/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2018-08-19 01:35:11 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 368.
  • Revision ID: teddy@recompile.se-20180819013511-cku25q9yeub3dnr0
Adapt to changes in cryptsetup; use "cryptroot-unlock" program

* Makefile (install-client-nokey): Also install new script files
  "mandos-to-cryptroot-unlock" and "initramfs-tools-script-stop".
* debian/mandos-client.dirs: Add
  "usr/share/initramfs-tools/scripts/local-premount".
* initramfs-tools-hook: Also copy "mandos-to-cryptroot-unlock".
* initramfs-tools-script: Only modify keyscript setting in cryptroot
  file if the file exists, otherwise start
  "mandos-to-cryptroot-unlock" in background.
* initramfs-tools-script-stop: New script to make sure plugin-runner
  has stopped before continuing.
* mandos-to-cryptroot-unlock: New script to run plugin-runner and feed
  any password it gets into the "cryptroot-unlock" program.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2011-08-08">
 
5
<!ENTITY TIMESTAMP "2018-02-08">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
35
35
      <year>2009</year>
36
36
      <year>2010</year>
37
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
 
43
      <year>2017</year>
 
44
      <year>2018</year>
38
45
      <holder>Teddy Hogeborn</holder>
39
46
      <holder>Björn Påhlsson</holder>
40
47
    </copyright>
94
101
      <arg><option>--no-dbus</option></arg>
95
102
      <sbr/>
96
103
      <arg><option>--no-ipv6</option></arg>
 
104
      <sbr/>
 
105
      <arg><option>--no-restore</option></arg>
 
106
      <sbr/>
 
107
      <arg><option>--statedir
 
108
      <replaceable>DIRECTORY</replaceable></option></arg>
 
109
      <sbr/>
 
110
      <arg><option>--socket
 
111
      <replaceable>FD</replaceable></option></arg>
 
112
      <sbr/>
 
113
      <arg><option>--foreground</option></arg>
 
114
      <sbr/>
 
115
      <arg><option>--no-zeroconf</option></arg>
97
116
    </cmdsynopsis>
98
117
    <cmdsynopsis>
99
118
      <command>&COMMANDNAME;</command>
275
294
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
276
295
        </listitem>
277
296
      </varlistentry>
 
297
      
 
298
      <varlistentry>
 
299
        <term><option>--no-restore</option></term>
 
300
        <listitem>
 
301
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
302
          <para>
 
303
            See also <xref linkend="persistent_state"/>.
 
304
          </para>
 
305
        </listitem>
 
306
      </varlistentry>
 
307
      
 
308
      <varlistentry>
 
309
        <term><option>--statedir
 
310
        <replaceable>DIRECTORY</replaceable></option></term>
 
311
        <listitem>
 
312
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
313
        </listitem>
 
314
      </varlistentry>
 
315
      
 
316
      <varlistentry>
 
317
        <term><option>--socket
 
318
        <replaceable>FD</replaceable></option></term>
 
319
        <listitem>
 
320
          <xi:include href="mandos-options.xml" xpointer="socket"/>
 
321
        </listitem>
 
322
      </varlistentry>
 
323
      
 
324
      <varlistentry>
 
325
        <term><option>--foreground</option></term>
 
326
        <listitem>
 
327
          <xi:include href="mandos-options.xml"
 
328
                      xpointer="foreground"/>
 
329
        </listitem>
 
330
      </varlistentry>
 
331
      
 
332
      <varlistentry>
 
333
        <term><option>--no-zeroconf</option></term>
 
334
        <listitem>
 
335
          <xi:include href="mandos-options.xml" xpointer="zeroconf"/>
 
336
        </listitem>
 
337
      </varlistentry>
 
338
      
278
339
    </variablelist>
279
340
  </refsect1>
280
341
  
357
418
      extended timeout, checker program, and interval between checks
358
419
      can be configured both globally and per client; see
359
420
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
360
 
      <manvolnum>5</manvolnum></citerefentry>.  A client successfully
361
 
      receiving its password will also be treated as a successful
362
 
      checker run.
 
421
      <manvolnum>5</manvolnum></citerefentry>.
363
422
    </para>
364
423
  </refsect1>
365
424
  
387
446
    <title>LOGGING</title>
388
447
    <para>
389
448
      The server will send log message with various severity levels to
390
 
      <filename>/dev/log</filename>.  With the
 
449
      <filename class="devicefile">/dev/log</filename>.  With the
391
450
      <option>--debug</option> option, it will log even more messages,
392
451
      and also show them on the console.
393
452
    </para>
394
453
  </refsect1>
395
454
  
 
455
  <refsect1 id="persistent_state">
 
456
    <title>PERSISTENT STATE</title>
 
457
    <para>
 
458
      Client settings, initially read from
 
459
      <filename>clients.conf</filename>, are persistent across
 
460
      restarts, and run-time changes will override settings in
 
461
      <filename>clients.conf</filename>.  However, if a setting is
 
462
      <emphasis>changed</emphasis> (or a client added, or removed) in
 
463
      <filename>clients.conf</filename>, this will take precedence.
 
464
    </para>
 
465
  </refsect1>
 
466
  
396
467
  <refsect1 id="dbus_interface">
397
468
    <title>D-BUS INTERFACE</title>
398
469
    <para>
460
531
        </listitem>
461
532
      </varlistentry>
462
533
      <varlistentry>
463
 
        <term><filename>/var/run/mandos.pid</filename></term>
 
534
        <term><filename>/run/mandos.pid</filename></term>
464
535
        <listitem>
465
536
          <para>
466
537
            The file containing the process id of the
467
538
            <command>&COMMANDNAME;</command> process started last.
468
 
          </para>
469
 
        </listitem>
470
 
      </varlistentry>
471
 
      <varlistentry>
472
 
        <term><filename>/dev/log</filename></term>
 
539
            <emphasis >Note:</emphasis> If the <filename
 
540
            class="directory">/run</filename> directory does not
 
541
            exist, <filename>/var/run/mandos.pid</filename> will be
 
542
            used instead.
 
543
          </para>
 
544
        </listitem>
 
545
      </varlistentry>
 
546
      <varlistentry>
 
547
        <term><filename
 
548
        class="directory">/var/lib/mandos</filename></term>
 
549
        <listitem>
 
550
          <para>
 
551
            Directory where persistent state will be saved.  Change
 
552
            this with the <option>--statedir</option> option.  See
 
553
            also the <option>--no-restore</option> option.
 
554
          </para>
 
555
        </listitem>
 
556
      </varlistentry>
 
557
      <varlistentry>
 
558
        <term><filename class="devicefile">/dev/log</filename></term>
473
559
        <listitem>
474
560
          <para>
475
561
            The Unix domain socket to where local syslog messages are
498
584
      backtrace.  This could be considered a feature.
499
585
    </para>
500
586
    <para>
501
 
      Currently, if a client is disabled due to having timed out, the
502
 
      server does not record this fact onto permanent storage.  This
503
 
      has some security implications, see <xref linkend="clients"/>.
504
 
    </para>
505
 
    <para>
506
587
      There is no fine-grained control over logging and debug output.
507
588
    </para>
508
589
    <para>
509
 
      Debug mode is conflated with running in the foreground.
510
 
    </para>
511
 
    <para>
512
 
      The console log messages do not show a time stamp.
513
 
    </para>
514
 
    <para>
515
590
      This server does not check the expire time of clients’ OpenPGP
516
591
      keys.
517
592
    </para>
 
593
    <xi:include href="bugs.xml"/>
518
594
  </refsect1>
519
595
  
520
596
  <refsect1 id="example">
530
606
    <informalexample>
531
607
      <para>
532
608
        Run the server in debug mode, read configuration files from
533
 
        the <filename>~/mandos</filename> directory, and use the
534
 
        Zeroconf service name <quote>Test</quote> to not collide with
535
 
        any other official Mandos server on this host:
 
609
        the <filename class="directory">~/mandos</filename> directory,
 
610
        and use the Zeroconf service name <quote>Test</quote> to not
 
611
        collide with any other official Mandos server on this host:
536
612
      </para>
537
613
      <para>
538
614
 
587
663
        compromised if they are gone for too long.
588
664
      </para>
589
665
      <para>
590
 
        If a client is compromised, its downtime should be duly noted
591
 
        by the server which would therefore disable the client.  But
592
 
        if the server was ever restarted, it would re-read its client
593
 
        list from its configuration file and again regard all clients
594
 
        therein as enabled, and hence eligible to receive their
595
 
        passwords.  Therefore, be careful when restarting servers if
596
 
        it is suspected that a client has, in fact, been compromised
597
 
        by parties who may now be running a fake Mandos client with
598
 
        the keys from the non-encrypted initial <acronym>RAM</acronym>
599
 
        image of the client host.  What should be done in that case
600
 
        (if restarting the server program really is necessary) is to
601
 
        stop the server program, edit the configuration file to omit
602
 
        any suspect clients, and restart the server program.
603
 
      </para>
604
 
      <para>
605
666
        For more details on client-side security, see
606
667
        <citerefentry><refentrytitle>mandos-client</refentrytitle>
607
668
        <manvolnum>8mandos</manvolnum></citerefentry>.
648
709
      </varlistentry>
649
710
      <varlistentry>
650
711
        <term>
651
 
          <ulink url="http://www.gnu.org/software/gnutls/"
652
 
          >GnuTLS</ulink>
 
712
          <ulink url="https://gnutls.org/">GnuTLS</ulink>
653
713
        </term>
654
714
      <listitem>
655
715
        <para>
693
753
      </varlistentry>
694
754
      <varlistentry>
695
755
        <term>
696
 
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
697
 
          Protocol Version 1.1</citetitle>
 
756
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
 
757
          Protocol Version 1.2</citetitle>
698
758
        </term>
699
759
      <listitem>
700
760
        <para>
701
 
          TLS 1.1 is the protocol implemented by GnuTLS.
 
761
          TLS 1.2 is the protocol implemented by GnuTLS.
702
762
        </para>
703
763
      </listitem>
704
764
      </varlistentry>
714
774
      </varlistentry>
715
775
      <varlistentry>
716
776
        <term>
717
 
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
718
 
          Security</citetitle>
 
777
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
 
778
          Security (TLS) Authentication</citetitle>
719
779
        </term>
720
780
      <listitem>
721
781
        <para>