/mandos/trunk : revision 122

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-31 07:32:05 UTC
Revision ID: teddy@fukt.bsnet.se-20080831073205-9hggg03i1iird264

* mandos-keygen.xml (SYNOPSIS): Put long options before short.
* mandos.xml (SYNOPSIS): - '' -
* plugins.d/password-prompt.xml (SYNOPSIS): - '' -
* plugins.d/password-request.xml (SYNOPSIS): - '' -

files removed:
README

default-mandos

etc-plugins.d-README

init.d-mandos

legalnotice.xml

plugin-runner.conf

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-09-06">

<!ENTITY TIMESTAMP "2008-08-31">

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

115

137

Any authenticated client is then given the stored pre-encrypted

116

138

password for that specific client.

117

139

</para>

140

118

141

</refsect1>

119

142

120

143

121

144

<title>PURPOSE</title>

145

122

146

<para>

123

147

The purpose of this is to enable <emphasis>remote and unattended

124

148

rebooting</emphasis> of client host computer with an

125

149

<emphasis>encrypted root file system</emphasis>. See <xref

126

150

linkend="overview"/> for details.

127

151

</para>

152

128

153

</refsect1>

129

154

130

155

131

156

<title>OPTIONS</title>

157

132

158

133

159

160

134

161

135

136

162

137

163

<para>

138

164

Show a help message and exit

139

165

</para>

140

166

</listitem>

141

167

</varlistentry>

142

168

143

169

170

171

144

172

<term><option>--interface</option>

145

173

146

147

148

174

149

175

<xi:include href="mandos-options.xml" xpointer="interface"/>

150

176

</listitem>

151

177

</varlistentry>

152

178

153

179

154

<term><option>--address

155

<replaceable>ADDRESS</replaceable></option></term>

156

<term><option>-a

157

<replaceable>ADDRESS</replaceable></option></term>

180

<term><literal>-a</literal>, <literal>--address <replaceable>

181

ADDRESS</replaceable></literal></term>

158

182

159

183

<xi:include href="mandos-options.xml" xpointer="address"/>

160

184

</listitem>

161

185

</varlistentry>

162

186

163

187

164

<term><option>--port

165

166

<term><option>-p

167

188

189

PORT</replaceable></literal></term>

168

190

169

191

<xi:include href="mandos-options.xml" xpointer="port"/>

170

192

</listitem>

171

193

</varlistentry>

172

194

173

195

174

<term><option>--check</option></term>

196

<term><literal>--check</literal></term>

175

197

176

198

<para>

177

199

Run the server’s self-tests. This includes any unit

179

201

</para>

180

202

</listitem>

181

203

</varlistentry>

182

204

183

205

184

<term><option>--debug</option></term>

206

<term><literal>--debug</literal></term>

185

207

186

208

<xi:include href="mandos-options.xml" xpointer="debug"/>

187

209

</listitem>

188

210

</varlistentry>

189

211

190

212

191

<term><option>--priority <replaceable>

192

PRIORITY</replaceable></option></term>

213

<term><literal>--priority <replaceable>

214

PRIORITY</replaceable></literal></term>

193

215

194

216

<xi:include href="mandos-options.xml" xpointer="priority"/>

195

217

</listitem>

196

218

</varlistentry>

197

219

198

220

199

<term><option>--servicename

200

221

<term><literal>--servicename <replaceable>NAME</replaceable>

222

</literal></term>

201

223

202

224

<xi:include href="mandos-options.xml"

203

225

xpointer="servicename"/>

205

227

</varlistentry>

206

228

207

229

208

<term><option>--configdir

209

<replaceable>DIRECTORY</replaceable></option></term>

230

<term><literal>--configdir <replaceable>DIR</replaceable>

231

</literal></term>

210

232

211

233

<para>

212

234

Directory to search for configuration files. Default is

220

242

</varlistentry>

221

243

222

244

223

<term><option>--version</option></term>

245

<term><literal>--version</literal></term>

224

246

225

247

<para>

226

248

Prints the program version and exit.

236

258

<para>

237

259

This program is the server part. It is a normal server program

238

260

and will run in a normal system environment, not in an initial

239

<acronym>RAM</acronym> disk environment.

261

RAM disk environment.

240

262

</para>

241

263

</refsect1>

242

264

379

401

</listitem>

380

402

</varlistentry>

381

403

382

<term><filename>/var/run/mandos.pid</filename></term>

404

<term><filename>/var/run/mandos/mandos.pid</filename></term>

383

405

384

406

<para>

385

407

The file containing the process id of

434

456

Debug mode is conflated with running in the foreground.

435

457

</para>

436

458

<para>

437

The console log messages does not show a time stamp.

438

</para>

439

<para>

440

This server does not check the expire time of clients’ OpenPGP

441

keys.

459

The console log messages does not show a timestamp.

442

460

</para>

443

461

</refsect1>

444

462

487

505

<para>

488

506

Running this <command>&COMMANDNAME;</command> server program

489

507

should not in itself present any security risk to the host

490

computer running it. The program switches to a non-root user

491

soon after startup.

508

computer running it. The program does not need any special

509

privileges to run, and is designed to run as a non-root user.

492

510

</para>

493

511

</refsect2>

494

512

521

539

restarting servers if it is suspected that a client has, in

522

540

fact, been compromised by parties who may now be running a

523

541

fake Mandos client with the keys from the non-encrypted

524

initial <acronym>RAM</acronym> image of the client host. What

525

should be done in that case (if restarting the server program

526

really is necessary) is to stop the server program, edit the

542

initial RAM image of the client host. What should be done in

543

that case (if restarting the server program really is

544

necessary) is to stop the server program, edit the

527

545

configuration file to omit any suspect clients, and restart

528

546

the server program.

529

547

</para>

530

548

<para>

531

549

For more details on client-side security, see

532

<citerefentry><refentrytitle>mandos-client</refentrytitle>

550

<citerefentry><refentrytitle>password-request</refentrytitle>

533

551

<manvolnum>8mandos</manvolnum></citerefentry>.

534

552

</para>

535

553

</refsect2>

543

561

544

562

<refentrytitle>mandos.conf</refentrytitle>

545

563

546

<refentrytitle>mandos-client</refentrytitle>

564

<refentrytitle>password-request</refentrytitle>

547

565

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

548

566

549

567

</citerefentry>

Older »