/mandos/release : revision 237.7.386

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2016-03-19 03:51:23 UTC
mto: (237.7.594 trunk)
mto: This revision was merged to the branch mainline in revision 341.
Revision ID: teddy@recompile.se-20160319035123-53w4dbzdyjef29m1

Server: New tmpfiles.d file for persistent state directory

Provide a tmpfiles.d(5) file for systemd to create persistent state
directory on so-called "volatile" systems.

* Makefile (TMPFILES): New.
(install-server): Also install "tmpfiles.d-mandos.conf" file as
"/usr/lib/tmpfiles.d/mandos.conf".
* tmpfiles.d-mandos.conf: New.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-unpack

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

overview.xml

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version='1.0' encoding='UTF-8'?>

<?xml-stylesheet type="text/xsl"

href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2016-03-05">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>&COMMANDNAME;</title>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<refname><command>&COMMANDNAME;</command></refname>

Sends encrypted passwords to authenticated Mandos clients

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<arg choice='opt'>--interface<arg choice='plain'>IF</arg></arg>

<arg choice='opt'>--address<arg choice='plain'>ADDRESS</arg></arg>

<arg choice='opt'>--priority<arg choice='plain'>PRIORITY</arg></arg>

<arg choice='opt'>--servicename<arg choice='plain'>NAME</arg></arg>

<arg choice='opt'>--configdir<arg choice='plain'>DIRECTORY</arg></arg>

<arg choice='opt'>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg choice='opt'>-a<arg choice='plain'>ADDRESS</arg></arg>

<arg choice='opt'>--priority<arg choice='plain'>PRIORITY</arg></arg>

<arg choice='opt'>--servicename<arg choice='plain'>NAME</arg></arg>

<arg choice='opt'>--configdir<arg choice='plain'>DIRECTORY</arg></arg>

<arg choice='opt'>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

</cmdsynopsis>

100

<command>&COMMANDNAME;</command>

101

<arg choice='plain'>--version</arg>

102

</cmdsynopsis>

103

104

<command>&COMMANDNAME;</command>

105

<arg choice='plain'>--check</arg>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

<arg choice="plain"><option>--address

<replaceable>ADDRESS</replaceable></option></arg>

<arg choice="plain"><option>-a

<replaceable>ADDRESS</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--port

<arg choice="plain"><option>-p

</group>

<sbr/>

<arg><option>--priority

<replaceable>PRIORITY</replaceable></option></arg>

<sbr/>

<arg><option>--servicename

<sbr/>

<arg><option>--configdir

<replaceable>DIRECTORY</replaceable></option></arg>

<sbr/>

<arg><option>--debug</option></arg>

<sbr/>

<arg><option>--debuglevel

<replaceable>LEVEL</replaceable></option></arg>

<sbr/>

100

<sbr/>

101

102

<sbr/>

103

<arg><option>--no-restore</option></arg>

104

<sbr/>

105

<arg><option>--statedir

106

<replaceable>DIRECTORY</replaceable></option></arg>

107

<sbr/>

108

<arg><option>--socket

109

110

<sbr/>

111

<arg><option>--foreground</option></arg>

112

<sbr/>

113

<arg><option>--no-zeroconf</option></arg>

114

</cmdsynopsis>

115

116

<command>&COMMANDNAME;</command>

117

118

119

120

</group>

121

</cmdsynopsis>

122

123

<command>&COMMANDNAME;</command>

124

<arg choice="plain"><option>--version</option></arg>

125

</cmdsynopsis>

126

127

<command>&COMMANDNAME;</command>

128

<arg choice="plain"><option>--check</option></arg>

106

129

</cmdsynopsis>

107

130

</refsynopsisdiv>

108

131

109

132

110

133

<title>DESCRIPTION</title>

111

134

<para>

112

135

<command>&COMMANDNAME;</command> is a server daemon which

113

136

handles incoming request for passwords for a pre-defined list of

114

client host computers. The Mandos server uses Zeroconf to

115

announce itself on the local network, and uses GnuTLS to

116

communicate securely with and to authenticate the clients.

117

Mandos uses IPv6 link-local addresses, since the clients are

118

assumed to not have any other addresses configured. Any

119

authenticated client is then given the pre-encrypted password

120

for that specific client.

137

client host computers. For an introduction, see

138

<citerefentry><refentrytitle>intro</refentrytitle>

139

<manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server

140

uses Zeroconf to announce itself on the local network, and uses

141

TLS to communicate securely with and to authenticate the

142

clients. The Mandos server uses IPv6 to allow Mandos clients to

143

use IPv6 link-local addresses, since the clients will probably

144

not have any other addresses configured (see <xref

145

linkend="overview"/>). Any authenticated client is then given

146

the stored pre-encrypted password for that specific client.

121

147

</para>

122

123

148

</refsect1>

124

149

125

150

126

151

<title>PURPOSE</title>

127

128

152

<para>

129

153

The purpose of this is to enable <emphasis>remote and unattended

130

rebooting</emphasis> of any client host computer with an

131

<emphasis>encrypted root file system</emphasis>. The client

132

host computer should start a Mandos client in the initial RAM

133

disk environment, the Mandos client program communicates with

134

this server program to get an encrypted password, which is then

135

decrypted and used to unlock the encrypted root file system.

136

The client host computer can then continue its boot sequence

137

normally.

154

rebooting</emphasis> of client host computer with an

155

<emphasis>encrypted root file system</emphasis>. See <xref

156

linkend="overview"/> for details.

138

157

</para>

139

140

158

</refsect1>

141

159

142

160

143

161

<title>OPTIONS</title>

144

145

162

146

163

147

164

165

148

166

149

167

<para>

150

168

Show a help message and exit

151

169

</para>

152

170

</listitem>

153

171

</varlistentry>

154

155

156

<term><literal>-i</literal>, <literal>--interface <replaceable>

157

IF</replaceable></literal></term>

158

159

<para>

160

Only announce the server and listen to requests on network

161

interface <replaceable>IF</replaceable>. Default is to

162

use all available interfaces.

163

</para>

164

</listitem>

165

</varlistentry>

166

167

168

<term><literal>-a</literal>, <literal>--address <replaceable>

169

ADDRESS</replaceable></literal></term>

170

171

<para>

172

If this option is used, the server will only listen to a

173

specific address. This must currently be an IPv6 address;

174

an IPv4 address can be specified using the

175

<quote><literal>::FFFF:192.0.2.3</literal></quote> syntax.

176

Also, if a link-local address is specified, an interface

177

should be set, since a link-local address is only valid on

178

a single interface. By default, the server will listen to

179

all available addresses.

180

</para>

181

</listitem>

182

</varlistentry>

183

184

185

186

PORT</replaceable></literal></term>

187

188

<para>

189

If this option is used, the server to bind to that

190

port. By default, the server will listen to an arbitrary

191

port given by the operating system.

192

</para>

193

</listitem>

194

</varlistentry>

195

196

197

<term><literal>--check</literal></term>

198

199

<para>

200

Run the server's self-tests. This includes any unit

172

173

174

<term><option>--interface</option>

175

176

177

178

179

<xi:include href="mandos-options.xml" xpointer="interface"/>

180

</listitem>

181

</varlistentry>

182

183

184

<term><option>--address

185

<replaceable>ADDRESS</replaceable></option></term>

186

<term><option>-a

187

<replaceable>ADDRESS</replaceable></option></term>

188

189

<xi:include href="mandos-options.xml" xpointer="address"/>

190

</listitem>

191

</varlistentry>

192

193

194

<term><option>--port

195

196

<term><option>-p

197

198

199

<xi:include href="mandos-options.xml" xpointer="port"/>

200

</listitem>

201

</varlistentry>

202

203

204

<term><option>--check</option></term>

205

206

<para>

207

Run the server’s self-tests. This includes any unit

201

208

tests, etc.

202

209

</para>

203

210

</listitem>

204

211

</varlistentry>

205

206

207

<term><literal>--debug</literal></term>

208

209

<para>

210

If the server is run in debug mode, it will run in the

211

foreground and print a lot of debugging information. The

212

default is <emphasis>not</emphasis> to run in debug mode.

213

</para>

214

</listitem>

215

</varlistentry>

216

217

218

<term><literal>--priority <replaceable>

219

PRIORITY</replaceable></literal></term>

220

221

<para>

222

GnuTLS priority string for the TLS handshake with the

223

clients. See

224

<citerefentry><refentrytitle>gnutls_priority_init

225

</refentrytitle><manvolnum>3</manvolnum></citerefentry>

226

for the syntax. The default is

227

<quote><literal>SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP</literal></quote>.

228

<emphasis>Warning</emphasis>: changing this may make the

229

TLS handshake fail, making communication with clients

230

impossible.

231

</para>

232

</listitem>

233

</varlistentry>

234

235

236

<term><literal>--servicename <replaceable>NAME</replaceable>

237

</literal></term>

238

239

<para>

240

Zeroconf service name. The default is

241

<quote><literal>Mandos</literal></quote>. You only need

242

to change this if you for some reason want to run more

243

than one server on the same <emphasis>host</emphasis>,

244

which would not normally be useful. If there are name

245

collisions on the same <emphasis>network</emphasis>, the

246

newer server will automatically rename itself to

247

<quote><literal>Mandos #2</literal></quote>, and so on,

248

therefore this option is not needed in that case.

249

</para>

250

</listitem>

251

</varlistentry>

252

253

254

<term><literal>--configdir <replaceable>DIR</replaceable>

255

</literal></term>

212

213

214

<term><option>--debug</option></term>

215

216

<xi:include href="mandos-options.xml" xpointer="debug"/>

217

</listitem>

218

</varlistentry>

219

220

221

<term><option>--debuglevel

222

<replaceable>LEVEL</replaceable></option></term>

223

224

<para>

225

Set the debugging log level.

226

<replaceable>LEVEL</replaceable> is a string, one of

227

<quote><literal>CRITICAL</literal></quote>,

228

<quote><literal>ERROR</literal></quote>,

229

<quote><literal>WARNING</literal></quote>,

230

<quote><literal>INFO</literal></quote>, or

231

<quote><literal>DEBUG</literal></quote>, in order of

232

increasing verbosity. The default level is

233

<quote><literal>WARNING</literal></quote>.

234

</para>

235

</listitem>

236

</varlistentry>

237

238

239

<term><option>--priority <replaceable>

240

PRIORITY</replaceable></option></term>

241

242

<xi:include href="mandos-options.xml" xpointer="priority"/>

243

</listitem>

244

</varlistentry>

245

246

247

<term><option>--servicename

248

249

250

<xi:include href="mandos-options.xml"

251

xpointer="servicename"/>

252

</listitem>

253

</varlistentry>

254

255

256

<term><option>--configdir

257

<replaceable>DIRECTORY</replaceable></option></term>

256

258

257

259

<para>

258

260

Directory to search for configuration files. Default is

264

266

</para>

265

267

</listitem>

266

268

</varlistentry>

267

269

268

270

269

<term><literal>--version</literal></term>

271

<term><option>--version</option></term>

270

272

271

273

<para>

272

274

Prints the program version and exit.

273

275

</para>

274

276

</listitem>

275

277

</varlistentry>

278

279

280

281

282

<xi:include href="mandos-options.xml" xpointer="dbus"/>

283

<para>

284

See also <xref linkend="dbus_interface"/>.

285

</para>

286

</listitem>

287

</varlistentry>

288

289

290

291

292

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

293

</listitem>

294

</varlistentry>

295

296

297

<term><option>--no-restore</option></term>

298

299

<xi:include href="mandos-options.xml" xpointer="restore"/>

300

<para>

301

See also <xref linkend="persistent_state"/>.

302

</para>

303

</listitem>

304

</varlistentry>

305

306

307

<term><option>--statedir

308

<replaceable>DIRECTORY</replaceable></option></term>

309

310

<xi:include href="mandos-options.xml" xpointer="statedir"/>

311

</listitem>

312

</varlistentry>

313

314

315

<term><option>--socket

316

317

318

<xi:include href="mandos-options.xml" xpointer="socket"/>

319

</listitem>

320

</varlistentry>

321

322

323

<term><option>--foreground</option></term>

324

325

<xi:include href="mandos-options.xml"

326

xpointer="foreground"/>

327

</listitem>

328

</varlistentry>

329

330

331

<term><option>--no-zeroconf</option></term>

332

333

<xi:include href="mandos-options.xml" xpointer="zeroconf"/>

334

</listitem>

335

</varlistentry>

336

276

337

</variablelist>

277

338

</refsect1>

278

339

340

341

<title>OVERVIEW</title>

342

<xi:include href="overview.xml"/>

343

<para>

344

This program is the server part. It is a normal server program

345

and will run in a normal system environment, not in an initial

346

<acronym>RAM</acronym> disk environment.

347

</para>

348

</refsect1>

349

279

350

280

351

<title>NETWORK PROTOCOL</title>

281

352

<para>

307

378

308

379

</row>

309

380

<row>

310

381

311

382

312

383

</row>

313

384

<row>

333

404

</row>

334

405

</tbody></tgroup></table>

335

406

</refsect1>

336

407

337

408

338

409

<title>CHECKING</title>

339

410

<para>

340

411

The server will, by default, continually check that the clients

341

412

are still up. If a client has not been confirmed as being up

342

413

for some time, the client is assumed to be compromised and is no

343

longer eligible to receive the encrypted password. The timeout,

344

checker program and interval between checks can be configured

345

both globally and per client; see <citerefentry>

346

<refentrytitle>mandos.conf</refentrytitle>

347

414

longer eligible to receive the encrypted password. (Manual

415

intervention is required to re-enable a client.) The timeout,

416

extended timeout, checker program, and interval between checks

417

can be configured both globally and per client; see

418

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

419

<manvolnum>5</manvolnum></citerefentry>.

420

</para>

421

</refsect1>

422

423

424

<title>APPROVAL</title>

425

<para>

426

The server can be configured to require manual approval for a

427

client before it is sent its secret. The delay to wait for such

428

approval and the default action (approve or deny) can be

429

configured both globally and per client; see <citerefentry>

348

430

<refentrytitle>mandos-clients.conf</refentrytitle>

349

<manvolnum>5</manvolnum></citerefentry>.

350

</para>

431

<manvolnum>5</manvolnum></citerefentry>. By default all clients

432

will be approved immediately without delay.

433

</para>

434

<para>

435

This can be used to deny a client its secret if not manually

436

approved within a specified time. It can also be used to make

437

the server delay before giving a client its secret, allowing

438

optional manual denying of this specific client.

439

</para>

440

351

441

</refsect1>

352

442

353

443

354

444

<title>LOGGING</title>

355

445

<para>

356

The server will send log messaged with various severity levels

357

to <filename>/dev/log</filename>. With the

446

The server will send log message with various severity levels to

447

<filename class="devicefile">/dev/log</filename>. With the

358

448

<option>--debug</option> option, it will log even more messages,

359

449

and also show them on the console.

360

450

</para>

361

451

</refsect1>

362

452

453

454

<title>PERSISTENT STATE</title>

455

<para>

456

Client settings, initially read from

457

<filename>clients.conf</filename>, are persistent across

458

restarts, and run-time changes will override settings in

459

<filename>clients.conf</filename>. However, if a setting is

460

<emphasis>changed</emphasis> (or a client added, or removed) in

461

<filename>clients.conf</filename>, this will take precedence.

462

</para>

463

</refsect1>

464

465

466

<title>D-BUS INTERFACE</title>

467

<para>

468

The server will by default provide a D-Bus system bus interface.

469

This interface will only be accessible by the root user or a

470

Mandos-specific user, if such a user exists. For documentation

471

of the D-Bus API, see the file <filename>DBUS-API</filename>.

472

</para>

473

</refsect1>

474

363

475

364

476

<title>EXIT STATUS</title>

365

477

<para>

367

479

critical error is encountered.

368

480

</para>

369

481

</refsect1>

370

371

482

483

484

<title>ENVIRONMENT</title>

485

486

487

488

489

<para>

490

To start the configured checker (see <xref

491

linkend="checking"/>), the server uses

492

<filename>/bin/sh</filename>, which in turn uses

493

<varname>PATH</varname> to search for matching commands if

494

an absolute path is not given. See <citerefentry>

495

496

</citerefentry>.

497

</para>

498

</listitem>

499

</varlistentry>

500

</variablelist>

501

</refsect1>

502

503

372

504

<title>FILES</title>

373

505

<para>

374

506

Use the <option>--configdir</option> option to change where

397

529

</listitem>

398

530

</varlistentry>

399

531

400

<term><filename>/var/run/mandos/mandos.pid</filename></term>

401

402

<para>

403

The file containing the process id of

404

<command>&COMMANDNAME;</command>.

405

</para>

406

</listitem>

407

</varlistentry>

408

409

532

<term><filename>/run/mandos.pid</filename></term>

533

534

<para>

535

The file containing the process id of the

536

<command>&COMMANDNAME;</command> process started last.

537

<emphasis >Note:</emphasis> If the <filename

538

class="directory">/run</filename> directory does not

539

exist, <filename>/var/run/mandos.pid</filename> will be

540

used instead.

541

</para>

542

</listitem>

543

</varlistentry>

544

545

<term><filename

546

class="directory">/var/lib/mandos</filename></term>

547

548

<para>

549

Directory where persistent state will be saved. Change

550

this with the <option>--statedir</option> option. See

551

also the <option>--no-restore</option> option.

552

</para>

553

</listitem>

554

</varlistentry>

555

556

410

557

411

558

<para>

412

559

The Unix domain socket to where local syslog messages are

414

561

</para>

415

562

</listitem>

416

563

</varlistentry>

564

565

566

567

<para>

568

This is used to start the configured checker command for

569

each client. See <citerefentry>

570

<refentrytitle>mandos-clients.conf</refentrytitle>

571

<manvolnum>5</manvolnum></citerefentry> for details.

572

</para>

573

</listitem>

574

</varlistentry>

417

575

</variablelist>

418

576

</refsect1>

419

577

420

578

421

579

422

580

<para>

423

581

This server might, on especially fatal errors, emit a Python

424

582

backtrace. This could be considered a feature.

425

583

</para>

584

<para>

585

There is no fine-grained control over logging and debug output.

586

</para>

587

<para>

588

This server does not check the expire time of clients’ OpenPGP

589

keys.

590

</para>

591

<xi:include href="bugs.xml"/>

426

592

</refsect1>

427

428

429

<title>EXAMPLES</title>

593

594

595

<title>EXAMPLE</title>

430

596

431

597

<para>

432

598

Normal invocation needs no options:

433

599

</para>

434

600

<para>

435

<userinput>mandos</userinput>

601

<userinput>&COMMANDNAME;</userinput>

436

602

</para>

437

603

</informalexample>

438

604

439

605

<para>

440

Run the server in debug mode and read configuration files from

441

the <filename>~/mandos</filename> directory:

606

Run the server in debug mode, read configuration files from

607

the <filename class="directory">~/mandos</filename> directory,

608

and use the Zeroconf service name <quote>Test</quote> to not

609

collide with any other official Mandos server on this host:

442

610

</para>

443

611

<para>

444

612

445

613

446

<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>

614

<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>

447

615

448

616

</para>

449

617

</informalexample>

455

623

<para>

456

624

457

625

458

<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

626

<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

459

627

460

628

</para>

461

629

</informalexample>

462

630

</refsect1>

463

631

464

632

465

633

<title>SECURITY</title>

466

634

467

635

<title>SERVER</title>

468

636

<para>

469

Running the server should not in itself present any security

470

risk to the host computer running it.

637

Running this <command>&COMMANDNAME;</command> server program

638

should not in itself present any security risk to the host

639

computer running it. The program switches to a non-root user

640

soon after startup.

471

641

</para>

472

642

</refsect2>

473

643

474

644

<title>CLIENTS</title>

475

645

<para>

476

646

The server only gives out its stored data to clients which

481

651

itself and looks up the fingerprint in its list of

482

652

clients. The <filename>clients.conf</filename> file (see

483

653

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

484

<manvolnum>5</manvolnum></citerefentry>) must be non-readable

485

by anyone except the user running the server.

654

<manvolnum>5</manvolnum></citerefentry>)

655

<emphasis>must</emphasis> be made non-readable by anyone

656

except the user starting the server (usually root).

657

</para>

658

<para>

659

As detailed in <xref linkend="checking"/>, the status of all

660

client computers will continually be checked and be assumed

661

compromised if they are gone for too long.

486

662

</para>

487

663

<para>

488

664

For more details on client-side security, see

489

<citerefentry><refentrytitle>password-request</refentrytitle>

665

<citerefentry><refentrytitle>mandos-client</refentrytitle>

490

666

<manvolnum>8mandos</manvolnum></citerefentry>.

491

667

</para>

492

668

</refsect2>

493

669

</refsect1>

494

670

495

671

496

672

497

498

499

<citerefentry><refentrytitle>password-request</refentrytitle>

500

<manvolnum>8mandos</manvolnum></citerefentry>

501

</para></listitem>

502

503

504

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

505

<manvolnum>8mandos</manvolnum></citerefentry>

506

</para></listitem>

507

508

509

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

510

</para></listitem>

511

512

513

<ulink url="http://www.avahi.org/">Avahi</ulink>

514

</para></listitem>

515

516

517

<ulink

518

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

519

</para></listitem>

520

521

522

<citation>RFC 4880: <citetitle>OpenPGP Message

523

Format</citetitle></citation>

524

</para></listitem>

525

526

527

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

528

Transport Layer Security</citetitle></citation>

529

</para></listitem>

530

531

532

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

533

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

534

Unicast Addresses</citation>

535

</para></listitem>

536

</itemizedlist>

673

<para>

674

<citerefentry><refentrytitle>intro</refentrytitle>

675

<manvolnum>8mandos</manvolnum></citerefentry>,

676

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

677

<manvolnum>5</manvolnum></citerefentry>,

678

<citerefentry><refentrytitle>mandos.conf</refentrytitle>

679

<manvolnum>5</manvolnum></citerefentry>,

680

<citerefentry><refentrytitle>mandos-client</refentrytitle>

681

<manvolnum>8mandos</manvolnum></citerefentry>,

682

683

684

</para>

685

686

687

<term>

688

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

689

</term>

690

691

<para>

692

Zeroconf is the network protocol standard used by clients

693

for finding this Mandos server on the local network.

694

</para>

695

</listitem>

696

</varlistentry>

697

698

<term>

699

<ulink url="http://www.avahi.org/">Avahi</ulink>

700

</term>

701

702

<para>

703

Avahi is the library this server calls to implement

704

Zeroconf service announcements.

705

</para>

706

</listitem>

707

</varlistentry>

708

709

<term>

710

<ulink url="http://gnutls.org/">GnuTLS</ulink>

711

</term>

712

713

<para>

714

GnuTLS is the library this server uses to implement TLS for

715

communicating securely with the client, and at the same time

716

confidently get the client’s public OpenPGP key.

717

</para>

718

</listitem>

719

</varlistentry>

720

721

<term>

722

RFC 4291: <citetitle>IP Version 6 Addressing

723

Architecture</citetitle>

724

</term>

725

726

727

728

<term>Section 2.2: <citetitle>Text Representation of

729

Addresses</citetitle></term>

730

731

</varlistentry>

732

733

<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6

734

Address</citetitle></term>

735

736

</varlistentry>

737

738

<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast

739

Addresses</citetitle></term>

740

741

<para>

742

The clients use IPv6 link-local addresses, which are

743

immediately usable since a link-local addresses is

744

automatically assigned to a network interfaces when it

745

is brought up.

746

</para>

747

</listitem>

748

</varlistentry>

749

</variablelist>

750

</listitem>

751

</varlistentry>

752

753

<term>

754

RFC 5246: <citetitle>The Transport Layer Security (TLS)

755

Protocol Version 1.2</citetitle>

756

</term>

757

758

<para>

759

TLS 1.2 is the protocol implemented by GnuTLS.

760

</para>

761

</listitem>

762

</varlistentry>

763

764

<term>

765

RFC 4880: <citetitle>OpenPGP Message Format</citetitle>

766

</term>

767

768

<para>

769

The data sent to clients is binary encrypted OpenPGP data.

770

</para>

771

</listitem>

772

</varlistentry>

773

774

<term>

775

RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer

776

Security (TLS) Authentication</citetitle>

777

</term>

778

779

<para>

780

This is implemented by GnuTLS and used by this server so

781

that OpenPGP keys can be used.

782

</para>

783

</listitem>

784

</varlistentry>

785

</variablelist>

537

786

</refsect1>

538

787

</refentry>

788

789

790

791

792

Older »