/mandos/trunk : contents of INSTALL at revision 180

: (revision 180)

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

-*- org -*-

* Prerequisites
  
** Operating System
   
   Debian 5.0 "lenny" or Ubuntu 8.04 "Hardy Heron".
   
   This is mostly for scripts to make sure that the client is
   installed and started in the initial RAM disk environment and that
   the initrd.img file is automatically made unreadable.  The programs
   themselves *could* be run in other distributions, but they *are*
   specific to GNU/Linux systems, and not intended to be portable to
   other Unix systems.
  
** Libraries
   
   The following libraries and packages are needed.  (It is possible
   that it might work with older versions of some of these, but these
   versions are confirmed to work.  Newer versions are almost
   certainly OK.)
   
*** Documentation
    These are required to build the manual pages for both the server
    and client:
    
    + DocBook 4.5         http://www.docbook.org/
    + DocBook XSL stylesheets 1.71.0
                   http://wiki.docbook.org/topic/DocBookXslStylesheets
    
    Package names:
    docbook docbook-xsl
   
*** Mandos Server
    + GnuTLS 2.4          http://www.gnu.org/software/gnutls/
    + Avahi 0.6.16        http://www.avahi.org/
    + Python 2.4          http://www.python.org/
    + Python-GnuTLS 1.1.5 http://pypi.python.org/pypi/python-gnutls/
    + dbus-python 0.82.4  http://dbus.freedesktop.org/doc/dbus-python/
    + python-ctypes 1.0.0 http://pypi.python.org/pypi/ctypes
    
    Strongly recommended:
    + fping 2.4b2-to-ipv6 http://www.fping.com/
    
    Package names:
    python-gnutls avahi-daemon python2.5 python-avahi python-dbus
    python-ctypes
   
*** Mandos Client
    + initramfs-tools 0.85i
                  http://packages.qa.debian.org/i/initramfs-tools.html
    + GnuTLS 2.4          http://www.gnu.org/software/gnutls/
    + Avahi 0.6.16        http://www.avahi.org/
    + GnuPG 1.4.9         http://www.gnupg.org/
    + GPGME 1.1.6         http://www.gnupg.org/related_software/gpgme/
    
    Package names:
    initramfs-tools libgnutls-dev libavahi-core-dev gnupg
    libgpgme11-dev

* Installing the Mandos server
  
  1. Do "make doc".
  
  2. On the computer to run as a Mandos server, run the following
     command: "sudo make install-server".
    
     (This creates a configuration without any clients configured; we
     need an actually configured client to do that; see below.)

* Installing the Mandos client.
  
  1. Do "make all doc".
  
  2. On the computer to run as a Mandos client, run the following
     command: "sudo make install-client".  This will also create an
     OpenPGP key, which will take some time and entropy, so either
     wait patiently or frob your mouse until it's done.
  
  3. Run "mandos-keygen --password".  When prompted, enter the
     password/passphrase for the encrypted root file system on this
     client computer.  It will output a section of text, starting with
     a [section header].  Copy and paste this into the file
     "/etc/mandos/clients.conf" *on the server computer*.
  
  4. On the server computer, start the server by running the command
     "invoke-rc.d mandos start".

* Further customizations
  
  You may want to tighten or loosen the timeouts in the server
  configuration files; see mandos.conf(5) and mandos-clients.conf(5).
  Is IPsec is not used, it is suggested that a more cryptographically
  secure checker program is used and configured, since without IPsec
  ping packets can be faked.

179 by Teddy Hogeborn * INSTALL: New file.	1	-- org --
	2
	3	* Prerequisites
	4
180 by Teddy Hogeborn * INSTALL: More text. Better text.	5	** Operating System
	6
	7	Debian 5.0 "lenny" or Ubuntu 8.04 "Hardy Heron".
	8
	9	This is mostly for scripts to make sure that the client is
	10	installed and started in the initial RAM disk environment and that
	11	the initrd.img file is automatically made unreadable. The programs
	12	themselves could be run in other distributions, but they are
	13	specific to GNU/Linux systems, and not intended to be portable to
	14	other Unix systems.
	15
	16	** Libraries
	17
	18	The following libraries and packages are needed. (It is possible
	19	that it might work with older versions of some of these, but these
	20	versions are confirmed to work. Newer versions are almost
	21	certainly OK.)
	22
	23	*** Documentation
	24	These are required to build the manual pages for both the server
	25	and client:
	26
	27	+ DocBook 4.5 http://www.docbook.org/
	28	+ DocBook XSL stylesheets 1.71.0
179 by Teddy Hogeborn * INSTALL: New file.	29	http://wiki.docbook.org/topic/DocBookXslStylesheets
180 by Teddy Hogeborn * INSTALL: More text. Better text.	30
	31	Package names:
	32	docbook docbook-xsl
	33
	34	*** Mandos Server
	35	+ GnuTLS 2.4 http://www.gnu.org/software/gnutls/
	36	+ Avahi 0.6.16 http://www.avahi.org/
	37	+ Python 2.4 http://www.python.org/
	38	+ Python-GnuTLS 1.1.5 http://pypi.python.org/pypi/python-gnutls/
	39	+ dbus-python 0.82.4 http://dbus.freedesktop.org/doc/dbus-python/
	40	+ python-ctypes 1.0.0 http://pypi.python.org/pypi/ctypes
	41
	42	Strongly recommended:
	43	+ fping 2.4b2-to-ipv6 http://www.fping.com/
	44
	45	Package names:
	46	python-gnutls avahi-daemon python2.5 python-avahi python-dbus
	47	python-ctypes
	48
	49	*** Mandos Client
	50	+ initramfs-tools 0.85i
179 by Teddy Hogeborn * INSTALL: New file.	51	http://packages.qa.debian.org/i/initramfs-tools.html
180 by Teddy Hogeborn * INSTALL: More text. Better text.	52	+ GnuTLS 2.4 http://www.gnu.org/software/gnutls/
	53	+ Avahi 0.6.16 http://www.avahi.org/
	54	+ GnuPG 1.4.9 http://www.gnupg.org/
	55	+ GPGME 1.1.6 http://www.gnupg.org/related_software/gpgme/
	56
	57	Package names:
	58	initramfs-tools libgnutls-dev libavahi-core-dev gnupg
	59	libgpgme11-dev
179 by Teddy Hogeborn * INSTALL: New file.	60
	61	* Installing the Mandos server
	62
180 by Teddy Hogeborn * INSTALL: More text. Better text.	63	1. Do "make doc".
179 by Teddy Hogeborn * INSTALL: New file.	64
180 by Teddy Hogeborn * INSTALL: More text. Better text.	65	2. On the computer to run as a Mandos server, run the following
180 by Teddy Hogeborn * INSTALL: More text. Better text.	66	command: "sudo make install-server".
179 by Teddy Hogeborn * INSTALL: New file.	67
180 by Teddy Hogeborn * INSTALL: More text. Better text.	68	(This creates a configuration without any clients configured; we
180 by Teddy Hogeborn * INSTALL: More text. Better text.	69	need an actually configured client to do that; see below.)
179 by Teddy Hogeborn * INSTALL: New file.	70
	71	* Installing the Mandos client.
	72
180 by Teddy Hogeborn * INSTALL: More text. Better text.	73	1. Do "make all doc".
	74
	75	2. On the computer to run as a Mandos client, run the following
	76	command: "sudo make install-client". This will also create an
	77	OpenPGP key, which will take some time and entropy, so either
	78	wait patiently or frob your mouse until it's done.
	79
	80	3. Run "mandos-keygen --password". When prompted, enter the
	81	password/passphrase for the encrypted root file system on this
	82	client computer. It will output a section of text, starting with
	83	a [section header]. Copy and paste this into the file
	84	"/etc/mandos/clients.conf" on the server computer.
	85
	86	4. On the server computer, start the server by running the command
	87	"invoke-rc.d mandos start".
179 by Teddy Hogeborn * INSTALL: New file.	88
	89	* Further customizations
	90
	91	You may want to tighten or loosen the timeouts in the server
	92	configuration files; see mandos.conf(5) and mandos-clients.conf(5).
	93	Is IPsec is not used, it is suggested that a more cryptographically
	94	secure checker program is used and configured, since without IPsec
	95	ping packets can be faked.