/mandos/trunk : revision 127

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-31 12:23:33 UTC
Revision ID: teddy@fukt.bsnet.se-20080831122333-qgppahxb4d4b0coc

* plugins.d/password-request.xml (OPTIONS): Make replaceables match
                                            the ones in the SYNOPSIS.
                                            Split <term> tags into one
                                            for each option.  Use
                                            <option> tags instead of
                                            <literal>.  Moved long
                                            options before short.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2009-02-15">

<!ENTITY % common SYSTEM "common.ent">

%common;

<!ENTITY TIMESTAMP "2008-08-31">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

105

<replaceable>DIRECTORY</replaceable></option></arg>

106

<sbr/>

107

<arg><option>--debug</option></arg>

<sbr/>

<sbr/>

108

</cmdsynopsis>

109

110

<command>&COMMANDNAME;</command>

106

122

<arg choice="plain"><option>--check</option></arg>

107

123

</cmdsynopsis>

108

124

</refsynopsisdiv>

109

125

110

126

111

127

<title>DESCRIPTION</title>

112

128

<para>

121

137

Any authenticated client is then given the stored pre-encrypted

122

138

password for that specific client.

123

139

</para>

140

124

141

</refsect1>

125

142

126

143

127

144

<title>PURPOSE</title>

145

128

146

<para>

129

147

The purpose of this is to enable <emphasis>remote and unattended

130

148

rebooting</emphasis> of client host computer with an

131

149

<emphasis>encrypted root file system</emphasis>. See <xref

132

150

linkend="overview"/> for details.

133

151

</para>

152

134

153

</refsect1>

135

154

136

155

137

156

<title>OPTIONS</title>

157

138

158

139

159

140

160

192

212

<xi:include href="mandos-options.xml" xpointer="debug"/>

193

213

</listitem>

194

214

</varlistentry>

195

215

196

216

197

217

<term><option>--priority <replaceable>

198

218

PRIORITY</replaceable></option></term>

200

220

<xi:include href="mandos-options.xml" xpointer="priority"/>

201

221

</listitem>

202

222

</varlistentry>

203

223

204

224

205

225

<term><option>--servicename

206

226

209

229

xpointer="servicename"/>

210

230

</listitem>

211

231

</varlistentry>

212

232

213

233

214

234

<term><option>--configdir

215

235

<replaceable>DIRECTORY</replaceable></option></term>

224

244

</para>

225

245

</listitem>

226

246

</varlistentry>

227

247

228

248

229

249

<term><option>--version</option></term>

230

250

233

253

</para>

234

254

</listitem>

235

255

</varlistentry>

236

237

238

239

240

<xi:include href="mandos-options.xml" xpointer="dbus"/>

241

<para>

242

See also <xref linkend="dbus_interface"/>.

243

</para>

244

</listitem>

245

</varlistentry>

246

247

248

249

250

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

251

</listitem>

252

</varlistentry>

253

256

</variablelist>

254

257

</refsect1>

255

258

256

259

257

260

<title>OVERVIEW</title>

258

261

<xi:include href="overview.xml"/>

259

262

<para>

260

263

This program is the server part. It is a normal server program

261

264

and will run in a normal system environment, not in an initial

262

<acronym>RAM</acronym> disk environment.

265

RAM disk environment.

263

266

</para>

264

267

</refsect1>

265

268

266

269

267

270

<title>NETWORK PROTOCOL</title>

268

271

<para>

320

323

</row>

321

324

</tbody></tgroup></table>

322

325

</refsect1>

323

326

324

327

325

328

<title>CHECKING</title>

326

329

<para>

334

337

<manvolnum>5</manvolnum></citerefentry>.

335

338

</para>

336

339

</refsect1>

337

340

338

341

339

342

<title>LOGGING</title>

340

343

<para>

344

347

and also show them on the console.

345

348

</para>

346

349

</refsect1>

347

348

349

<title>D-BUS INTERFACE</title>

350

<para>

351

The server will by default provide a D-Bus system bus interface.

352

This interface will only be accessible by the root user or a

353

Mandos-specific user, if such a user exists.

354

355

</para>

356

</refsect1>

357

350

358

351

359

352

<title>EXIT STATUS</title>

360

353

<para>

362

355

critical error is encountered.

363

356

</para>

364

357

</refsect1>

365

358

366

359

367

360

<title>ENVIRONMENT</title>

368

361

382

375

</varlistentry>

383

376

</variablelist>

384

377

</refsect1>

385

386

378

379

387

380

<title>FILES</title>

388

381

<para>

389

382

Use the <option>--configdir</option> option to change where

412

405

</listitem>

413

406

</varlistentry>

414

407

415

<term><filename>/var/run/mandos.pid</filename></term>

408

<term><filename>/var/run/mandos/mandos.pid</filename></term>

416

409

417

410

<para>

418

411

The file containing the process id of

453

446

Currently, if a client is declared <quote>invalid</quote> due to

454

447

having timed out, the server does not record this fact onto

455

448

permanent storage. This has some security implications, see

456

<xref linkend="clients"/>.

449

<xref linkend="CLIENTS"/>.

457

450

</para>

458

451

<para>

459

452

There is currently no way of querying the server of the current

467

460

Debug mode is conflated with running in the foreground.

468

461

</para>

469

462

<para>

470

The console log messages do not show a time stamp.

471

</para>

472

<para>

473

This server does not check the expire time of clients’ OpenPGP

474

keys.

463

The console log messages does not show a timestamp.

475

464

</para>

476

465

</refsect1>

477

466

512

501

</para>

513

502

</informalexample>

514

503

</refsect1>

515

504

516

505

517

506

<title>SECURITY</title>

518

507

519

508

<title>SERVER</title>

520

509

<para>

521

510

Running this <command>&COMMANDNAME;</command> server program

522

511

should not in itself present any security risk to the host

523

computer running it. The program switches to a non-root user

524

soon after startup.

512

computer running it. The program does not need any special

513

privileges to run, and is designed to run as a non-root user.

525

514

</para>

526

515

</refsect2>

527

516

528

517

<title>CLIENTS</title>

529

518

<para>

530

519

The server only gives out its stored data to clients which

537

526

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

538

527

<manvolnum>5</manvolnum></citerefentry>)

539

528

<emphasis>must</emphasis> be made non-readable by anyone

540

except the user starting the server (usually root).

529

except the user running the server.

541

530

</para>

542

531

<para>

543

532

As detailed in <xref linkend="checking"/>, the status of all

554

543

restarting servers if it is suspected that a client has, in

555

544

fact, been compromised by parties who may now be running a

556

545

fake Mandos client with the keys from the non-encrypted

557

initial <acronym>RAM</acronym> image of the client host. What

558

should be done in that case (if restarting the server program

559

really is necessary) is to stop the server program, edit the

546

initial RAM image of the client host. What should be done in

547

that case (if restarting the server program really is

548

necessary) is to stop the server program, edit the

560

549

configuration file to omit any suspect clients, and restart

561

550

the server program.

562

551

</para>

563

552

<para>

564

553

For more details on client-side security, see

565

<citerefentry><refentrytitle>mandos-client</refentrytitle>

554

<citerefentry><refentrytitle>password-request</refentrytitle>

566

555

<manvolnum>8mandos</manvolnum></citerefentry>.

567

556

</para>

568

557

</refsect2>

569

558

</refsect1>

570

559

571

560

572

561

573

562

<para>

576

565

577

566

<refentrytitle>mandos.conf</refentrytitle>

578

567

579

<refentrytitle>mandos-client</refentrytitle>

568

<refentrytitle>password-request</refentrytitle>

580

569

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

581

570

582

571

</citerefentry>

Older »