/mandos/release : revision 237.2.38

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

Committer: Teddy Hogeborn
Date: 2009-01-18 00:16:57 UTC
mto: (24.1.127 mandos) (237.4.2 mandos-pipe-ipc) (299.1.1 release) (300.1.1 release) (301.1.1 release)
mto: This revision was merged to the branch mainline in revision 249.
Revision ID: teddy@fukt.bsnet.se-20090118001657-6mo3ae73ldy5tegf

* debian/mandos-client.postinst: Converted to Bourne shell.  Also
                                 minor message change.
* debian/mandos-client.postrm: Minor message change.
* debian/mandos.postinst: Converted to Bourne shell.  Also minor
                          message change.
* debian/mandos.prerm: Minor message change.

files added:
initramfs-tools-hook-conf

files removed:
DBUS-API

bugs.xml

dbus-mandos.conf

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.templates

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/plymouth.c

plugins.d/plymouth.xml

tmpfiles.d-mandos.conf

files modified:
.bzrignore

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl *

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-ctl.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-ctl">

<!ENTITY TIMESTAMP "2019-02-10">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

</refmeta>

<refname><command>&COMMANDNAME;</command></refname>

Control or query the operation of the Mandos server

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--enable</option></arg>

<sbr/>

<arg choice="plain"><option>--disable</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--bump-timeout</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--start-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--stop-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--remove</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--checker

<replaceable>COMMAND</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>COMMAND</replaceable></option></arg>

</group>

<sbr/>

<group>

100

<arg choice="plain"><option>--timeout

101

102

<arg choice="plain"><option>-t

103

104

</group>

105

<sbr/>

106

<group>

107

<arg choice="plain"><option>--extended-timeout

108

109

</group>

110

<sbr/>

111

<group>

112

<arg choice="plain"><option>--interval

113

114

<arg choice="plain"><option>-i

115

116

</group>

117

<sbr/>

118

<group>

119

<arg choice="plain"><option>--approve-by-default</option

120

></arg>

121

<sbr/>

122

<arg choice="plain"><option>--deny-by-default</option></arg>

123

</group>

124

<sbr/>

125

<group>

126

<arg choice="plain"><option>--approval-delay

127

128

</group>

129

<sbr/>

130

<group>

131

<arg choice="plain"><option>--approval-duration

132

133

</group>

134

<sbr/>

135

<group>

136

<arg choice="plain"><option>--interval

137

138

<arg choice="plain"><option>-i

139

140

</group>

141

<sbr/>

142

<group>

143

<arg choice="plain"><option>--host

144

<replaceable>STRING</replaceable></option></arg>

145

<arg choice="plain"><option>-H

146

<replaceable>STRING</replaceable></option></arg>

147

</group>

148

<sbr/>

149

<group>

150

<arg choice="plain"><option>--secret

151

<replaceable>FILENAME</replaceable></option></arg>

152

<arg choice="plain"><option>-s

153

<replaceable>FILENAME</replaceable></option></arg>

154

</group>

155

<sbr/>

156

<group>

157

<arg choice="plain"><option>--approve</option></arg>

158

159

<sbr/>

160

161

162

</group>

163

</group>

164

<sbr/>

165

166

167

168

169

<replaceable>CLIENT</replaceable>

170

</arg>

171

</group>

172

</cmdsynopsis>

173

174

<command>&COMMANDNAME;</command>

175

<group>

176

<arg choice="plain"><option>--verbose</option></arg>

177

178

<sbr/>

179

180

181

</group>

182

<group>

183

184

<replaceable>CLIENT</replaceable>

185

</arg>

186

</group>

187

</cmdsynopsis>

188

189

<command>&COMMANDNAME;</command>

190

191

<arg choice="plain"><option>--is-enabled</option></arg>

192

193

</group>

194

<arg choice='plain'><replaceable>CLIENT</replaceable></arg>

195

</cmdsynopsis>

196

197

<command>&COMMANDNAME;</command>

198

199

200

201

</group>

202

</cmdsynopsis>

203

204

<command>&COMMANDNAME;</command>

205

206

<arg choice="plain"><option>--version</option></arg>

207

208

</group>

209

</cmdsynopsis>

210

211

<command>&COMMANDNAME;</command>

212

<arg choice="plain"><option>--check</option></arg>

213

</cmdsynopsis>

214

</refsynopsisdiv>

215

216

217

<title>DESCRIPTION</title>

218

<para>

219

<command>&COMMANDNAME;</command> is a program to control or

220

query the operation of the Mandos server

221

<citerefentry><refentrytitle>mandos</refentrytitle><manvolnum

222

>8</manvolnum></citerefentry>.

223

</para>

224

<para>

225

This program can be used to change client settings, approve or

226

deny client requests, and to remove clients from the server.

227

</para>

228

</refsect1>

229

230

231

<title>PURPOSE</title>

232

<para>

233

The purpose of this is to enable <emphasis>remote and unattended

234

rebooting</emphasis> of client host computer with an

235

<emphasis>encrypted root file system</emphasis>. See <xref

236

linkend="overview"/> for details.

237

</para>

238

</refsect1>

239

240

241

<title>OPTIONS</title>

242

243

244

245

246

247

248

<para>

249

Show a help message and exit

250

</para>

251

</listitem>

252

</varlistentry>

253

254

255

<term><option>--enable</option></term>

256

257

258

<para>

259

Enable client(s). An enabled client will be eligble to

260

receive its secret.

261

</para>

262

</listitem>

263

</varlistentry>

264

265

266

<term><option>--disable</option></term>

267

268

269

<para>

270

Disable client(s). A disabled client will not be eligble

271

to receive its secret, and no checkers will be started for

272

it.

273

</para>

274

</listitem>

275

</varlistentry>

276

277

278

<term><option>--bump-timeout</option></term>

279

280

<para>

281

Bump the timeout of the specified client(s), just as if a

282

checker had completed successfully for it/them.

283

</para>

284

</listitem>

285

</varlistentry>

286

287

288

<term><option>--start-checker</option></term>

289

290

<para>

291

Start a new checker now for the specified client(s).

292

</para>

293

</listitem>

294

</varlistentry>

295

296

297

<term><option>--stop-checker</option></term>

298

299

<para>

300

Stop any running checker for the specified client(s).

301

</para>

302

</listitem>

303

</varlistentry>

304

305

306

<term><option>--remove</option></term>

307

308

309

<para>

310

Remove the specified client(s) from the server.

311

</para>

312

</listitem>

313

</varlistentry>

314

315

316

<term><option>--checker

317

<replaceable>COMMAND</replaceable></option></term>

318

<term><option>-c

319

<replaceable>COMMAND</replaceable></option></term>

320

321

<para>

322

Set the <varname>checker</varname> option of the specified

323

client(s); see <citerefentry><refentrytitle

324

>mandos-clients.conf</refentrytitle><manvolnum

325

>5</manvolnum></citerefentry>.

326

</para>

327

</listitem>

328

</varlistentry>

329

330

331

<term><option>--timeout

332

333

<term><option>-t

334

335

336

<para>

337

Set the <varname>timeout</varname> option of the specified

338

client(s); see <citerefentry><refentrytitle

339

>mandos-clients.conf</refentrytitle><manvolnum

340

>5</manvolnum></citerefentry>.

341

</para>

342

</listitem>

343

</varlistentry>

344

345

346

<term><option>--extended-timeout

347

348

349

<para>

350

Set the <varname>extended_timeout</varname> option of the

351

specified client(s); see <citerefentry><refentrytitle

352

>mandos-clients.conf</refentrytitle><manvolnum

353

>5</manvolnum></citerefentry>.

354

</para>

355

</listitem>

356

</varlistentry>

357

358

359

<term><option>--interval

360

361

<term><option>-i

362

363

364

<para>

365

Set the <varname>interval</varname> option of the

366

specified client(s); see <citerefentry><refentrytitle

367

>mandos-clients.conf</refentrytitle><manvolnum

368

>5</manvolnum></citerefentry>.

369

</para>

370

</listitem>

371

</varlistentry>

372

373

374

<term><option>--approve-by-default</option></term>

375

<term><option>--deny-by-default</option></term>

376

377

<para>

378

Set the <varname>approved_by_default</varname> option of

379

the specified client(s) to <literal>True</literal> or

380

<literal>False</literal>, respectively; see

381

<citerefentry><refentrytitle

382

>mandos-clients.conf</refentrytitle><manvolnum

383

>5</manvolnum></citerefentry>.

384

</para>

385

</listitem>

386

</varlistentry>

387

388

389

<term><option>--approval-delay

390

391

392

<para>

393

Set the <varname>approval_delay</varname> option of the

394

specified client(s); see <citerefentry><refentrytitle

395

>mandos-clients.conf</refentrytitle><manvolnum

396

>5</manvolnum></citerefentry>.

397

</para>

398

</listitem>

399

</varlistentry>

400

401

402

<term><option>--approval-duration

403

404

405

<para>

406

Set the <varname>approval_duration</varname> option of the

407

specified client(s); see <citerefentry><refentrytitle

408

>mandos-clients.conf</refentrytitle><manvolnum

409

>5</manvolnum></citerefentry>.

410

</para>

411

</listitem>

412

</varlistentry>

413

414

415

<term><option>--host

416

<replaceable>STRING</replaceable></option></term>

417

<term><option>-H

418

<replaceable>STRING</replaceable></option></term>

419

420

<para>

421

Set the <varname>host</varname> option of the specified

422

client(s); see <citerefentry><refentrytitle

423

>mandos-clients.conf</refentrytitle><manvolnum

424

>5</manvolnum></citerefentry>.

425

</para>

426

</listitem>

427

</varlistentry>

428

429

430

<term><option>--secret

431

<replaceable>FILENAME</replaceable></option></term>

432

<term><option>-s

433

<replaceable>FILENAME</replaceable></option></term>

434

435

<para>

436

Set the <varname>secfile</varname> option of the specified

437

client(s); see <citerefentry><refentrytitle

438

>mandos-clients.conf</refentrytitle><manvolnum

439

>5</manvolnum></citerefentry>.

440

</para>

441

</listitem>

442

</varlistentry>

443

444

445

<term><option>--approve</option></term>

446

447

448

<para>

449

Approve client(s) if currently waiting for approval.

450

</para>

451

</listitem>

452

</varlistentry>

453

454

455

456

457

458

<para>

459

Deny client(s) if currently waiting for approval.

460

</para>

461

</listitem>

462

</varlistentry>

463

464

465

466

467

468

<para>

469

Make the client-modifying options modify <emphasis

470

>all</emphasis> clients.

471

</para>

472

</listitem>

473

</varlistentry>

474

475

476

<term><option>--verbose</option></term>

477

478

479

<para>

480

Show all client settings, not just a subset.

481

</para>

482

</listitem>

483

</varlistentry>

484

485

486

487

488

489

<para>

490

Dump client settings as JSON to standard output.

491

</para>

492

</listitem>

493

</varlistentry>

494

495

496

<term><option>--is-enabled</option></term>

497

498

499

<para>

500

Check if a single client is enabled or not, and exit with

501

a successful exit status only if the client is enabled.

502

</para>

503

</listitem>

504

</varlistentry>

505

506

507

<term><option>--check</option></term>

508

509

<para>

510

Run self-tests. This includes any unit tests, etc.

511

</para>

512

</listitem>

513

</varlistentry>

514

515

</variablelist>

516

</refsect1>

517

518

519

<title>OVERVIEW</title>

520

<xi:include href="overview.xml"/>

521

<para>

522

This program is a small utility to generate new OpenPGP keys for

523

new Mandos clients, and to generate sections for inclusion in

524

<filename>clients.conf</filename> on the server.

525

</para>

526

</refsect1>

527

528

529

<title>EXIT STATUS</title>

530

<para>

531

If the <option>--is-enabled</option> option is used, the exit

532

status will be 0 only if the specified client is enabled.

533

</para>

534

</refsect1>

535

536

537

538

<xi:include href="bugs.xml"/>

539

</refsect1>

540

541

542

<title>EXAMPLE</title>

543

544

<para>

545

To list all clients:

546

</para>

547

<para>

548

<userinput>&COMMANDNAME;</userinput>

549

</para>

550

</informalexample>

551

552

553

<para>

554

To list <emphasis>all</emphasis> settings for the clients

555

named <quote>foo1.example.org</quote> and <quote

556

>foo2.example.org</quote>:

557

</para>

558

<para>

559

560

561

<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>

562

563

</para>

564

</informalexample>

565

566

567

<para>

568

To enable all clients:

569

</para>

570

<para>

571

<userinput>&COMMANDNAME; --enable --all</userinput>

572

</para>

573

</informalexample>

574

575

576

<para>

577

To change timeout and interval value for the clients

578

named <quote>foo1.example.org</quote> and <quote

579

>foo2.example.org</quote>:

580

</para>

581

<para>

582

583

584

<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>

585

586

</para>

587

</informalexample>

588

589

590

<para>

591

To approve all clients currently waiting for it:

592

</para>

593

<para>

594

<userinput>&COMMANDNAME; --approve --all</userinput>

595

</para>

596

</informalexample>

597

</refsect1>

598

599

600

<title>SECURITY</title>

601

<para>

602

This program must be permitted to access the Mandos server via

603

the D-Bus interface. This normally requires the root user, but

604

could be configured otherwise by reconfiguring the D-Bus server.

605

</para>

606

</refsect1>

607

608

609

610

<para>

611

<citerefentry><refentrytitle>intro</refentrytitle>

612

<manvolnum>8mandos</manvolnum></citerefentry>,

613

<citerefentry><refentrytitle>mandos</refentrytitle>

614

<manvolnum>8</manvolnum></citerefentry>,

615

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

616

<manvolnum>5</manvolnum></citerefentry>,

617

<citerefentry><refentrytitle>mandos-monitor</refentrytitle>

618

619

</para>

620

</refsect1>

621

622

</refentry>

623

624

625

626

627

Older »