/mandos/trunk : revision 120

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-30 19:05:15 UTC
Revision ID: teddy@fukt.bsnet.se-20080830190515-l7e6vu81yyw5kcku

* mandos.xml (SYNOPSIS): Use <option> and <replaceable> tags. Unify
short and long options.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2009-09-17">

<!ENTITY % common SYSTEM "common.ent">

%common;

<!ENTITY TIMESTAMP "2008-08-30">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

105

<replaceable>DIRECTORY</replaceable></option></arg>

106

<sbr/>

107

<arg><option>--debug</option></arg>

<sbr/>

<sbr/>

108

</cmdsynopsis>

109

110

<command>&COMMANDNAME;</command>

111

112

113

114

</group>

115

</cmdsynopsis>

100

116

106

122

<arg choice="plain"><option>--check</option></arg>

107

123

</cmdsynopsis>

108

124

</refsynopsisdiv>

109

125

110

126

111

127

<title>DESCRIPTION</title>

112

128

<para>

121

137

Any authenticated client is then given the stored pre-encrypted

122

138

password for that specific client.

123

139

</para>

140

124

141

</refsect1>

125

142

126

143

127

144

<title>PURPOSE</title>

145

128

146

<para>

129

147

The purpose of this is to enable <emphasis>remote and unattended

130

148

rebooting</emphasis> of client host computer with an

131

149

<emphasis>encrypted root file system</emphasis>. See <xref

132

150

linkend="overview"/> for details.

133

151

</para>

152

134

153

</refsect1>

135

154

136

155

137

156

<title>OPTIONS</title>

157

138

158

139

159

160

140

161

141

142

162

143

163

<para>

144

164

Show a help message and exit

145

165

</para>

146

166

</listitem>

147

167

</varlistentry>

148

168

149

169

170

171

150

172

<term><option>--interface</option>

151

173

152

153

154

174

155

175

<xi:include href="mandos-options.xml" xpointer="interface"/>

156

176

</listitem>

157

177

</varlistentry>

158

178

159

179

160

<term><option>--address

161

<replaceable>ADDRESS</replaceable></option></term>

162

<term><option>-a

163

<replaceable>ADDRESS</replaceable></option></term>

180

<term><literal>-a</literal>, <literal>--address <replaceable>

181

ADDRESS</replaceable></literal></term>

164

182

165

183

<xi:include href="mandos-options.xml" xpointer="address"/>

166

184

</listitem>

167

185

</varlistentry>

168

186

169

187

170

<term><option>--port

171

172

<term><option>-p

173

188

189

PORT</replaceable></literal></term>

174

190

175

191

<xi:include href="mandos-options.xml" xpointer="port"/>

176

192

</listitem>

177

193

</varlistentry>

178

194

179

195

180

<term><option>--check</option></term>

196

<term><literal>--check</literal></term>

181

197

182

198

<para>

183

199

Run the server’s self-tests. This includes any unit

185

201

</para>

186

202

</listitem>

187

203

</varlistentry>

188

204

189

205

190

<term><option>--debug</option></term>

206

<term><literal>--debug</literal></term>

191

207

192

208

<xi:include href="mandos-options.xml" xpointer="debug"/>

193

209

</listitem>

194

210

</varlistentry>

195

211

196

212

197

<term><option>--priority <replaceable>

198

PRIORITY</replaceable></option></term>

213

<term><literal>--priority <replaceable>

214

PRIORITY</replaceable></literal></term>

199

215

200

216

<xi:include href="mandos-options.xml" xpointer="priority"/>

201

217

</listitem>

202

218

</varlistentry>

203

219

204

220

205

<term><option>--servicename

206

221

<term><literal>--servicename <replaceable>NAME</replaceable>

222

</literal></term>

207

223

208

224

<xi:include href="mandos-options.xml"

209

225

xpointer="servicename"/>

210

226

</listitem>

211

227

</varlistentry>

212

228

213

229

214

<term><option>--configdir

215

<replaceable>DIRECTORY</replaceable></option></term>

230

<term><literal>--configdir <replaceable>DIR</replaceable>

231

</literal></term>

216

232

217

233

<para>

218

234

Directory to search for configuration files. Default is

224

240

</para>

225

241

</listitem>

226

242

</varlistentry>

227

243

228

244

229

<term><option>--version</option></term>

245

<term><literal>--version</literal></term>

230

246

231

247

<para>

232

248

Prints the program version and exit.

233

249

</para>

234

250

</listitem>

235

251

</varlistentry>

236

237

238

239

240

<xi:include href="mandos-options.xml" xpointer="dbus"/>

241

<para>

242

See also <xref linkend="dbus_interface"/>.

243

</para>

244

</listitem>

245

</varlistentry>

246

247

248

249

250

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

251

</listitem>

252

</varlistentry>

253

252

</variablelist>

254

253

</refsect1>

255

254

256

255

257

256

<title>OVERVIEW</title>

258

257

<xi:include href="overview.xml"/>

259

258

<para>

260

259

This program is the server part. It is a normal server program

261

260

and will run in a normal system environment, not in an initial

262

<acronym>RAM</acronym> disk environment.

261

RAM disk environment.

263

262

</para>

264

263

</refsect1>

265

264

266

265

267

266

<title>NETWORK PROTOCOL</title>

268

267

<para>

320

319

</row>

321

320

</tbody></tgroup></table>

322

321

</refsect1>

323

322

324

323

325

324

<title>CHECKING</title>

326

325

<para>

327

326

The server will, by default, continually check that the clients

328

327

are still up. If a client has not been confirmed as being up

329

328

for some time, the client is assumed to be compromised and is no

330

longer eligible to receive the encrypted password. (Manual

331

intervention is required to re-enable a client.) The timeout,

329

longer eligible to receive the encrypted password. The timeout,

332

330

checker program, and interval between checks can be configured

333

331

both globally and per client; see <citerefentry>

334

332

<refentrytitle>mandos-clients.conf</refentrytitle>

335

<manvolnum>5</manvolnum></citerefentry>. A client successfully

336

receiving its password will also be treated as a successful

337

checker run.

333

<manvolnum>5</manvolnum></citerefentry>.

338

334

</para>

339

335

</refsect1>

340

336

341

337

342

338

<title>LOGGING</title>

343

339

<para>

347

343

and also show them on the console.

348

344

</para>

349

345

</refsect1>

350

351

352

<title>D-BUS INTERFACE</title>

353

<para>

354

The server will by default provide a D-Bus system bus interface.

355

This interface will only be accessible by the root user or a

356

Mandos-specific user, if such a user exists.

357

358

</para>

359

</refsect1>

360

346

361

347

362

348

<title>EXIT STATUS</title>

363

349

<para>

365

351

critical error is encountered.

366

352

</para>

367

353

</refsect1>

368

354

369

355

370

356

<title>ENVIRONMENT</title>

371

357

385

371

</varlistentry>

386

372

</variablelist>

387

373

</refsect1>

388

389

374

375

390

376

<title>FILES</title>

391

377

<para>

392

378

Use the <option>--configdir</option> option to change where

415

401

</listitem>

416

402

</varlistentry>

417

403

418

<term><filename>/var/run/mandos.pid</filename></term>

404

<term><filename>/var/run/mandos/mandos.pid</filename></term>

419

405

420

406

<para>

421

407

The file containing the process id of

456

442

Currently, if a client is declared <quote>invalid</quote> due to

457

443

having timed out, the server does not record this fact onto

458

444

permanent storage. This has some security implications, see

459

<xref linkend="clients"/>.

445

<xref linkend="CLIENTS"/>.

460

446

</para>

461

447

<para>

462

448

There is currently no way of querying the server of the current

470

456

Debug mode is conflated with running in the foreground.

471

457

</para>

472

458

<para>

473

The console log messages do not show a time stamp.

474

</para>

475

<para>

476

This server does not check the expire time of clients’ OpenPGP

477

keys.

459

The console log messages does not show a timestamp.

478

460

</para>

479

461

</refsect1>

480

462

515

497

</para>

516

498

</informalexample>

517

499

</refsect1>

518

500

519

501

520

502

<title>SECURITY</title>

521

503

522

504

<title>SERVER</title>

523

505

<para>

524

506

Running this <command>&COMMANDNAME;</command> server program

525

507

should not in itself present any security risk to the host

526

computer running it. The program switches to a non-root user

527

soon after startup.

508

computer running it. The program does not need any special

509

privileges to run, and is designed to run as a non-root user.

528

510

</para>

529

511

</refsect2>

530

512

531

513

<title>CLIENTS</title>

532

514

<para>

533

515

The server only gives out its stored data to clients which

540

522

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

541

523

<manvolnum>5</manvolnum></citerefentry>)

542

524

<emphasis>must</emphasis> be made non-readable by anyone

543

except the user starting the server (usually root).

525

except the user running the server.

544

526

</para>

545

527

<para>

546

528

As detailed in <xref linkend="checking"/>, the status of all

557

539

restarting servers if it is suspected that a client has, in

558

540

fact, been compromised by parties who may now be running a

559

541

fake Mandos client with the keys from the non-encrypted

560

initial <acronym>RAM</acronym> image of the client host. What

561

should be done in that case (if restarting the server program

562

really is necessary) is to stop the server program, edit the

542

initial RAM image of the client host. What should be done in

543

that case (if restarting the server program really is

544

necessary) is to stop the server program, edit the

563

545

configuration file to omit any suspect clients, and restart

564

546

the server program.

565

547

</para>

566

548

<para>

567

549

For more details on client-side security, see

568

<citerefentry><refentrytitle>mandos-client</refentrytitle>

550

<citerefentry><refentrytitle>password-request</refentrytitle>

569

551

<manvolnum>8mandos</manvolnum></citerefentry>.

570

552

</para>

571

553

</refsect2>

572

554

</refsect1>

573

555

574

556

575

557

576

558

<para>

579

561

580

562

<refentrytitle>mandos.conf</refentrytitle>

581

563

582

<refentrytitle>mandos-client</refentrytitle>

564

<refentrytitle>password-request</refentrytitle>

583

565

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

584

566

585

567

</citerefentry>

Older »