/mandos/release : revision 83

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-17 20:34:18 UTC
Revision ID: teddy@fukt.bsnet.se-20080817203418-l691ahxyc7vmezad

* Makefile (MANPOST): Bug fix: do not replace *all* "een" with "en".

* mandos.xml: More improvements.  Replaced " with <quote>'s.
  (NETWORK PROTOCOL): Replaced <informaltable> with <table> with a
                      <title>.
  (CHECKING): New section describing the continual checking of
              clients.
  (LOGGING): We log to /dev/log, not syslog(3).
  (FILES): Changed to use a <variablelist> instead of an
           <itemizedlist>.  Added "/dev/log" and brief descriptions of
           all files.
  (BUGS): Added content.
  (EXAMPLES): - '' -
  (SECURITY): Added content to subsections "SERVER" and "CLIENTS".

files removed:
overview.xml

files modified:
Makefile

mandos.xml

plugins.d/password-request.c

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<?xml version='1.0' encoding='UTF-8'?>

<?xml-stylesheet type="text/xsl"

href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY OVERVIEW SYSTEM "overview.xml">

<title>&COMMANDNAME;</title>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

<command>&COMMANDNAME;</command>

<arg choice="opt">--interface<arg choice="plain">IF</arg></arg>

<arg choice="opt">--address<arg choice="plain">ADDRESS</arg></arg>

<arg choice="opt">--priority<arg choice="plain">PRIORITY</arg></arg>

<arg choice="opt">--servicename<arg choice="plain">NAME</arg></arg>

<arg choice="opt">--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg choice="opt">--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg choice="opt">-a<arg choice="plain">ADDRESS</arg></arg>

<arg choice="opt">--priority<arg choice="plain">PRIORITY</arg></arg>

<arg choice="opt">--servicename<arg choice="plain">NAME</arg></arg>

<arg choice="opt">--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg choice="opt">--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

100

<arg choice="plain">--version</arg>

101

</cmdsynopsis>

102

103

<command>&COMMANDNAME;</command>

104

<arg choice="plain">--check</arg>

<arg choice='opt'>--interface<arg choice='plain'>IF</arg></arg>

<arg choice='opt'>--address<arg choice='plain'>ADDRESS</arg></arg>

<arg choice='opt'>--priority<arg choice='plain'>PRIORITY</arg></arg>

<arg choice='opt'>--servicename<arg choice='plain'>NAME</arg></arg>

<arg choice='opt'>--configdir<arg choice='plain'>DIRECTORY</arg></arg>

<arg choice='opt'>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg choice='opt'>-a<arg choice='plain'>ADDRESS</arg></arg>

<arg choice='opt'>--priority<arg choice='plain'>PRIORITY</arg></arg>

<arg choice='opt'>--servicename<arg choice='plain'>NAME</arg></arg>

<arg choice='opt'>--configdir<arg choice='plain'>DIRECTORY</arg></arg>

<arg choice='opt'>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

</cmdsynopsis>

100

<command>&COMMANDNAME;</command>

101

<arg choice='plain'>--version</arg>

102

</cmdsynopsis>

103

104

<command>&COMMANDNAME;</command>

105

<arg choice='plain'>--check</arg>

105

106

</cmdsynopsis>

106

107

</refsynopsisdiv>

107

108

111

112

<command>&COMMANDNAME;</command> is a server daemon which

112

113

handles incoming request for passwords for a pre-defined list of

113

114

client host computers. The Mandos server uses Zeroconf to

114

announce itself on the local network, and uses TLS to

115

communicate securely with and to authenticate the clients. The

116

Mandos server uses IPv6 to allow Mandos clients to use IPv6

117

link-local addresses, since the clients will probably not have

118

any other addresses configured (see <xref linkend="overview"/>).

119

Any authenticated client is then given the stored pre-encrypted

120

password for that specific client.

115

announce itself on the local network, and uses GnuTLS to

116

communicate securely with and to authenticate the clients.

117

Mandos uses IPv6 link-local addresses, since the clients are

118

assumed to not have any other addresses configured. Any

119

authenticated client is then given the pre-encrypted password

120

for that specific client.

121

</para>

122

123

</refsect1>

127

128

<para>

129

The purpose of this is to enable <emphasis>remote and unattended

130

rebooting</emphasis> of client host computer with an

131

<emphasis>encrypted root file system</emphasis>. See <xref

132

linkend="overview"/> for details.

130

rebooting</emphasis> of any client host computer with an

131

<emphasis>encrypted root file system</emphasis>. The client

132

host computer should start a Mandos client in the initial RAM

133

disk environment, the Mandos client program communicates with

134

this server program to get an encrypted password, which is then

135

decrypted and used to unlock the encrypted root file system.

136

The client host computer can then continue its boot sequence

137

normally.

133

138

</para>

134

139

135

140

</refsect1>

192

197

<term><literal>--check</literal></term>

193

198

194

199

<para>

195

Run the server’s self-tests. This includes any unit

200

Run the server's self-tests. This includes any unit

196

201

tests, etc.

197

202

</para>

198

203

</listitem>

215

220

216

221

<para>

217

222

GnuTLS priority string for the TLS handshake with the

218

clients. The default is

223

clients. See

224

<citerefentry><refentrytitle>gnutls_priority_init

225

</refentrytitle><manvolnum>3</manvolnum></citerefentry>

226

for the syntax. The default is

219

227

<quote><literal>SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP</literal></quote>.

220

See <citerefentry><refentrytitle>gnutls_priority_init

221

</refentrytitle><manvolnum>3</manvolnum></citerefentry>

222

for the syntax. <emphasis>Warning</emphasis>: changing

223

this may make the TLS handshake fail, making communication

224

with clients impossible.

228

<emphasis>Warning</emphasis>: changing this may make the

229

TLS handshake fail, making communication with clients

230

impossible.

225

231

</para>

226

232

</listitem>

227

233

</varlistentry>

238

244

which would not normally be useful. If there are name

239

245

collisions on the same <emphasis>network</emphasis>, the

240

246

newer server will automatically rename itself to

241

<quote><literal>Mandos #2</literal></quote>, and so on;

242

therefore, this option is not needed in that case.

247

<quote><literal>Mandos #2</literal></quote>, and so on,

248

therefore this option is not needed in that case.

243

249

</para>

244

250

</listitem>

245

251

</varlistentry>

270

276

</variablelist>

271

277

</refsect1>

272

278

273

274

<title>OVERVIEW</title>

275

&OVERVIEW;

276

<para>

277

This program is the server part. It is a normal server program

278

and will run in a normal system environment, not in an initial

279

RAM disk environment.

280

</para>

281

</refsect1>

282

283

279

284

280

<title>NETWORK PROTOCOL</title>

285

281

<para>

345

341

are still up. If a client has not been confirmed as being up

346

342

for some time, the client is assumed to be compromised and is no

347

343

longer eligible to receive the encrypted password. The timeout,

348

checker program, and interval between checks can be configured

344

checker program and interval between checks can be configured

349

345

both globally and per client; see <citerefentry>

350

346

<refentrytitle>mandos.conf</refentrytitle>

351

347

441

437

</informalexample>

442

438

443

439

<para>

444

Run the server in debug mode, read configuration files from

445

the <filename>~/mandos</filename> directory, and use the

446

Zeroconf service name <quote>Test</quote> to not collide with

447

any other official Mandos server on this host:

440

Run the server in debug mode and read configuration files from

441

the <filename>~/mandos</filename> directory:

448

442

</para>

449

443

<para>

450

444

472

466

473

467

<title>SERVER</title>

474

468

<para>

475

Running this &COMMANDNAME; server program should not in itself

476

present any security risk to the host computer running it.

477

The program does not need any special privileges to run, and

478

is designed to run as a non-root user.

469

Running the server should not in itself present any security

470

risk to the host computer running it.

479

471

</para>

480

472

</refsect2>

481

473

489

481

itself and looks up the fingerprint in its list of

490

482

clients. The <filename>clients.conf</filename> file (see

491

483

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

492

<manvolnum>5</manvolnum></citerefentry>)

493

<emphasis>must</emphasis> be made non-readable by anyone

494

except the user running the server.

495

</para>

496

<para>

497

As detailed in <xref linkend="checking"/>, the status of all

498

client computers will continually be checked and be assumed

499

compromised if they are gone for too long.

484

<manvolnum>5</manvolnum></citerefentry>) must be non-readable

485

by anyone except the user running the server.

500

486

</para>

501

487

<para>

502

488

For more details on client-side security, see

508

494

509

495

510

496

511

512

513

<term>

514

515

<refentrytitle>password-request</refentrytitle>

516

<manvolnum>8mandos</manvolnum>

517

</citerefentry>

518

</term>

519

520

<para>

521

This is the actual program which talks to this server.

522

Note that it is normally not invoked directly, and is only

523

run in the initial RAM disk environment, and not on a

524

fully started system.

525

</para>

526

</listitem>

527

</varlistentry>

528

529

<term>

530

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

531

</term>

532

533

<para>

534

Zeroconf is the network protocol standard used by clients

535

for finding this Mandos server on the local network.

536

</para>

537

</listitem>

538

</varlistentry>

539

540

<term>

541

<ulink url="http://www.avahi.org/">Avahi</ulink>

542

</term>

543

544

<para>

545

Avahi is the library this server calls to implement

546

Zeroconf service announcements.

547

</para>

548

</listitem>

549

</varlistentry>

550

551

<term>

552

<ulink

553

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

554

</term>

555

556

<para>

557

GnuTLS is the library this server uses to implement TLS for

558

communicating securely with the client, and at the same time

559

confidently get the client’s public OpenPGP key.

560

</para>

561

</listitem>

562

</varlistentry>

563

564

<term>

565

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

566

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

567

Unicast Addresses</citation>

568

</term>

569

570

<para>

571

The clients use IPv6 link-local addresses, which are

572

immediately usable since a link-local addresses is

573

automatically assigned to a network interfaces when it is

574

brought up.

575

</para>

576

</listitem>

577

</varlistentry>

578

579

<term>

580

<citation>RFC 4346: <citetitle>The Transport Layer Security

581

(TLS) Protocol Version 1.1</citetitle></citation>

582

</term>

583

584

<para>

585

TLS 1.1 is the protocol implemented by GnuTLS.

586

</para>

587

</listitem>

588

</varlistentry>

589

590

<term>

591

<citation>RFC 4880: <citetitle>OpenPGP Message

592

Format</citetitle></citation>

593

</term>

594

595

<para>

596

The data sent to clients is binary encrypted OpenPGP data.

597

</para>

598

</listitem>

599

</varlistentry>

600

601

<term>

602

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

603

Transport Layer Security</citetitle></citation>

604

</term>

605

606

<para>

607

This is implemented by GnuTLS and used by this server so

608

that OpenPGP keys can be used.

609

</para>

610

</listitem>

611

</varlistentry>

612

</variablelist>

497

498

499

<citerefentry><refentrytitle>password-request</refentrytitle>

500

<manvolnum>8mandos</manvolnum></citerefentry>

501

</para></listitem>

502

503

504

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

505

<manvolnum>8mandos</manvolnum></citerefentry>

506

</para></listitem>

507

508

509

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

510

</para></listitem>

511

512

513

<ulink url="http://www.avahi.org/">Avahi</ulink>

514

</para></listitem>

515

516

517

<ulink

518

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

519

</para></listitem>

520

521

522

<citation>RFC 4880: <citetitle>OpenPGP Message

523

Format</citetitle></citation>

524

</para></listitem>

525

526

527

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

528

Transport Layer Security</citetitle></citation>

529

</para></listitem>

530

531

532

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

533

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

534

Unicast Addresses</citation>

535

</para></listitem>

536

</itemizedlist>

613

537

</refsect1>

614

538

</refentry>

Older »