/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

* network-hooks.d/bridge: Use "/usr/sbin/brctl" explicitly.
* plugins.d/mandos-client.c (run_network_hooks): Raise priviliges in
                                                 child process.
  (main): Do not use getuid() to check if running setuid root.  Do not
          raise privileges for run_network_hooks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-ctl">
5
 
<!ENTITY TIMESTAMP "2010-09-21">
 
5
<!ENTITY TIMESTAMP "2011-10-03">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2010</year>
 
35
      <year>2011</year>
35
36
      <holder>Teddy Hogeborn</holder>
36
37
      <holder>Björn Påhlsson</holder>
37
38
    </copyright>
94
95
      </group>
95
96
      <sbr/>
96
97
      <group>
 
98
        <arg choice="plain"><option>--extended-timeout
 
99
        <replaceable>TIME</replaceable></option></arg>
 
100
      </group>
 
101
      <sbr/>
 
102
      <group>
 
103
        <arg choice="plain"><option>--interval
 
104
        <replaceable>TIME</replaceable></option></arg>
 
105
        <arg choice="plain"><option>-i
 
106
        <replaceable>TIME</replaceable></option></arg>
 
107
      </group>
 
108
      <sbr/>
 
109
      <group>
 
110
        <arg choice="plain"><option>--approve-by-default</option
 
111
        ></arg>
 
112
        <sbr/>
 
113
        <arg choice="plain"><option>--deny-by-default</option></arg>
 
114
      </group>
 
115
      <sbr/>
 
116
      <group>
 
117
        <arg choice="plain"><option>--approval-delay
 
118
        <replaceable>TIME</replaceable></option></arg>
 
119
      </group>
 
120
      <sbr/>
 
121
      <group>
 
122
        <arg choice="plain"><option>--approval-duration
 
123
        <replaceable>TIME</replaceable></option></arg>
 
124
      </group>
 
125
      <sbr/>
 
126
      <group>
97
127
        <arg choice="plain"><option>--interval
98
128
        <replaceable>TIME</replaceable></option></arg>
99
129
        <arg choice="plain"><option>-i
273
303
          <para>
274
304
            Set the <varname>checker</varname> option of the specified
275
305
            client(s); see <citerefentry><refentrytitle
276
 
            >mandos-client.conf</refentrytitle><manvolnum>5</manvolnum
277
 
            ></citerefentry>.
 
306
            >mandos-clients.conf</refentrytitle><manvolnum
 
307
            >5</manvolnum></citerefentry>.
278
308
          </para>
279
309
        </listitem>
280
310
      </varlistentry>
288
318
          <para>
289
319
            Set the <varname>timeout</varname> option of the specified
290
320
            client(s); see <citerefentry><refentrytitle
291
 
            >mandos-client.conf</refentrytitle><manvolnum>5</manvolnum
292
 
            ></citerefentry>.
 
321
            >mandos-clients.conf</refentrytitle><manvolnum
 
322
            >5</manvolnum></citerefentry>.
 
323
          </para>
 
324
        </listitem>
 
325
      </varlistentry>
 
326
 
 
327
      <varlistentry>
 
328
        <term><option>--extended-timeout
 
329
        <replaceable>TIME</replaceable></option></term>
 
330
        <listitem>
 
331
          <para>
 
332
            Set the <varname>extended_timeout</varname> option of the
 
333
            specified client(s); see <citerefentry><refentrytitle
 
334
            >mandos-clients.conf</refentrytitle><manvolnum
 
335
            >5</manvolnum></citerefentry>.
293
336
          </para>
294
337
        </listitem>
295
338
      </varlistentry>
301
344
        <replaceable>TIME</replaceable></option></term>
302
345
        <listitem>
303
346
          <para>
304
 
            Set the <varname>interval</varname> option of the specified
305
 
            client(s); see <citerefentry><refentrytitle
306
 
            >mandos-client.conf</refentrytitle><manvolnum>5</manvolnum
307
 
            ></citerefentry>.
 
347
            Set the <varname>interval</varname> option of the
 
348
            specified client(s); see <citerefentry><refentrytitle
 
349
            >mandos-clients.conf</refentrytitle><manvolnum
 
350
            >5</manvolnum></citerefentry>.
 
351
          </para>
 
352
        </listitem>
 
353
      </varlistentry>
 
354
      
 
355
      <varlistentry>
 
356
        <term><option>--approve-by-default</option></term>
 
357
        <term><option>--deny-by-default</option></term>
 
358
        <listitem>
 
359
          <para>
 
360
            Set the <varname>approved_by_default</varname> option of
 
361
            the specified client(s) to <literal>True</literal> or
 
362
            <literal>False</literal>, respectively; see
 
363
            <citerefentry><refentrytitle
 
364
            >mandos-clients.conf</refentrytitle><manvolnum
 
365
            >5</manvolnum></citerefentry>.
 
366
          </para>
 
367
        </listitem>
 
368
      </varlistentry>
 
369
      
 
370
      <varlistentry>
 
371
        <term><option>--approval-delay
 
372
        <replaceable>TIME</replaceable></option></term>
 
373
        <listitem>
 
374
          <para>
 
375
            Set the <varname>approval_delay</varname> option of the
 
376
            specified client(s); see <citerefentry><refentrytitle
 
377
            >mandos-clients.conf</refentrytitle><manvolnum
 
378
            >5</manvolnum></citerefentry>.
 
379
          </para>
 
380
        </listitem>
 
381
      </varlistentry>
 
382
      
 
383
      <varlistentry>
 
384
        <term><option>--approval-duration
 
385
        <replaceable>TIME</replaceable></option></term>
 
386
        <listitem>
 
387
          <para>
 
388
            Set the <varname>approval_duration</varname> option of the
 
389
            specified client(s); see <citerefentry><refentrytitle
 
390
            >mandos-clients.conf</refentrytitle><manvolnum
 
391
            >5</manvolnum></citerefentry>.
308
392
          </para>
309
393
        </listitem>
310
394
      </varlistentry>
318
402
          <para>
319
403
            Set the <varname>host</varname> option of the specified
320
404
            client(s); see <citerefentry><refentrytitle
321
 
            >mandos-client.conf</refentrytitle><manvolnum>5</manvolnum
322
 
            ></citerefentry>.
 
405
            >mandos-clients.conf</refentrytitle><manvolnum
 
406
            >5</manvolnum></citerefentry>.
323
407
          </para>
324
408
        </listitem>
325
409
      </varlistentry>
333
417
          <para>
334
418
            Set the <varname>secfile</varname> option of the specified
335
419
            client(s); see <citerefentry><refentrytitle
336
 
            >mandos-client.conf</refentrytitle><manvolnum>5</manvolnum
337
 
            ></citerefentry>.
 
420
            >mandos-clients.conf</refentrytitle><manvolnum
 
421
            >5</manvolnum></citerefentry>.
338
422
          </para>
339
423
        </listitem>
340
424
      </varlistentry>
422
506
    <title>EXAMPLE</title>
423
507
    <informalexample>
424
508
      <para>
425
 
        List all clients with some of their settings:
 
509
        To list all clients:
426
510
      </para>
427
511
      <para>
428
512
        <userinput>&COMMANDNAME;</userinput>
429
513
      </para>
430
514
    </informalexample>
431
 
    <informalexample>
432
 
      <para>
433
 
        Show all settings for the clients named <quote>foo</quote> and
434
 
        <quote>bar</quote>:
435
 
      </para>
436
 
      <para>
437
 
 
438
 
<!-- do not wrap this line -->
439
 
<userinput>&COMMANDNAME; --verbose foo bar</userinput>
440
 
 
 
515
    
 
516
    <informalexample>
 
517
      <para>
 
518
        To list <emphasis>all</emphasis> settings for the clients
 
519
        named <quote>foo1.example.org</quote> and <quote
 
520
        >foo2.example.org</quote>:
 
521
      </para>
 
522
      <para>
 
523
 
 
524
<!-- do not wrap this line -->
 
525
<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>
 
526
 
 
527
      </para>
 
528
    </informalexample>
 
529
    
 
530
    <informalexample>
 
531
      <para>
 
532
        To enable all clients:
 
533
      </para>
 
534
      <para>
 
535
        <userinput>&COMMANDNAME; --enable --all</userinput>
 
536
      </para>
 
537
    </informalexample>
 
538
    
 
539
    <informalexample>
 
540
      <para>
 
541
        To change timeout and interval value for the clients
 
542
        named <quote>foo1.example.org</quote> and <quote
 
543
        >foo2.example.org</quote>:
 
544
      </para>
 
545
      <para>
 
546
 
 
547
<!-- do not wrap this line -->
 
548
<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>
 
549
 
 
550
      </para>
 
551
    </informalexample>
 
552
    
 
553
    <informalexample>
 
554
      <para>
 
555
        To approve all clients currently waiting for it:
 
556
      </para>
 
557
      <para>
 
558
        <userinput>&COMMANDNAME; --approve --all</userinput>
441
559
      </para>
442
560
    </informalexample>
443
561
  </refsect1>
454
572
  <refsect1 id="see_also">
455
573
    <title>SEE ALSO</title>
456
574
    <para>
 
575
      <citerefentry><refentrytitle>intro</refentrytitle>
 
576
      <manvolnum>8mandos</manvolnum></citerefentry>,
457
577
      <citerefentry><refentrytitle>mandos</refentrytitle>
458
578
      <manvolnum>8</manvolnum></citerefentry>,
459
579
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>