/mandos/trunk : revision 121

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-30 19:49:24 UTC
Revision ID: teddy@fukt.bsnet.se-20080830194924-f4liqq8wxajlbshn

* plugin-runner.xml (NAME): Improved wording.
  (SYNOPSIS): Use <option> and <replaceable> tags.  Unify short and
              long options.  Add "--global-envs" and "--envs-for"
              options.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2009-09-17">

<!ENTITY % common SYSTEM "common.ent">

%common;

<!ENTITY TIMESTAMP "2008-08-30">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

105

<replaceable>DIRECTORY</replaceable></option></arg>

106

<sbr/>

107

<arg><option>--debug</option></arg>

<sbr/>

108

</cmdsynopsis>

109

110

<command>&COMMANDNAME;</command>

111

112

113

114

</group>

115

</cmdsynopsis>

116

104

122

<arg choice="plain"><option>--check</option></arg>

105

123

</cmdsynopsis>

106

124

</refsynopsisdiv>

107

125

108

126

109

127

<title>DESCRIPTION</title>

110

128

<para>

119

137

Any authenticated client is then given the stored pre-encrypted

120

138

password for that specific client.

121

139

</para>

140

122

141

</refsect1>

123

142

124

143

125

144

<title>PURPOSE</title>

145

126

146

<para>

127

147

The purpose of this is to enable <emphasis>remote and unattended

128

148

rebooting</emphasis> of client host computer with an

129

149

<emphasis>encrypted root file system</emphasis>. See <xref

130

150

linkend="overview"/> for details.

131

151

</para>

152

132

153

</refsect1>

133

154

134

155

135

156

<title>OPTIONS</title>

157

136

158

137

159

160

138

161

139

140

162

141

163

<para>

142

164

Show a help message and exit

143

165

</para>

144

166

</listitem>

145

167

</varlistentry>

146

168

147

169

170

171

148

172

<term><option>--interface</option>

149

173

150

151

152

174

153

175

<xi:include href="mandos-options.xml" xpointer="interface"/>

154

176

</listitem>

155

177

</varlistentry>

156

178

157

179

158

<term><option>--address

159

<replaceable>ADDRESS</replaceable></option></term>

160

<term><option>-a

161

<replaceable>ADDRESS</replaceable></option></term>

180

<term><literal>-a</literal>, <literal>--address <replaceable>

181

ADDRESS</replaceable></literal></term>

162

182

163

183

<xi:include href="mandos-options.xml" xpointer="address"/>

164

184

</listitem>

165

185

</varlistentry>

166

186

167

187

168

<term><option>--port

169

170

<term><option>-p

171

188

189

PORT</replaceable></literal></term>

172

190

173

191

<xi:include href="mandos-options.xml" xpointer="port"/>

174

192

</listitem>

175

193

</varlistentry>

176

194

177

195

178

<term><option>--check</option></term>

196

<term><literal>--check</literal></term>

179

197

180

198

<para>

181

199

Run the server’s self-tests. This includes any unit

183

201

</para>

184

202

</listitem>

185

203

</varlistentry>

186

204

187

205

188

<term><option>--debug</option></term>

206

<term><literal>--debug</literal></term>

189

207

190

208

<xi:include href="mandos-options.xml" xpointer="debug"/>

191

209

</listitem>

192

210

</varlistentry>

193

211

194

212

195

<term><option>--priority <replaceable>

196

PRIORITY</replaceable></option></term>

213

<term><literal>--priority <replaceable>

214

PRIORITY</replaceable></literal></term>

197

215

198

216

<xi:include href="mandos-options.xml" xpointer="priority"/>

199

217

</listitem>

200

218

</varlistentry>

201

219

202

220

203

<term><option>--servicename

204

221

<term><literal>--servicename <replaceable>NAME</replaceable>

222

</literal></term>

205

223

206

224

<xi:include href="mandos-options.xml"

207

225

xpointer="servicename"/>

208

226

</listitem>

209

227

</varlistentry>

210

228

211

229

212

<term><option>--configdir

213

<replaceable>DIRECTORY</replaceable></option></term>

230

<term><literal>--configdir <replaceable>DIR</replaceable>

231

</literal></term>

214

232

215

233

<para>

216

234

Directory to search for configuration files. Default is

222

240

</para>

223

241

</listitem>

224

242

</varlistentry>

225

243

226

244

227

<term><option>--version</option></term>

245

<term><literal>--version</literal></term>

228

246

229

247

<para>

230

248

Prints the program version and exit.

231

249

</para>

232

250

</listitem>

233

251

</varlistentry>

234

235

236

237

238

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

239

</listitem>

240

</varlistentry>

241

252

</variablelist>

242

253

</refsect1>

243

254

244

255

245

256

<title>OVERVIEW</title>

246

257

<xi:include href="overview.xml"/>

247

258

<para>

248

259

This program is the server part. It is a normal server program

249

260

and will run in a normal system environment, not in an initial

250

<acronym>RAM</acronym> disk environment.

261

RAM disk environment.

251

262

</para>

252

263

</refsect1>

253

264

254

265

255

266

<title>NETWORK PROTOCOL</title>

256

267

<para>

308

319

</row>

309

320

</tbody></tgroup></table>

310

321

</refsect1>

311

322

312

323

313

324

<title>CHECKING</title>

314

325

<para>

315

326

The server will, by default, continually check that the clients

316

327

are still up. If a client has not been confirmed as being up

317

328

for some time, the client is assumed to be compromised and is no

318

longer eligible to receive the encrypted password. (Manual

319

intervention is required to re-enable a client.) The timeout,

329

longer eligible to receive the encrypted password. The timeout,

320

330

checker program, and interval between checks can be configured

321

331

both globally and per client; see <citerefentry>

322

332

<refentrytitle>mandos-clients.conf</refentrytitle>

323

<manvolnum>5</manvolnum></citerefentry>. A client successfully

324

receiving its password will also be treated as a successful

325

checker run.

333

<manvolnum>5</manvolnum></citerefentry>.

326

334

</para>

327

335

</refsect1>

328

336

329

337

330

338

<title>LOGGING</title>

331

339

<para>

335

343

and also show them on the console.

336

344

</para>

337

345

</refsect1>

338

346

339

347

340

348

<title>EXIT STATUS</title>

341

349

<para>

343

351

critical error is encountered.

344

352

</para>

345

353

</refsect1>

346

354

347

355

348

356

<title>ENVIRONMENT</title>

349

357

363

371

</varlistentry>

364

372

</variablelist>

365

373

</refsect1>

366

367

374

375

368

376

<title>FILES</title>

369

377

<para>

370

378

Use the <option>--configdir</option> option to change where

393

401

</listitem>

394

402

</varlistentry>

395

403

396

<term><filename>/var/run/mandos.pid</filename></term>

404

<term><filename>/var/run/mandos/mandos.pid</filename></term>

397

405

398

406

<para>

399

407

The file containing the process id of

434

442

Currently, if a client is declared <quote>invalid</quote> due to

435

443

having timed out, the server does not record this fact onto

436

444

permanent storage. This has some security implications, see

437

<xref linkend="clients"/>.

445

<xref linkend="CLIENTS"/>.

438

446

</para>

439

447

<para>

440

448

There is currently no way of querying the server of the current

448

456

Debug mode is conflated with running in the foreground.

449

457

</para>

450

458

<para>

451

The console log messages do not show a time stamp.

452

</para>

453

<para>

454

This server does not check the expire time of clients’ OpenPGP

455

keys.

459

The console log messages does not show a timestamp.

456

460

</para>

457

461

</refsect1>

458

462

493

497

</para>

494

498

</informalexample>

495

499

</refsect1>

496

500

497

501

498

502

<title>SECURITY</title>

499

503

500

504

<title>SERVER</title>

501

505

<para>

502

506

Running this <command>&COMMANDNAME;</command> server program

503

507

should not in itself present any security risk to the host

504

computer running it. The program switches to a non-root user

505

soon after startup.

508

computer running it. The program does not need any special

509

privileges to run, and is designed to run as a non-root user.

506

510

</para>

507

511

</refsect2>

508

512

509

513

<title>CLIENTS</title>

510

514

<para>

511

515

The server only gives out its stored data to clients which

518

522

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

519

523

<manvolnum>5</manvolnum></citerefentry>)

520

524

<emphasis>must</emphasis> be made non-readable by anyone

521

except the user starting the server (usually root).

525

except the user running the server.

522

526

</para>

523

527

<para>

524

528

As detailed in <xref linkend="checking"/>, the status of all

535

539

restarting servers if it is suspected that a client has, in

536

540

fact, been compromised by parties who may now be running a

537

541

fake Mandos client with the keys from the non-encrypted

538

initial <acronym>RAM</acronym> image of the client host. What

539

should be done in that case (if restarting the server program

540

really is necessary) is to stop the server program, edit the

542

initial RAM image of the client host. What should be done in

543

that case (if restarting the server program really is

544

necessary) is to stop the server program, edit the

541

545

configuration file to omit any suspect clients, and restart

542

546

the server program.

543

547

</para>

544

548

<para>

545

549

For more details on client-side security, see

546

<citerefentry><refentrytitle>mandos-client</refentrytitle>

550

<citerefentry><refentrytitle>password-request</refentrytitle>

547

551

<manvolnum>8mandos</manvolnum></citerefentry>.

548

552

</para>

549

553

</refsect2>

550

554

</refsect1>

551

555

552

556

553

557

554

558

<para>

557

561

558

562

<refentrytitle>mandos.conf</refentrytitle>

559

563

560

<refentrytitle>mandos-client</refentrytitle>

564

<refentrytitle>password-request</refentrytitle>

561

565

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

562

566

563

567

</citerefentry>

Older »