3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY VERSION "1.0">
5
5
<!ENTITY COMMANDNAME "mandos">
6
<!ENTITY TIMESTAMP "2008-09-05">
6
<!ENTITY TIMESTAMP "2008-08-31">
9
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
34
34
<holder>Teddy Hogeborn</holder>
35
35
<holder>Björn Påhlsson</holder>
37
<xi:include href="legalnotice.xml"/>
39
This manual page is free software: you can redistribute it
40
and/or modify it under the terms of the GNU General Public
41
License as published by the Free Software Foundation,
42
either version 3 of the License, or (at your option) any
47
This manual page is distributed in the hope that it will
48
be useful, but WITHOUT ANY WARRANTY; without even the
49
implied warranty of MERCHANTABILITY or FITNESS FOR A
50
PARTICULAR PURPOSE. See the GNU General Public License
55
You should have received a copy of the GNU General Public
56
License along with this program; If not, see
57
<ulink url="http://www.gnu.org/licenses/"/>.
115
137
Any authenticated client is then given the stored pre-encrypted
116
138
password for that specific client.
120
143
<refsect1 id="purpose">
121
144
<title>PURPOSE</title>
123
147
The purpose of this is to enable <emphasis>remote and unattended
124
148
rebooting</emphasis> of client host computer with an
125
149
<emphasis>encrypted root file system</emphasis>. See <xref
126
150
linkend="overview"/> for details.
130
155
<refsect1 id="options">
131
156
<title>OPTIONS</title>
160
<term><option>-h</option></term>
134
161
<term><option>--help</option></term>
135
<term><option>-h</option></term>
138
164
Show a help message and exit
170
<term><option>-i</option>
171
<replaceable>NAME</replaceable></term>
144
172
<term><option>--interface</option>
145
173
<replaceable>NAME</replaceable></term>
146
<term><option>-i</option>
147
<replaceable>NAME</replaceable></term>
149
175
<xi:include href="mandos-options.xml" xpointer="interface"/>
154
<term><option>--address
155
<replaceable>ADDRESS</replaceable></option></term>
157
<replaceable>ADDRESS</replaceable></option></term>
180
<term><literal>-a</literal>, <literal>--address <replaceable>
181
ADDRESS</replaceable></literal></term>
159
183
<xi:include href="mandos-options.xml" xpointer="address"/>
165
<replaceable>PORT</replaceable></option></term>
167
<replaceable>PORT</replaceable></option></term>
188
<term><literal>-p</literal>, <literal>--port <replaceable>
189
PORT</replaceable></literal></term>
169
191
<xi:include href="mandos-options.xml" xpointer="port"/>
174
<term><option>--check</option></term>
196
<term><literal>--check</literal></term>
177
199
Run the server’s self-tests. This includes any unit
184
<term><option>--debug</option></term>
206
<term><literal>--debug</literal></term>
186
208
<xi:include href="mandos-options.xml" xpointer="debug"/>
191
<term><option>--priority <replaceable>
192
PRIORITY</replaceable></option></term>
213
<term><literal>--priority <replaceable>
214
PRIORITY</replaceable></literal></term>
194
216
<xi:include href="mandos-options.xml" xpointer="priority"/>
199
<term><option>--servicename
200
<replaceable>NAME</replaceable></option></term>
221
<term><literal>--servicename <replaceable>NAME</replaceable>
202
224
<xi:include href="mandos-options.xml"
203
225
xpointer="servicename"/>
434
456
Debug mode is conflated with running in the foreground.
437
The console log messages does not show a time stamp.
440
This server does not check the expire time of clients’ OpenPGP
459
The console log messages does not show a timestamp.
488
506
Running this <command>&COMMANDNAME;</command> server program
489
507
should not in itself present any security risk to the host
490
computer running it. The program switches to a non-root user
508
computer running it. The program does not need any special
509
privileges to run, and is designed to run as a non-root user.
494
512
<refsect2 id="CLIENTS">
521
539
restarting servers if it is suspected that a client has, in
522
540
fact, been compromised by parties who may now be running a
523
541
fake Mandos client with the keys from the non-encrypted
524
initial <acronym>RAM</acronym> image of the client host. What
525
should be done in that case (if restarting the server program
526
really is necessary) is to stop the server program, edit the
542
initial RAM image of the client host. What should be done in
543
that case (if restarting the server program really is
544
necessary) is to stop the server program, edit the
527
545
configuration file to omit any suspect clients, and restart
528
546
the server program.