=== modified file 'Makefile' --- Makefile 2008-09-04 21:42:02 +0000 +++ Makefile 2008-09-05 07:11:24 +0000 @@ -17,6 +17,8 @@ PREFIX=$(DESTDIR)/usr # CONFDIR=/usr/local/lib/mandos CONFDIR=$(DESTDIR)/etc/mandos +# KEYDIR=/usr/local/lib/mandos/keys +KEYDIR=$(DESTDIR)/etc/keys/mandos # MANDIR=/usr/local/man MANDIR=$(DESTDIR)/usr/share/man @@ -121,21 +123,21 @@ # Used by run-server confdir/mandos.conf: mandos.conf install --directory confdir - install --mode=0644 $^ $@ + install --mode=u=rw,go=r $^ $@ confdir/clients.conf: clients.conf keydir/seckey.txt install --directory confdir - install --mode=0640 $< $@ + install --mode=u=rw,g=r $< $@ # Add a client password ./mandos-keygen --dir keydir --password >> $@ install: install-server install-client install-server: doc - install --directory --parents $(CONFDIR) $(MANDIR)/man5 \ + install --directory $(CONFDIR) $(MANDIR)/man5 \ $(MANDIR)/man8 - install --mode=0755 mandos $(PREFIX)/sbin/mandos - install --mode=0644 --target-directory=$(CONFDIR) mandos.conf - install --mode=0640 --target-directory=$(CONFDIR) \ + install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos + install --mode=u=rw,go=r --target-directory=$(CONFDIR) mandos.conf + install --mode=u=rw,g=r --target-directory=$(CONFDIR) \ clients.conf gzip --best --to-stdout mandos.8 \ > $(MANDIR)/man8/mandos.8.gz @@ -145,26 +147,34 @@ > $(MANDIR)/man5/mandos-clients.conf.5.gz install-client: all doc /usr/share/initramfs-tools/hooks/. - install --directory --parents $(PREFIX)/lib/mandos \ - $(CONFDIR) $(MANDIR)/man8 - install --directory --mode=0700 $(PREFIX)/lib/mandos/plugins.d - chmod u=rwx,g=,o= $(PREFIX)/lib/mandos/plugins.d - install --mode=0755 --target-directory=$(PREFIX)/lib/mandos \ + install --directory $(PREFIX)/lib/mandos $(CONFDIR) \ + $(MANDIR)/man8 + install --directory --mode=u=rwx $(KEYDIR) + install --directory --mode=u=rwx $(PREFIX)/lib/mandos/plugins.d + if [ "$(CONFDIR)/plugins.d" \ + != "$(PREFIX)/lib/mandos/plugins.d" ]; then \ + install --directory "$(CONFDIR)/plugins.d"; \ + fi + install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/lib/mandos \ plugin-runner - install --mode=0755 --target-directory=$(PREFIX)/sbin \ + install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \ mandos-keygen - install --mode=0755 \ + install --mode=u=rwx,go=rx \ --target-directory=$(PREFIX)/lib/mandos/plugins.d \ plugins.d/password-prompt - install --mode=4755 \ + install --mode=u=rwxs,go=rx \ --target-directory=$(PREFIX)/lib/mandos/plugins.d \ plugins.d/password-request + install --mode=u=rwx,go=rx \ + --target-directory=$(PREFIX)/lib/mandos/plugins.d \ + plugins.d/usplash install initramfs-tools-hook \ /usr/share/initramfs-tools/hooks/mandos install initramfs-tools-hook-conf \ /usr/share/initramfs-tools/conf-hooks.d/mandos install initramfs-tools-script \ /usr/share/initramfs-tools/scripts/local-top/mandos + install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR) gzip --best --to-stdout mandos-keygen.8 \ > $(MANDIR)/man8/mandos-keygen.8.gz gzip --best --to-stdout plugin-runner.8mandos \ @@ -173,12 +183,13 @@ > $(MANDIR)/man8/password-prompt.8mandos.gz gzip --best --to-stdout plugins.d/password-request.8mandos \ > $(MANDIR)/man8/password-request.8mandos.gz - -$(PREFIX)/sbin/mandos-keygen + -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)" update-initramfs -k all -u + echo "Now run mandos-keygen --password --dir $(KEYDIR)" uninstall: uninstall-server uninstall-client -uninstall-server: $(PREFIX)/sbin/mandos +uninstall-server: -rm --force $(PREFIX)/sbin/mandos \ $(MANDIR)/man8/mandos.8.gz \ $(MANDIR)/man5/mandos.conf.5.gz \ @@ -211,5 +222,6 @@ -rmdir $(CONFDIR) purge-client: uninstall-client - -rm --force $(CONFDIR)/seckey.txt $(CONFDIR)/pubkey.txt - -rmdir $(CONFDIR) $(CONFDIR)/plugins.d + -shred --remove $(KEYDIR)/seckey.txt + -rm --force $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt + -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR) === modified file 'README' --- README 2008-09-04 12:38:35 +0000 +++ README 2008-09-05 07:11:24 +0000 @@ -77,10 +77,10 @@ not likely. If someone does that, the whole system *will* lock itself up completely, since Mandos servers are no longer running. - For sophisticated attackers who *could* do such a thing, *and* had - physical access to the server for enough time, it would be simpler - to get a key for an encrypted file system by using hardware memory - scanners and reading it right off the memory bus. + For sophisticated attackers who *could* do the clever thing, *and* + had physical access to the server for enough time, it would be + simpler to get a key for an encrypted file system by using hardware + memory scanners and reading it right off the memory bus. ** Replay attacks? Nope, the network stuff is all done over TLS, which provides === modified file 'TODO' --- TODO 2008-09-04 07:30:58 +0000 +++ TODO 2008-09-05 07:11:24 +0000 @@ -50,8 +50,6 @@ This seems to use some kind of "trigger" system [[file:/usr/share/doc/dpkg/triggers.txt.gz]] dpkg-trigger(1), deb-triggers(5) -*** Keydir move: /etc/mandos -> /etc/keys/mandos - Must create in preinst if not pre-depending on cryptsetup *** mandos-keygen **** "--passfile" option Using the "secfile" option instead of "secret" @@ -60,6 +58,9 @@ ** Server-side *** [#A] Create mandos user and group for server *** [#A] Create /var/run/mandos directory with perm and ownership +*** [#A] install rc.d script and do update-rc.d + between config files and man pages + * [#A] Package ** /usr/share/initramfs-tools/hooks/mandos === modified file 'initramfs-tools-hook' --- initramfs-tools-hook 2008-09-04 12:38:35 +0000 +++ initramfs-tools-hook 2008-09-05 07:11:24 +0000 @@ -29,15 +29,28 @@ . /usr/share/initramfs-tools/hook-functions -if [ -d /usr/lib/mandos ]; then - prefix=/usr -elif [ -d /usr/local/lib/mandos ]; then - prefix=/usr/local -else +for d in /usr /usr/local; do + if [ -d "$d"/lib/mandos ]; then + prefix="$d" + break + fi +done +if [ -z "$prefix" ]; then # Mandos not found exit 1 fi +for d in /etc/keys/mandos /usr/local/lib/mandos/keys; do + if [ -d "$d" ]; then + keydir="$d" + break + fi +done +if [ -z "$keydir" ]; then + # Mandos key directory not found + exit 1 +fi + # The Mandos network client uses the network auto_add_modules net # The Mandos network client uses IPv6 @@ -53,7 +66,7 @@ mkdir --parents "${DESTDIR}${PLUGINDIR}" # Copy the Mandos plugin runner -copy_exec "$prefix"/lib/mandos/plugin-runner "${DESTDIR}${MANDOSDIR}" +copy_exec "$prefix"/lib/mandos/plugin-runner "${MANDOSDIR}" # Copy the plugins @@ -66,6 +79,7 @@ fi case "$base" in *~|.*|\#*\#|*.dpkg-old|*.dpkg-new|*.dpkg-divert) : ;; + "*") :;; *) copy_exec "$file" "${PLUGINDIR}";; esac done @@ -75,6 +89,7 @@ base="`basename \"$file\"`" case "$base" in *~|.*|\#*\#|*.dpkg-old|*.dpkg-new|*.dpkg-divert) : ;; + "*") :;; *) copy_exec "$file" "${PLUGINDIR}";; esac done @@ -85,8 +100,8 @@ copy_exec /usr/bin/gpg fi -# Key files and config files -for file in /etc/mandos/*; do +# Config files and key files +for file in /etc/mandos/* "$keydir"/*; do if [ -d "$file" ]; then continue fi @@ -115,9 +130,11 @@ # Reset some other things to sane permissions which we have # inadvertently affected with our umask setting. for dir in / /bin /etc /keyscripts /sbin /scripts /usr /usr/bin; do - chmod a+rX "${DESTDIR}$dir" + if [ -d "${DESTDIR}$dir" ]; then + chmod a+rX "${DESTDIR}$dir" + fi done for dir in /lib /usr/lib; do find "${DESTDIR}$dir" \! -perm /u+rw,g+r -prune -o -print0 \ - | xargs --null chmod a+rX + | xargs --null --no-run-if-empty chmod a+rX done === added file 'plugin-runner.conf' --- plugin-runner.conf 1970-01-01 00:00:00 +0000 +++ plugin-runner.conf 2008-09-05 07:11:24 +0000 @@ -0,0 +1,9 @@ +## This is the configuration file for plugin-runner. It should be +## installed as "/etc/mandos/plugin-runner.conf", which will be copied +## to "/conf/conf.d/mandos/plugin-runner.conf" in the initrd.img file. +## +## The default network interface for password-request(8mandos) is +## "eth0". Uncomment this line and change it if necessary. +## + +#--options-for=password-request:--interface=eth0