/mandos/trunk : revision 134

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

Committer: Teddy Hogeborn
Date: 2008-09-01 08:29:23 UTC
Revision ID: teddy@fukt.bsnet.se-20080901082923-i2liq6t7warmu9xe

* mandos.xml: Enclose "RAM" with <acronym>.
* overview.xml: - '' -

* plugin-runner.xml (DESCRIPTION): Improved wording.
  (PURPOSE): New section.
  (OPTIONS): Improved wording.
  (OVERVIEW, PLUGINS): New section.
  (FALLBACK): New empty placeholder section.

* plugins.d/password-prompt.xml: Enclose "RAM" with <acronym>.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-ctl.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-ctl">

<!ENTITY TIMESTAMP "2015-07-20">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

</refmeta>

<refname><command>&COMMANDNAME;</command></refname>

Control the operation of the Mandos server

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--enable</option></arg>

<sbr/>

<arg choice="plain"><option>--disable</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--bump-timeout</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--start-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--stop-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--remove</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--checker

<replaceable>COMMAND</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>COMMAND</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--timeout

<arg choice="plain"><option>-t

</group>

100

<sbr/>

101

<group>

102

<arg choice="plain"><option>--extended-timeout

103

104

</group>

105

<sbr/>

106

<group>

107

<arg choice="plain"><option>--interval

108

109

<arg choice="plain"><option>-i

110

111

</group>

112

<sbr/>

113

<group>

114

<arg choice="plain"><option>--approve-by-default</option

115

></arg>

116

<sbr/>

117

<arg choice="plain"><option>--deny-by-default</option></arg>

118

</group>

119

<sbr/>

120

<group>

121

<arg choice="plain"><option>--approval-delay

122

123

</group>

124

<sbr/>

125

<group>

126

<arg choice="plain"><option>--approval-duration

127

128

</group>

129

<sbr/>

130

<group>

131

<arg choice="plain"><option>--interval

132

133

<arg choice="plain"><option>-i

134

135

</group>

136

<sbr/>

137

<group>

138

<arg choice="plain"><option>--host

139

<replaceable>STRING</replaceable></option></arg>

140

<arg choice="plain"><option>-H

141

<replaceable>STRING</replaceable></option></arg>

142

</group>

143

<sbr/>

144

<group>

145

<arg choice="plain"><option>--secret

146

<replaceable>FILENAME</replaceable></option></arg>

147

<arg choice="plain"><option>-s

148

<replaceable>FILENAME</replaceable></option></arg>

149

</group>

150

<sbr/>

151

<group>

152

<arg choice="plain"><option>--approve</option></arg>

153

154

<sbr/>

155

156

157

</group>

158

<sbr/>

159

160

161

162

163

<replaceable>CLIENT</replaceable>

164

</arg>

165

</group>

166

</cmdsynopsis>

167

168

<command>&COMMANDNAME;</command>

169

<group>

170

<arg choice="plain"><option>--verbose</option></arg>

171

172

</group>

173

<group>

174

175

<replaceable>CLIENT</replaceable>

176

</arg>

177

</group>

178

</cmdsynopsis>

179

180

<command>&COMMANDNAME;</command>

181

182

<arg choice="plain"><option>--is-enabled</option></arg>

183

184

</group>

185

<arg choice='plain'><replaceable>CLIENT</replaceable></arg>

186

</cmdsynopsis>

187

188

<command>&COMMANDNAME;</command>

189

190

191

192

</group>

193

</cmdsynopsis>

194

195

<command>&COMMANDNAME;</command>

196

197

<arg choice="plain"><option>--version</option></arg>

198

199

</group>

200

</cmdsynopsis>

201

202

<command>&COMMANDNAME;</command>

203

<arg choice="plain"><option>--check</option></arg>

204

</cmdsynopsis>

205

</refsynopsisdiv>

206

207

208

<title>DESCRIPTION</title>

209

<para>

210

<command>&COMMANDNAME;</command> is a program to control the

211

operation of the Mandos server <citerefentry><refentrytitle

212

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

213

</para>

214

<para>

215

This program can be used to change client settings, approve or

216

deny client requests, and to remove clients from the server.

217

</para>

218

</refsect1>

219

220

221

<title>PURPOSE</title>

222

<para>

223

The purpose of this is to enable <emphasis>remote and unattended

224

rebooting</emphasis> of client host computer with an

225

<emphasis>encrypted root file system</emphasis>. See <xref

226

linkend="overview"/> for details.

227

</para>

228

</refsect1>

229

230

231

<title>OPTIONS</title>

232

233

234

235

236

237

238

<para>

239

Show a help message and exit

240

</para>

241

</listitem>

242

</varlistentry>

243

244

245

<term><option>--enable</option></term>

246

247

248

<para>

249

Enable client(s). An enabled client will be eligble to

250

receive its secret.

251

</para>

252

</listitem>

253

</varlistentry>

254

255

256

<term><option>--disable</option></term>

257

258

259

<para>

260

Disable client(s). A disabled client will not be eligble

261

to receive its secret, and no checkers will be started for

262

it.

263

</para>

264

</listitem>

265

</varlistentry>

266

267

268

<term><option>--bump-timeout</option></term>

269

270

<para>

271

Bump the timeout of the specified client(s), just as if a

272

checker had completed successfully for it/them.

273

</para>

274

</listitem>

275

</varlistentry>

276

277

278

<term><option>--start-checker</option></term>

279

280

<para>

281

Start a new checker now for the specified client(s).

282

</para>

283

</listitem>

284

</varlistentry>

285

286

287

<term><option>--stop-checker</option></term>

288

289

<para>

290

Stop any running checker for the specified client(s).

291

</para>

292

</listitem>

293

</varlistentry>

294

295

296

<term><option>--remove</option></term>

297

298

299

<para>

300

Remove the specified client(s) from the server.

301

</para>

302

</listitem>

303

</varlistentry>

304

305

306

<term><option>--checker

307

<replaceable>COMMAND</replaceable></option></term>

308

<term><option>-c

309

<replaceable>COMMAND</replaceable></option></term>

310

311

<para>

312

Set the <varname>checker</varname> option of the specified

313

client(s); see <citerefentry><refentrytitle

314

>mandos-clients.conf</refentrytitle><manvolnum

315

>5</manvolnum></citerefentry>.

316

</para>

317

</listitem>

318

</varlistentry>

319

320

321

<term><option>--timeout

322

323

<term><option>-t

324

325

326

<para>

327

Set the <varname>timeout</varname> option of the specified

328

client(s); see <citerefentry><refentrytitle

329

>mandos-clients.conf</refentrytitle><manvolnum

330

>5</manvolnum></citerefentry>.

331

</para>

332

</listitem>

333

</varlistentry>

334

335

336

<term><option>--extended-timeout

337

338

339

<para>

340

Set the <varname>extended_timeout</varname> option of the

341

specified client(s); see <citerefentry><refentrytitle

342

>mandos-clients.conf</refentrytitle><manvolnum

343

>5</manvolnum></citerefentry>.

344

</para>

345

</listitem>

346

</varlistentry>

347

348

349

<term><option>--interval

350

351

<term><option>-i

352

353

354

<para>

355

Set the <varname>interval</varname> option of the

356

specified client(s); see <citerefentry><refentrytitle

357

>mandos-clients.conf</refentrytitle><manvolnum

358

>5</manvolnum></citerefentry>.

359

</para>

360

</listitem>

361

</varlistentry>

362

363

364

<term><option>--approve-by-default</option></term>

365

<term><option>--deny-by-default</option></term>

366

367

<para>

368

Set the <varname>approved_by_default</varname> option of

369

the specified client(s) to <literal>True</literal> or

370

<literal>False</literal>, respectively; see

371

<citerefentry><refentrytitle

372

>mandos-clients.conf</refentrytitle><manvolnum

373

>5</manvolnum></citerefentry>.

374

</para>

375

</listitem>

376

</varlistentry>

377

378

379

<term><option>--approval-delay

380

381

382

<para>

383

Set the <varname>approval_delay</varname> option of the

384

specified client(s); see <citerefentry><refentrytitle

385

>mandos-clients.conf</refentrytitle><manvolnum

386

>5</manvolnum></citerefentry>.

387

</para>

388

</listitem>

389

</varlistentry>

390

391

392

<term><option>--approval-duration

393

394

395

<para>

396

Set the <varname>approval_duration</varname> option of the

397

specified client(s); see <citerefentry><refentrytitle

398

>mandos-clients.conf</refentrytitle><manvolnum

399

>5</manvolnum></citerefentry>.

400

</para>

401

</listitem>

402

</varlistentry>

403

404

405

<term><option>--host

406

<replaceable>STRING</replaceable></option></term>

407

<term><option>-H

408

<replaceable>STRING</replaceable></option></term>

409

410

<para>

411

Set the <varname>host</varname> option of the specified

412

client(s); see <citerefentry><refentrytitle

413

>mandos-clients.conf</refentrytitle><manvolnum

414

>5</manvolnum></citerefentry>.

415

</para>

416

</listitem>

417

</varlistentry>

418

419

420

<term><option>--secret

421

<replaceable>FILENAME</replaceable></option></term>

422

<term><option>-s

423

<replaceable>FILENAME</replaceable></option></term>

424

425

<para>

426

Set the <varname>secfile</varname> option of the specified

427

client(s); see <citerefentry><refentrytitle

428

>mandos-clients.conf</refentrytitle><manvolnum

429

>5</manvolnum></citerefentry>.

430

</para>

431

</listitem>

432

</varlistentry>

433

434

435

<term><option>--approve</option></term>

436

437

438

<para>

439

Approve client(s) if currently waiting for approval.

440

</para>

441

</listitem>

442

</varlistentry>

443

444

445

446

447

448

<para>

449

Deny client(s) if currently waiting for approval.

450

</para>

451

</listitem>

452

</varlistentry>

453

454

455

456

457

458

<para>

459

Make the client-modifying options modify <emphasis

460

>all</emphasis> clients.

461

</para>

462

</listitem>

463

</varlistentry>

464

465

466

<term><option>--verbose</option></term>

467

468

469

<para>

470

Show all client settings, not just a subset.

471

</para>

472

</listitem>

473

</varlistentry>

474

475

476

<term><option>--is-enabled</option></term>

477

478

479

<para>

480

Check if a single client is enabled or not, and exit with

481

a successful exit status only if the client is enabled.

482

</para>

483

</listitem>

484

</varlistentry>

485

486

487

<term><option>--check</option></term>

488

489

<para>

490

Run self-tests. This includes any unit tests, etc.

491

</para>

492

</listitem>

493

</varlistentry>

494

495

</variablelist>

496

</refsect1>

497

498

499

<title>OVERVIEW</title>

500

<xi:include href="overview.xml"/>

501

<para>

502

This program is a small utility to generate new OpenPGP keys for

503

new Mandos clients, and to generate sections for inclusion in

504

<filename>clients.conf</filename> on the server.

505

</para>

506

</refsect1>

507

508

509

<title>EXIT STATUS</title>

510

<para>

511

If the <option>--is-enabled</option> option is used, the exit

512

status will be 0 only if the specified client is enabled.

513

</para>

514

</refsect1>

515

516

517

518

519

520

521

522

523

<title>EXAMPLE</title>

524

525

<para>

526

To list all clients:

527

</para>

528

<para>

529

<userinput>&COMMANDNAME;</userinput>

530

</para>

531

</informalexample>

532

533

534

<para>

535

To list <emphasis>all</emphasis> settings for the clients

536

named <quote>foo1.example.org</quote> and <quote

537

>foo2.example.org</quote>:

538

</para>

539

<para>

540

541

542

<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>

543

544

</para>

545

</informalexample>

546

547

548

<para>

549

To enable all clients:

550

</para>

551

<para>

552

<userinput>&COMMANDNAME; --enable --all</userinput>

553

</para>

554

</informalexample>

555

556

557

<para>

558

To change timeout and interval value for the clients

559

named <quote>foo1.example.org</quote> and <quote

560

>foo2.example.org</quote>:

561

</para>

562

<para>

563

564

565

<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>

566

567

</para>

568

</informalexample>

569

570

571

<para>

572

To approve all clients currently waiting for it:

573

</para>

574

<para>

575

<userinput>&COMMANDNAME; --approve --all</userinput>

576

</para>

577

</informalexample>

578

</refsect1>

579

580

581

<title>SECURITY</title>

582

<para>

583

This program must be permitted to access the Mandos server via

584

the D-Bus interface. This normally requires the root user, but

585

could be configured otherwise by reconfiguring the D-Bus server.

586

</para>

587

</refsect1>

588

589

590

591

<para>

592

<citerefentry><refentrytitle>intro</refentrytitle>

593

<manvolnum>8mandos</manvolnum></citerefentry>,

594

<citerefentry><refentrytitle>mandos</refentrytitle>

595

<manvolnum>8</manvolnum></citerefentry>,

596

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

597

<manvolnum>5</manvolnum></citerefentry>,

598

<citerefentry><refentrytitle>mandos-monitor</refentrytitle>

599

600

</para>

601

</refsect1>

602

603

</refentry>

604

605

606

607

608

Older »