/mandos/trunk : revision 127

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-31 12:23:33 UTC
Revision ID: teddy@fukt.bsnet.se-20080831122333-qgppahxb4d4b0coc

* plugins.d/password-request.xml (OPTIONS): Make replaceables match
                                            the ones in the SYNOPSIS.
                                            Split <term> tags into one
                                            for each option.  Use
                                            <option> tags instead of
                                            <literal>.  Moved long
                                            options before short.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2009-09-17">

<!ENTITY % common SYSTEM "common.ent">

%common;

<!ENTITY TIMESTAMP "2008-08-31">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

105

<replaceable>DIRECTORY</replaceable></option></arg>

106

<sbr/>

107

<arg><option>--debug</option></arg>

<sbr/>

108

</cmdsynopsis>

109

110

<command>&COMMANDNAME;</command>

104

122

<arg choice="plain"><option>--check</option></arg>

105

123

</cmdsynopsis>

106

124

</refsynopsisdiv>

107

125

108

126

109

127

<title>DESCRIPTION</title>

110

128

<para>

119

137

Any authenticated client is then given the stored pre-encrypted

120

138

password for that specific client.

121

139

</para>

140

122

141

</refsect1>

123

142

124

143

125

144

<title>PURPOSE</title>

145

126

146

<para>

127

147

The purpose of this is to enable <emphasis>remote and unattended

128

148

rebooting</emphasis> of client host computer with an

129

149

<emphasis>encrypted root file system</emphasis>. See <xref

130

150

linkend="overview"/> for details.

131

151

</para>

152

132

153

</refsect1>

133

154

134

155

135

156

<title>OPTIONS</title>

157

136

158

137

159

138

160

190

212

<xi:include href="mandos-options.xml" xpointer="debug"/>

191

213

</listitem>

192

214

</varlistentry>

193

215

194

216

195

217

<term><option>--priority <replaceable>

196

218

PRIORITY</replaceable></option></term>

198

220

<xi:include href="mandos-options.xml" xpointer="priority"/>

199

221

</listitem>

200

222

</varlistentry>

201

223

202

224

203

225

<term><option>--servicename

204

226

207

229

xpointer="servicename"/>

208

230

</listitem>

209

231

</varlistentry>

210

232

211

233

212

234

<term><option>--configdir

213

235

<replaceable>DIRECTORY</replaceable></option></term>

222

244

</para>

223

245

</listitem>

224

246

</varlistentry>

225

247

226

248

227

249

<term><option>--version</option></term>

228

250

231

253

</para>

232

254

</listitem>

233

255

</varlistentry>

234

235

236

237

238

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

239

</listitem>

240

</varlistentry>

241

256

</variablelist>

242

257

</refsect1>

243

258

244

259

245

260

<title>OVERVIEW</title>

246

261

<xi:include href="overview.xml"/>

247

262

<para>

248

263

This program is the server part. It is a normal server program

249

264

and will run in a normal system environment, not in an initial

250

<acronym>RAM</acronym> disk environment.

265

RAM disk environment.

251

266

</para>

252

267

</refsect1>

253

268

254

269

255

270

<title>NETWORK PROTOCOL</title>

256

271

<para>

308

323

</row>

309

324

</tbody></tgroup></table>

310

325

</refsect1>

311

326

312

327

313

328

<title>CHECKING</title>

314

329

<para>

315

330

The server will, by default, continually check that the clients

316

331

are still up. If a client has not been confirmed as being up

317

332

for some time, the client is assumed to be compromised and is no

318

longer eligible to receive the encrypted password. (Manual

319

intervention is required to re-enable a client.) The timeout,

333

longer eligible to receive the encrypted password. The timeout,

320

334

checker program, and interval between checks can be configured

321

335

both globally and per client; see <citerefentry>

322

336

<refentrytitle>mandos-clients.conf</refentrytitle>

323

<manvolnum>5</manvolnum></citerefentry>. A client successfully

324

receiving its password will also be treated as a successful

325

checker run.

337

<manvolnum>5</manvolnum></citerefentry>.

326

338

</para>

327

339

</refsect1>

328

340

329

341

330

342

<title>LOGGING</title>

331

343

<para>

335

347

and also show them on the console.

336

348

</para>

337

349

</refsect1>

338

350

339

351

340

352

<title>EXIT STATUS</title>

341

353

<para>

343

355

critical error is encountered.

344

356

</para>

345

357

</refsect1>

346

358

347

359

348

360

<title>ENVIRONMENT</title>

349

361

363

375

</varlistentry>

364

376

</variablelist>

365

377

</refsect1>

366

367

378

379

368

380

<title>FILES</title>

369

381

<para>

370

382

Use the <option>--configdir</option> option to change where

393

405

</listitem>

394

406

</varlistentry>

395

407

396

<term><filename>/var/run/mandos.pid</filename></term>

408

<term><filename>/var/run/mandos/mandos.pid</filename></term>

397

409

398

410

<para>

399

411

The file containing the process id of

434

446

Currently, if a client is declared <quote>invalid</quote> due to

435

447

having timed out, the server does not record this fact onto

436

448

permanent storage. This has some security implications, see

437

<xref linkend="clients"/>.

449

<xref linkend="CLIENTS"/>.

438

450

</para>

439

451

<para>

440

452

There is currently no way of querying the server of the current

448

460

Debug mode is conflated with running in the foreground.

449

461

</para>

450

462

<para>

451

The console log messages do not show a time stamp.

452

</para>

453

<para>

454

This server does not check the expire time of clients’ OpenPGP

455

keys.

463

The console log messages does not show a timestamp.

456

464

</para>

457

465

</refsect1>

458

466

493

501

</para>

494

502

</informalexample>

495

503

</refsect1>

496

504

497

505

498

506

<title>SECURITY</title>

499

507

500

508

<title>SERVER</title>

501

509

<para>

502

510

Running this <command>&COMMANDNAME;</command> server program

503

511

should not in itself present any security risk to the host

504

computer running it. The program switches to a non-root user

505

soon after startup.

512

computer running it. The program does not need any special

513

privileges to run, and is designed to run as a non-root user.

506

514

</para>

507

515

</refsect2>

508

516

509

517

<title>CLIENTS</title>

510

518

<para>

511

519

The server only gives out its stored data to clients which

518

526

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

519

527

<manvolnum>5</manvolnum></citerefentry>)

520

528

<emphasis>must</emphasis> be made non-readable by anyone

521

except the user starting the server (usually root).

529

except the user running the server.

522

530

</para>

523

531

<para>

524

532

As detailed in <xref linkend="checking"/>, the status of all

535

543

restarting servers if it is suspected that a client has, in

536

544

fact, been compromised by parties who may now be running a

537

545

fake Mandos client with the keys from the non-encrypted

538

initial <acronym>RAM</acronym> image of the client host. What

539

should be done in that case (if restarting the server program

540

really is necessary) is to stop the server program, edit the

546

initial RAM image of the client host. What should be done in

547

that case (if restarting the server program really is

548

necessary) is to stop the server program, edit the

541

549

configuration file to omit any suspect clients, and restart

542

550

the server program.

543

551

</para>

544

552

<para>

545

553

For more details on client-side security, see

546

<citerefentry><refentrytitle>mandos-client</refentrytitle>

554

<citerefentry><refentrytitle>password-request</refentrytitle>

547

555

<manvolnum>8mandos</manvolnum></citerefentry>.

548

556

</para>

549

557

</refsect2>

550

558

</refsect1>

551

559

552

560

553

561

554

562

<para>

557

565

558

566

<refentrytitle>mandos.conf</refentrytitle>

559

567

560

<refentrytitle>mandos-client</refentrytitle>

568

<refentrytitle>password-request</refentrytitle>

561

569

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

562

570

563

571

</citerefentry>

Older »