>-p
168
<replaceable>PORT</replaceable></option></term>
171
169
<listitem>
172
170
<xi:include href="mandos-options.xml" xpointer="port"/>
173
171
</listitem>
174
172
</varlistentry>
175
173
176
174
<varlistentry>
177
<term><literal>--check</literal></term>
175
<term><option>--check</option></term>
178
176
<listitem>
179
177
<para>
180
178
Run the server’s self-tests. This includes any unit
182
180
</para>
183
181
</listitem>
184
182
</varlistentry>
185
183
186
184
<varlistentry>
187
<term><literal>--debug</literal></term>
185
<term><option>--debug</option></term>
188
186
<listitem>
189
187
<xi:include href="mandos-options.xml" xpointer="debug"/>
190
188
</listitem>
191
189
</varlistentry>
192
190
193
191
<varlistentry>
194
<term><literal>--priority <replaceable>
195
PRIORITY</replaceable></literal></term>
192
<term><option>--priority <replaceable>
193
PRIORITY</replaceable></option></term>
196
194
<listitem>
197
195
<xi:include href="mandos-options.xml" xpointer="priority"/>
198
196
</listitem>
199
197
</varlistentry>
200
198
201
199
<varlistentry>
202
<term><literal>--servicename <replaceable>NAME</replaceable>
203
</literal></term>
200
<term><option>--servicename
201
<replaceable>NAME</replaceable></option></term>
204
202
<listitem>
205
203
<xi:include href="mandos-options.xml"
206
204
xpointer="servicename"/>
207
205
</listitem>
208
206
</varlistentry>
209
207
210
208
<varlistentry>
211
<term><literal>--configdir <replaceable>DIR</replaceable>
212
</literal></term>
209
<term><option>--configdir
210
<replaceable>DIRECTORY</replaceable></option></term>
213
211
<listitem>
214
212
<para>
215
213
Directory to search for configuration files. Default is
221
219
</para>
222
220
</listitem>
223
221
</varlistentry>
224
222
225
223
<varlistentry>
226
<term><literal>--version</literal></term>
224
<term><option>--version</option></term>
227
225
<listitem>
228
226
<para>
229
227
Prints the program version and exit.
232
230
</varlistentry>
233
231
</variablelist>
234
232
</refsect1>
235
233
236
234
<refsect1 id="overview">
237
235
<title>OVERVIEW</title>
238
236
<xi:include href="overview.xml"/>
239
237
<para>
240
238
This program is the server part. It is a normal server program
241
239
and will run in a normal system environment, not in an initial
242
RAM disk environment.
240
<acronym>RAM</acronym> disk environment.
243
241
</para>
244
242
</refsect1>
245
243
246
244
<refsect1 id="protocol">
247
245
<title>NETWORK PROTOCOL</title>
248
246
<para>
274
272
<entry>-><!-- → --></entry>
275
273
</row>
276
274
<row>
277
<entry><quote><literal>1\r\en</literal></quote></entry>
275
<entry><quote><literal>1\r\n</literal></quote></entry>
278
276
<entry>-><!-- → --></entry>
279
277
</row>
280
278
<row>
300
298
</row>
301
299
</tbody></tgroup></table>
302
300
</refsect1>
303
301
304
302
<refsect1 id="checking">
305
303
<title>CHECKING</title>
306
304
<para>
310
308
longer eligible to receive the encrypted password. The timeout,
311
309
checker program, and interval between checks can be configured
312
310
both globally and per client; see <citerefentry>
313
<refentrytitle>mandos.conf</refentrytitle>
314
<manvolnum>5</manvolnum></citerefentry> and <citerefentry>
315
311
<refentrytitle>mandos-clients.conf</refentrytitle>
316
312
<manvolnum>5</manvolnum></citerefentry>.
317
313
</para>
318
314
</refsect1>
319
315
320
316
<refsect1 id="logging">
321
317
<title>LOGGING</title>
322
318
<para>
323
The server will send log messaged with various severity levels
324
to <filename>/dev/log</filename>. With the
319
The server will send log message with various severity levels to
320
<filename>/dev/log</filename>. With the
325
321
<option>--debug</option> option, it will log even more messages,
326
322
and also show them on the console.
327
323
</para>
328
324
</refsect1>
329
325
330
326
<refsect1 id="exit_status">
331
327
<title>EXIT STATUS</title>
332
328
<para>
334
330
critical error is encountered.
335
331
</para>
336
332
</refsect1>
337
333
338
334
<refsect1 id="environment">
339
335
<title>ENVIRONMENT</title>
340
336
<variablelist>
341
337
<varlistentry>
342
<term><varname>PATH</varname></term>
338
<term><envar>PATH</envar></term>
343
339
<listitem>
344
340
<para>
345
341
To start the configured checker (see <xref
348
344
<varname>PATH</varname> to search for matching commands if
349
345
an absolute path is not given. See <citerefentry>
350
346
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
351
</citerefentry>
347
</citerefentry>.
352
348
</para>
353
349
</listitem>
354
350
</varlistentry>
355
351
</variablelist>
356
352
</refsect1>
357
358
<refsect1 id="file">
353
354
<refsect1 id="files">
359
355
<title>FILES</title>
360
356
<para>
361
357
Use the <option>--configdir</option> option to change where
384
380
</listitem>
385
381
</varlistentry>
386
382
<varlistentry>
387
<term><filename>/var/run/mandos/mandos.pid</filename></term>
383
<term><filename>/var/run/mandos.pid</filename></term>
388
384
<listitem>
389
385
<para>
390
386
The file containing the process id of
425
421
Currently, if a client is declared <quote>invalid</quote> due to
426
422
having timed out, the server does not record this fact onto
427
423
permanent storage. This has some security implications, see
428
<xref linkend="CLIENTS"/>.
424
<xref linkend="clients"/>.
429
425
</para>
430
426
<para>
431
427
There is currently no way of querying the server of the current
439
435
Debug mode is conflated with running in the foreground.
440
436
</para>
441
437
<para>
442
The console log messages does not show a timestamp.
438
The console log messages does not show a time stamp.
439
</para>
440
<para>
441
This server does not check the expire time of clients’ OpenPGP
442
keys.
443
443
</para>
444
444
</refsect1>
445
445
450
450
Normal invocation needs no options:
451
451
</para>
452
452
<para>
453
<userinput>mandos</userinput>
453
<userinput>&COMMANDNAME;</userinput>
454
454
</para>
455
455
</informalexample>
456
456
<informalexample>
463
463
<para>
464
464
465
465
<!-- do not wrap this line -->
466
<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>
466
<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>
467
467
468
468
</para>
469
469
</informalexample>
475
475
<para>
476
476
477
477
<!-- do not wrap this line -->
478
<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>
478
<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>
479
479
480
480
</para>
481
481
</informalexample>
482
482
</refsect1>
483
483
484
484
<refsect1 id="security">
485
485
<title>SECURITY</title>
486
<refsect2 id="SERVER">
486
<refsect2 id="server">
487
487
<title>SERVER</title>
488
488
<para>
489
489
Running this <command>&COMMANDNAME;</command> server program
490
490
should not in itself present any security risk to the host
491
computer running it. The program does not need any special
492
privileges to run, and is designed to run as a non-root user.
491
computer running it. The program switches to a non-root user
492
soon after startup.
493
493
</para>
494
494
</refsect2>
495
<refsect2 id="CLIENTS">
495
<refsect2 id="clients">
496
496
<title>CLIENTS</title>
497
497
<para>
498
498
The server only gives out its stored data to clients which
505
505
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
506
506
<manvolnum>5</manvolnum></citerefentry>)
507
507
<emphasis>must</emphasis> be made non-readable by anyone
508
except the user running the server.
508
except the user starting the server (usually root).
509
509
</para>
510
510
<para>
511
511
As detailed in <xref linkend="checking"/>, the status of all
522
522
restarting servers if it is suspected that a client has, in
523
523
fact, been compromised by parties who may now be running a
524
524
fake Mandos client with the keys from the non-encrypted
525
initial RAM image of the client host. What should be done in
526
that case (if restarting the server program really is
527
necessary) is to stop the server program, edit the
525
initial <acronym>RAM</acronym> image of the client host. What
526
should be done in that case (if restarting the server program
527
really is necessary) is to stop the server program, edit the
528
528
configuration file to omit any suspect clients, and restart
529
529
the server program.
530
530
</para>
531
531
<para>
532
532
For more details on client-side security, see
533
<citerefentry><refentrytitle>password-request</refentrytitle>
533
<citerefentry><refentrytitle>mandos-client</refentrytitle>
534
534
<manvolnum>8mandos</manvolnum></citerefentry>.
535
535
</para>
536
536
</refsect2>
537
537
</refsect1>
538
538
539
539
<refsect1 id="see_also">
540
540
<title>SEE ALSO</title>
541
<para>
542
<citerefentry>
543
<refentrytitle>mandos-clients.conf</refentrytitle>
544
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
545
<refentrytitle>mandos.conf</refentrytitle>
546
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
547
<refentrytitle>mandos-client</refentrytitle>
548
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
549
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
550
</citerefentry>
551
</para>
541
552
<variablelist>
542
553
<varlistentry>
543
554
<term>
544
<citerefentry>
545
<refentrytitle>password-request</refentrytitle>
546
<manvolnum>8mandos</manvolnum>
547
</citerefentry>
548
</term>
549
<listitem>
550
<para>
551
This is the actual program which talks to this server.
552
Note that it is normally not invoked directly, and is only
553
run in the initial RAM disk environment, and not on a
554
fully started system.
555
</para>
556
</listitem>
557
</varlistentry>
558
<varlistentry>
559
<term>
560
555
<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>
561
556
</term>
562
557
<listitem>
579
574
</varlistentry>
580
575
<varlistentry>
581
576
<term>
582
<ulink
583
url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>
577
<ulink url="http://www.gnu.org/software/gnutls/"
578
>GnuTLS</ulink>
584
579
</term>
585
580
<listitem>
586
581
<para>
592
587
</varlistentry>
593
588
<varlistentry>
594
589
<term>
595
<citation>RFC 4291: <citetitle>IP Version 6 Addressing
596
Architecture</citetitle>, section 2.5.6, Link-Local IPv6
597
Unicast Addresses</citation>
590
RFC 4291: <citetitle>IP Version 6 Addressing
591
Architecture</citetitle>
598
592
</term>
599
593
<listitem>
600
<para>
601
The clients use IPv6 link-local addresses, which are
602
immediately usable since a link-local addresses is
603
automatically assigned to a network interfaces when it is
604
brought up.
605
</para>
594
<variablelist>
595
<varlistentry>
596
<term>Section 2.2: <citetitle>Text Representation of
597
Addresses</citetitle></term>
598
<listitem><para/></listitem>
599
</varlistentry>
600
<varlistentry>
601
<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6
602
Address</citetitle></term>
603
<listitem><para/></listitem>
604
</varlistentry>
605
<varlistentry>
606
<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast
607
Addresses</citetitle></term>
608
<listitem>
609
<para>
610
The clients use IPv6 link-local addresses, which are
611
immediately usable since a link-local addresses is
612
automatically assigned to a network interfaces when it
613
is brought up.
614
</para>
615
</listitem>
616
</varlistentry>
617
</variablelist>
606
618
</listitem>
607
619
</varlistentry>
608
620
<varlistentry>
609
621
<term>
610
<citation>RFC 4346: <citetitle>The Transport Layer Security
611
(TLS) Protocol Version 1.1</citetitle></citation>
622
RFC 4346: <citetitle>The Transport Layer Security (TLS)
623
Protocol Version 1.1</citetitle>
612
624
</term>
613
625
<listitem>
614
626
<para>
618
630
</varlistentry>
619
631
<varlistentry>
620
632
<term>
621
<citation>RFC 4880: <citetitle>OpenPGP Message
622
Format</citetitle></citation>
633
RFC 4880: <citetitle>OpenPGP Message Format</citetitle>
623
634
</term>
624
635
<listitem>
625
636
<para>
629
640
</varlistentry>
630
641
<varlistentry>
631
642
<term>
632
<citation>RFC 5081: <citetitle>Using OpenPGP Keys for
633
Transport Layer Security</citetitle></citation>
643
RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
644
Security</citetitle>
634
645
</term>
635
646
<listitem>
636
647
<para>
642
653
</variablelist>
643
654
</refsect1>
644
655
</refentry>
656
<!-- Local Variables: -->
657
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
658
<!-- time-stamp-end: "[\"']>" -->
659
<!-- time-stamp-format: "%:y-%02m-%02d" -->
660
<!-- End: -->
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0