/mandos/trunk : revision 182

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-09-12 19:12:40 UTC
Revision ID: teddy@fukt.bsnet.se-20080912191240-edjlcll43eoijkx0

* Makefile (install): Use "install-client-nokey".
  (install-server): Create "/etc/default" and "/usr/sbin", too.
  (install-client): Do not depend on "$(INITRAMFSTOOLS)/hooks/.".
                    Renamed to "install-client-nokey".  Split out
                    post-installation-stuff to new "install-client"
                    target.

* mandos-clients.conf.xml: White space adjustments.
* mandos-keygen.xml: - '' -
* mandos.conf.xml: - '' -
* mandos.xml: - '' -
* plugin-runner.xml: - '' -
* plugins.d/mandos-client.xml: - '' -

* overview.xml: Improved grammar.

files added:
.bzrignore

INSTALL

README

debian

default-mandos

etc-plugins.d-README

init.d-mandos

legalnotice.xml

mandos-options.xml

plugin-runner.conf

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY OVERVIEW SYSTEM "overview.xml">

<!ENTITY TIMESTAMP "2008-09-12">

<title>&COMMANDNAME;</title>

<title>Mandos Manual</title>

<productname>&COMMANDNAME;</productname>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<refname><command>&COMMANDNAME;</command></refname>

Sends encrypted passwords to authenticated Mandos clients

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<arg>--interface<arg choice="plain">IF</arg></arg>

<arg>--address<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg>-a<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

<arg choice="plain"><option>--address

<replaceable>ADDRESS</replaceable></option></arg>

<arg choice="plain"><option>-a

<replaceable>ADDRESS</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--port

<arg choice="plain"><option>-p

</group>

<sbr/>

<arg><option>--priority

<replaceable>PRIORITY</replaceable></option></arg>

<sbr/>

<arg><option>--servicename

<sbr/>

<arg><option>--configdir

<replaceable>DIRECTORY</replaceable></option></arg>

<sbr/>

<arg><option>--debug</option></arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

</group>

100

</cmdsynopsis>

101

102

<command>&COMMANDNAME;</command>

103

<arg choice="plain">--version</arg>

<arg choice="plain"><option>--version</option></arg>

104

</cmdsynopsis>

105

106

<command>&COMMANDNAME;</command>

107

<arg choice="plain">--check</arg>

100

<arg choice="plain"><option>--check</option></arg>

108

101

</cmdsynopsis>

109

102

</refsynopsisdiv>

110

103

111

104

112

105

<title>DESCRIPTION</title>

113

106

<para>

122

115

Any authenticated client is then given the stored pre-encrypted

123

116

password for that specific client.

124

117

</para>

125

126

118

</refsect1>

127

119

128

120

129

121

<title>PURPOSE</title>

130

131

122

<para>

132

123

The purpose of this is to enable <emphasis>remote and unattended

133

124

rebooting</emphasis> of client host computer with an

134

125

<emphasis>encrypted root file system</emphasis>. See <xref

135

126

linkend="overview"/> for details.

136

127

</para>

137

138

128

</refsect1>

139

129

140

130

141

131

<title>OPTIONS</title>

142

143

132

144

133

145

134

135

146

136

147

137

<para>

148

138

Show a help message and exit

149

139

</para>

150

140

</listitem>

151

141

</varlistentry>

152

153

154

<term><literal>-i</literal>, <literal>--interface <replaceable>

155

IF</replaceable></literal></term>

156

157

<para>

158

Only announce the server and listen to requests on network

159

interface <replaceable>IF</replaceable>. Default is to

160

use all available interfaces. <emphasis>Note:</emphasis>

161

a failure to bind to the specified interface is not

162

considered critical, and the server does not exit.

163

</para>

164

</listitem>

165

</varlistentry>

166

167

168

<term><literal>-a</literal>, <literal>--address <replaceable>

169

ADDRESS</replaceable></literal></term>

170

171

<para>

172

If this option is used, the server will only listen to a

173

specific address. This must currently be an IPv6 address;

174

an IPv4 address can be specified using the

175

<quote><literal>::FFFF:192.0.2.3</literal></quote> syntax.

176

Also, if a link-local address is specified, an interface

177

should be set, since a link-local address is only valid on

178

a single interface. By default, the server will listen to

179

all available addresses.

180

</para>

181

</listitem>

182

</varlistentry>

183

184

185

186

PORT</replaceable></literal></term>

187

188

<para>

189

If this option is used, the server to bind to that

190

port. By default, the server will listen to an arbitrary

191

port given by the operating system.

192

</para>

193

</listitem>

194

</varlistentry>

195

196

197

<term><literal>--check</literal></term>

142

143

144

<term><option>--interface</option>

145

146

147

148

149

<xi:include href="mandos-options.xml" xpointer="interface"/>

150

</listitem>

151

</varlistentry>

152

153

154

<term><option>--address

155

<replaceable>ADDRESS</replaceable></option></term>

156

<term><option>-a

157

<replaceable>ADDRESS</replaceable></option></term>

158

159

<xi:include href="mandos-options.xml" xpointer="address"/>

160

</listitem>

161

</varlistentry>

162

163

164

<term><option>--port

165

166

<term><option>-p

167

168

169

<xi:include href="mandos-options.xml" xpointer="port"/>

170

</listitem>

171

</varlistentry>

172

173

174

<term><option>--check</option></term>

198

175

199

176

<para>

200

177

Run the server’s self-tests. This includes any unit

202

179

</para>

203

180

</listitem>

204

181

</varlistentry>

205

206

207

<term><literal>--debug</literal></term>

208

209

<para>

210

If the server is run in debug mode, it will run in the

211

foreground and print a lot of debugging information. The

212

default is <emphasis>not</emphasis> to run in debug mode.

213

</para>

214

</listitem>

215

</varlistentry>

216

217

218

<term><literal>--priority <replaceable>

219

PRIORITY</replaceable></literal></term>

220

221

<para>

222

GnuTLS priority string for the TLS handshake with the

223

clients. The default is

224

<quote><literal>SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP</literal></quote>.

225

See <citerefentry><refentrytitle>gnutls_priority_init

226

</refentrytitle><manvolnum>3</manvolnum></citerefentry>

227

for the syntax. <emphasis>Warning</emphasis>: changing

228

this may make the TLS handshake fail, making communication

229

with clients impossible.

230

</para>

231

</listitem>

232

</varlistentry>

233

234

235

<term><literal>--servicename <replaceable>NAME</replaceable>

236

</literal></term>

237

238

<para>

239

Zeroconf service name. The default is

240

<quote><literal>Mandos</literal></quote>. You only need

241

to change this if you for some reason want to run more

242

than one server on the same <emphasis>host</emphasis>,

243

which would not normally be useful. If there are name

244

collisions on the same <emphasis>network</emphasis>, the

245

newer server will automatically rename itself to

246

<quote><literal>Mandos #2</literal></quote>, and so on;

247

therefore, this option is not needed in that case.

248

</para>

249

</listitem>

250

</varlistentry>

251

252

253

<term><literal>--configdir <replaceable>DIR</replaceable>

254

</literal></term>

182

183

184

<term><option>--debug</option></term>

185

186

<xi:include href="mandos-options.xml" xpointer="debug"/>

187

</listitem>

188

</varlistentry>

189

190

191

<term><option>--priority <replaceable>

192

PRIORITY</replaceable></option></term>

193

194

<xi:include href="mandos-options.xml" xpointer="priority"/>

195

</listitem>

196

</varlistentry>

197

198

199

<term><option>--servicename

200

201

202

<xi:include href="mandos-options.xml"

203

xpointer="servicename"/>

204

</listitem>

205

</varlistentry>

206

207

208

<term><option>--configdir

209

<replaceable>DIRECTORY</replaceable></option></term>

255

210

256

211

<para>

257

212

Directory to search for configuration files. Default is

263

218

</para>

264

219

</listitem>

265

220

</varlistentry>

266

221

267

222

268

<term><literal>--version</literal></term>

223

<term><option>--version</option></term>

269

224

270

225

<para>

271

226

Prints the program version and exit.

274

229

</varlistentry>

275

230

</variablelist>

276

231

</refsect1>

277

232

278

233

279

234

<title>OVERVIEW</title>

280

&OVERVIEW;

235

<xi:include href="overview.xml"/>

281

236

<para>

282

237

This program is the server part. It is a normal server program

283

238

and will run in a normal system environment, not in an initial

284

RAM disk environment.

239

<acronym>RAM</acronym> disk environment.

285

240

</para>

286

241

</refsect1>

287

242

288

243

289

244

<title>NETWORK PROTOCOL</title>

290

245

<para>

316

271

317

272

</row>

318

273

<row>

319

274

320

275

321

276

</row>

322

277

<row>

342

297

</row>

343

298

</tbody></tgroup></table>

344

299

</refsect1>

345

300

346

301

347

302

<title>CHECKING</title>

348

303

<para>

352

307

longer eligible to receive the encrypted password. The timeout,

353

308

checker program, and interval between checks can be configured

354

309

both globally and per client; see <citerefentry>

355

<refentrytitle>mandos.conf</refentrytitle>

356

357

310

<refentrytitle>mandos-clients.conf</refentrytitle>

358

311

<manvolnum>5</manvolnum></citerefentry>.

359

312

</para>

360

313

</refsect1>

361

314

362

315

363

316

<title>LOGGING</title>

364

317

<para>

365

The server will send log messaged with various severity levels

366

to <filename>/dev/log</filename>. With the

318

The server will send log message with various severity levels to

319

<filename>/dev/log</filename>. With the

367

320

<option>--debug</option> option, it will log even more messages,

368

321

and also show them on the console.

369

322

</para>

370

323

</refsect1>

371

324

372

325

373

326

<title>EXIT STATUS</title>

374

327

<para>

376

329

critical error is encountered.

377

330

</para>

378

331

</refsect1>

379

332

380

333

381

334

<title>ENVIRONMENT</title>

382

335

383

336

384

337

385

338

386

339

<para>

387

340

To start the configured checker (see <xref

390

343

<varname>PATH</varname> to search for matching commands if

391

344

an absolute path is not given. See <citerefentry>

392

345

393

</citerefentry>

346

</citerefentry>.

394

347

</para>

395

348

</listitem>

396

349

</varlistentry>

397

350

</variablelist>

398

351

</refsect1>

399

352

400

353

401

354

<title>FILES</title>

402

355

<para>

426

379

</listitem>

427

380

</varlistentry>

428

381

429

<term><filename>/var/run/mandos/mandos.pid</filename></term>

382

<term><filename>/var/run/mandos.pid</filename></term>

430

383

431

384

<para>

432

385

The file containing the process id of

481

434

Debug mode is conflated with running in the foreground.

482

435

</para>

483

436

<para>

484

The console log messages does not show a timestamp.

437

The console log messages does not show a time stamp.

438

</para>

439

<para>

440

This server does not check the expire time of clients’ OpenPGP

441

keys.

485

442

</para>

486

443

</refsect1>

487

444

492

449

Normal invocation needs no options:

493

450

</para>

494

451

<para>

495

<userinput>mandos</userinput>

452

<userinput>&COMMANDNAME;</userinput>

496

453

</para>

497

454

</informalexample>

498

455

505

462

<para>

506

463

507

464

508

<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>

465

<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>

509

466

510

467

</para>

511

468

</informalexample>

517

474

<para>

518

475

519

476

520

<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

477

<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

521

478

522

479

</para>

523

480

</informalexample>

524

481

</refsect1>

525

482

526

483

527

484

<title>SECURITY</title>

528

485

530

487

<para>

531

488

Running this <command>&COMMANDNAME;</command> server program

532

489

should not in itself present any security risk to the host

533

computer running it. The program does not need any special

534

privileges to run, and is designed to run as a non-root user.

490

computer running it. The program switches to a non-root user

491

soon after startup.

535

492

</para>

536

493

</refsect2>

537

494

561

518

re-read its client list from its configuration file and again

562

519

regard all clients therein as valid, and hence eligible to

563

520

receive their passwords. Therefore, be careful when

564

restarting servers if you suspect that a client has, in fact,

565

been compromised by parties who may now be running a fake

566

Mandos client with the keys from the non-encrypted initial RAM

567

image of the client host. What should be done in that case

568

(if restarting the server program really is necessary) is to

569

stop the server program, edit the configuration file to omit

570

any suspect clients, and restart the server program.

521

restarting servers if it is suspected that a client has, in

522

fact, been compromised by parties who may now be running a

523

fake Mandos client with the keys from the non-encrypted

524

initial <acronym>RAM</acronym> image of the client host. What

525

should be done in that case (if restarting the server program

526

really is necessary) is to stop the server program, edit the

527

configuration file to omit any suspect clients, and restart

528

the server program.

571

529

</para>

572

530

<para>

573

531

For more details on client-side security, see

574

<citerefentry><refentrytitle>password-request</refentrytitle>

532

<citerefentry><refentrytitle>mandos-client</refentrytitle>

575

533

<manvolnum>8mandos</manvolnum></citerefentry>.

576

534

</para>

577

535

</refsect2>

578

536

</refsect1>

579

537

580

538

581

539

540

<para>

541

542

<refentrytitle>mandos-clients.conf</refentrytitle>

543

544

<refentrytitle>mandos.conf</refentrytitle>

545

546

<refentrytitle>mandos-client</refentrytitle>

547

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

548

549

</citerefentry>

550

</para>

582

551

583

552

584

553

<term>

585

586

<refentrytitle>password-request</refentrytitle>

587

<manvolnum>8mandos</manvolnum>

588

</citerefentry>

589

</term>

590

591

<para>

592

This is the actual program which talks to this server.

593

Note that it is normally not invoked directly, and is only

594

run in the initial RAM disk environment, and not on a

595

fully started system.

596

</para>

597

</listitem>

598

</varlistentry>

599

600

<term>

601

554

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

602

555

</term>

603

556

620

573

</varlistentry>

621

574

622

575

<term>

623

<ulink

624

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

576

<ulink url="http://www.gnu.org/software/gnutls/"

577

>GnuTLS</ulink>

625

578

</term>

626

579

627

580

<para>

633

586

</varlistentry>

634

587

635

588

<term>

636

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

637

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

638

Unicast Addresses</citation>

589

RFC 4291: <citetitle>IP Version 6 Addressing

590

Architecture</citetitle>

639

591

</term>

640

592

641

<para>

642

The clients use IPv6 link-local addresses, which are

643

immediately usable since a link-local addresses is

644

automatically assigned to a network interfaces when it is

645

brought up.

646

</para>

593

594

595

<term>Section 2.2: <citetitle>Text Representation of

596

Addresses</citetitle></term>

597

598

</varlistentry>

599

600

<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6

601

Address</citetitle></term>

602

603

</varlistentry>

604

605

<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast

606

Addresses</citetitle></term>

607

608

<para>

609

The clients use IPv6 link-local addresses, which are

610

immediately usable since a link-local addresses is

611

automatically assigned to a network interfaces when it

612

is brought up.

613

</para>

614

</listitem>

615

</varlistentry>

616

</variablelist>

647

617

</listitem>

648

618

</varlistentry>

649

619

650

620

<term>

651

<citation>RFC 4346: <citetitle>The Transport Layer Security

652

(TLS) Protocol Version 1.1</citetitle></citation>

621

RFC 4346: <citetitle>The Transport Layer Security (TLS)

622

Protocol Version 1.1</citetitle>

653

623

</term>

654

624

655

625

<para>

659

629

</varlistentry>

660

630

661

631

<term>

662

<citation>RFC 4880: <citetitle>OpenPGP Message

663

Format</citetitle></citation>

632

RFC 4880: <citetitle>OpenPGP Message Format</citetitle>

664

633

</term>

665

634

666

635

<para>

670

639

</varlistentry>

671

640

672

641

<term>

673

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

674

Transport Layer Security</citetitle></citation>

642

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

643

Security</citetitle>

675

644

</term>

676

645

677

646

<para>

683

652

</variablelist>

684

653

</refsect1>

685

654

</refentry>

655

656

657

658

659

Older »