/mandos/trunk : revision 13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

Committer: Björn Påhlsson
Date: 2008-07-20 02:52:20 UTC
Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6

Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/mandos-client.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

mandos-ctl.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-ctl">

<!ENTITY TIMESTAMP "2010-09-21">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

</refmeta>

<refname><command>&COMMANDNAME;</command></refname>

Control the operation of the Mandos server

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--enable</option></arg>

<sbr/>

<arg choice="plain"><option>--disable</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--bump-timeout</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--start-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--stop-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--remove</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--checker

<replaceable>COMMAND</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>COMMAND</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--timeout

<arg choice="plain"><option>-t

</group>

<sbr/>

<group>

<arg choice="plain"><option>--interval

<arg choice="plain"><option>-i

100

101

</group>

102

<sbr/>

103

<group>

104

<arg choice="plain"><option>--host

105

<replaceable>STRING</replaceable></option></arg>

106

<arg choice="plain"><option>-H

107

<replaceable>STRING</replaceable></option></arg>

108

</group>

109

<sbr/>

110

<group>

111

<arg choice="plain"><option>--secret

112

<replaceable>FILENAME</replaceable></option></arg>

113

<arg choice="plain"><option>-s

114

<replaceable>FILENAME</replaceable></option></arg>

115

</group>

116

<sbr/>

117

<group>

118

<arg choice="plain"><option>--approve</option></arg>

119

120

<sbr/>

121

122

123

</group>

124

<sbr/>

125

126

127

128

129

<replaceable>CLIENT</replaceable>

130

</arg>

131

</group>

132

</cmdsynopsis>

133

134

<command>&COMMANDNAME;</command>

135

<group>

136

<arg choice="plain"><option>--verbose</option></arg>

137

138

</group>

139

<group>

140

141

<replaceable>CLIENT</replaceable>

142

</arg>

143

</group>

144

</cmdsynopsis>

145

146

<command>&COMMANDNAME;</command>

147

148

<arg choice="plain"><option>--is-enabled</option></arg>

149

150

</group>

151

<arg choice='plain'><replaceable>CLIENT</replaceable></arg>

152

</cmdsynopsis>

153

154

<command>&COMMANDNAME;</command>

155

156

157

158

</group>

159

</cmdsynopsis>

160

161

<command>&COMMANDNAME;</command>

162

163

<arg choice="plain"><option>--version</option></arg>

164

165

</group>

166

</cmdsynopsis>

167

</refsynopsisdiv>

168

169

170

<title>DESCRIPTION</title>

171

<para>

172

<command>&COMMANDNAME;</command> is a program to control the

173

operation of the Mandos server <citerefentry><refentrytitle

174

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

175

</para>

176

<para>

177

This program can be used to change client settings, approve or

178

deny client requests, and to remove clients from the server.

179

</para>

180

</refsect1>

181

182

183

<title>PURPOSE</title>

184

<para>

185

The purpose of this is to enable <emphasis>remote and unattended

186

rebooting</emphasis> of client host computer with an

187

<emphasis>encrypted root file system</emphasis>. See <xref

188

linkend="overview"/> for details.

189

</para>

190

</refsect1>

191

192

193

<title>OPTIONS</title>

194

195

196

197

198

199

200

<para>

201

Show a help message and exit

202

</para>

203

</listitem>

204

</varlistentry>

205

206

207

<term><option>--enable</option></term>

208

209

210

<para>

211

Enable client(s). An enabled client will be eligble to

212

receive its secret.

213

</para>

214

</listitem>

215

</varlistentry>

216

217

218

<term><option>--disable</option></term>

219

220

221

<para>

222

Disable client(s). A disabled client will not be eligble

223

to receive its secret, and no checkers will be started for

224

it.

225

</para>

226

</listitem>

227

</varlistentry>

228

229

230

<term><option>--bump-timeout</option></term>

231

232

<para>

233

Bump the timeout of the specified client(s), just as if a

234

checker had completed successfully for it/them.

235

</para>

236

</listitem>

237

</varlistentry>

238

239

240

<term><option>--start-checker</option></term>

241

242

<para>

243

Start a new checker now for the specified client(s).

244

</para>

245

</listitem>

246

</varlistentry>

247

248

249

<term><option>--stop-checker</option></term>

250

251

<para>

252

Stop any running checker for the specified client(s).

253

</para>

254

</listitem>

255

</varlistentry>

256

257

258

<term><option>--remove</option></term>

259

260

261

<para>

262

Remove the specified client(s) from the server.

263

</para>

264

</listitem>

265

</varlistentry>

266

267

268

<term><option>--checker

269

<replaceable>COMMAND</replaceable></option></term>

270

<term><option>-c

271

<replaceable>COMMAND</replaceable></option></term>

272

273

<para>

274

Set the <varname>checker</varname> option of the specified

275

client(s); see <citerefentry><refentrytitle

276

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

277

></citerefentry>.

278

</para>

279

</listitem>

280

</varlistentry>

281

282

283

<term><option>--timeout

284

285

<term><option>-t

286

287

288

<para>

289

Set the <varname>timeout</varname> option of the specified

290

client(s); see <citerefentry><refentrytitle

291

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

292

></citerefentry>.

293

</para>

294

</listitem>

295

</varlistentry>

296

297

298

<term><option>--interval

299

300

<term><option>-i

301

302

303

<para>

304

Set the <varname>interval</varname> option of the specified

305

client(s); see <citerefentry><refentrytitle

306

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

307

></citerefentry>.

308

</para>

309

</listitem>

310

</varlistentry>

311

312

313

<term><option>--host

314

<replaceable>STRING</replaceable></option></term>

315

<term><option>-H

316

<replaceable>STRING</replaceable></option></term>

317

318

<para>

319

Set the <varname>host</varname> option of the specified

320

client(s); see <citerefentry><refentrytitle

321

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

322

></citerefentry>.

323

</para>

324

</listitem>

325

</varlistentry>

326

327

328

<term><option>--secret

329

<replaceable>FILENAME</replaceable></option></term>

330

<term><option>-s

331

<replaceable>FILENAME</replaceable></option></term>

332

333

<para>

334

Set the <varname>secfile</varname> option of the specified

335

client(s); see <citerefentry><refentrytitle

336

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

337

></citerefentry>.

338

</para>

339

</listitem>

340

</varlistentry>

341

342

343

<term><option>--approve</option></term>

344

345

346

<para>

347

Approve client(s) if currently waiting for approval.

348

</para>

349

</listitem>

350

</varlistentry>

351

352

353

354

355

356

<para>

357

Deny client(s) if currently waiting for approval.

358

</para>

359

</listitem>

360

</varlistentry>

361

362

363

364

365

366

<para>

367

Make the client-modifying options modify <emphasis

368

>all</emphasis> clients.

369

</para>

370

</listitem>

371

</varlistentry>

372

373

374

<term><option>--verbose</option></term>

375

376

377

<para>

378

Show all client settings, not just a subset.

379

</para>

380

</listitem>

381

</varlistentry>

382

383

384

<term><option>--is-enabled</option></term>

385

386

387

<para>

388

Check if a single client is enabled or not, and exit with

389

a successful exit status only if the client is enabled.

390

</para>

391

</listitem>

392

</varlistentry>

393

394

</variablelist>

395

</refsect1>

396

397

398

<title>OVERVIEW</title>

399

<xi:include href="overview.xml"/>

400

<para>

401

This program is a small utility to generate new OpenPGP keys for

402

new Mandos clients, and to generate sections for inclusion in

403

<filename>clients.conf</filename> on the server.

404

</para>

405

</refsect1>

406

407

408

<title>EXIT STATUS</title>

409

<para>

410

If the <option>--is-enabled</option> option is used, the exit

411

status will be 0 only if the specified client is enabled.

412

</para>

413

</refsect1>

414

415

416

417

418

419

420

421

422

<title>EXAMPLE</title>

423

424

<para>

425

List all clients with some of their settings:

426

</para>

427

<para>

428

<userinput>&COMMANDNAME;</userinput>

429

</para>

430

</informalexample>

431

432

<para>

433

Show all settings for the clients named <quote>foo</quote> and

434

<quote>bar</quote>:

435

</para>

436

<para>

437

438

439

<userinput>&COMMANDNAME; --verbose foo bar</userinput>

440

441

</para>

442

</informalexample>

443

</refsect1>

444

445

446

<title>SECURITY</title>

447

<para>

448

This program must be permitted to access the Mandos server via

449

the D-Bus interface. This normally requires the root user, but

450

could be configured otherwise by reconfiguring the D-Bus server.

451

</para>

452

</refsect1>

453

454

455

456

<para>

457

<citerefentry><refentrytitle>mandos</refentrytitle>

458

<manvolnum>8</manvolnum></citerefentry>,

459

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

460

<manvolnum>5</manvolnum></citerefentry>,

461

<citerefentry><refentrytitle>mandos-monitor</refentrytitle>

462

463

</para>

464

</refsect1>

465

466

</refentry>

467

468

469

470

471

Older »