/mandos/trunk : revision 2.1.1

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

Committer: Björn Påhlsson
Date: 2008-01-18 21:18:26 UTC
mto: This revision was merged to the branch mainline in revision 6.
Revision ID: belorn@legolas-20080118211826-5rbwo54l4bwim5x2

Client:
        [Working version in initrd for booting]
        Added #ifdef DEBUG statements through out the program
        Added support to keep bouth tcp and udp up at the same time
        Catching several more error return codes that was unchecked.
        Starts the Network interface during startup.
        Added support for entering password on console
        Added error handling, like looping until a password has been received.
        Added cleanup handling so console state is always restored

removed:
        Old server.cpp [see next version]
        Test certificates

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

client.cpp

crl.pem

key.pem

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files modified:
Makefile

Show diffs side-by-side

added added

removed removed

mandos-ctl.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-ctl">

<!ENTITY TIMESTAMP "2010-09-25">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

</refmeta>

<refname><command>&COMMANDNAME;</command></refname>

Control the operation of the Mandos server

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--enable</option></arg>

<sbr/>

<arg choice="plain"><option>--disable</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--bump-timeout</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--start-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--stop-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--remove</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--checker

<replaceable>COMMAND</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>COMMAND</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--timeout

<arg choice="plain"><option>-t

</group>

<sbr/>

<group>

<arg choice="plain"><option>--interval

<arg choice="plain"><option>-i

100

101

</group>

102

<sbr/>

103

<group>

104

<arg choice="plain"><option>--host

105

<replaceable>STRING</replaceable></option></arg>

106

<arg choice="plain"><option>-H

107

<replaceable>STRING</replaceable></option></arg>

108

</group>

109

<sbr/>

110

<group>

111

<arg choice="plain"><option>--secret

112

<replaceable>FILENAME</replaceable></option></arg>

113

<arg choice="plain"><option>-s

114

<replaceable>FILENAME</replaceable></option></arg>

115

</group>

116

<sbr/>

117

<group>

118

<arg choice="plain"><option>--approve</option></arg>

119

120

<sbr/>

121

122

123

</group>

124

<sbr/>

125

126

127

128

129

<replaceable>CLIENT</replaceable>

130

</arg>

131

</group>

132

</cmdsynopsis>

133

134

<command>&COMMANDNAME;</command>

135

<group>

136

<arg choice="plain"><option>--verbose</option></arg>

137

138

</group>

139

<group>

140

141

<replaceable>CLIENT</replaceable>

142

</arg>

143

</group>

144

</cmdsynopsis>

145

146

<command>&COMMANDNAME;</command>

147

148

<arg choice="plain"><option>--is-enabled</option></arg>

149

150

</group>

151

<arg choice='plain'><replaceable>CLIENT</replaceable></arg>

152

</cmdsynopsis>

153

154

<command>&COMMANDNAME;</command>

155

156

157

158

</group>

159

</cmdsynopsis>

160

161

<command>&COMMANDNAME;</command>

162

163

<arg choice="plain"><option>--version</option></arg>

164

165

</group>

166

</cmdsynopsis>

167

</refsynopsisdiv>

168

169

170

<title>DESCRIPTION</title>

171

<para>

172

<command>&COMMANDNAME;</command> is a program to control the

173

operation of the Mandos server <citerefentry><refentrytitle

174

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

175

</para>

176

<para>

177

This program can be used to change client settings, approve or

178

deny client requests, and to remove clients from the server.

179

</para>

180

</refsect1>

181

182

183

<title>PURPOSE</title>

184

<para>

185

The purpose of this is to enable <emphasis>remote and unattended

186

rebooting</emphasis> of client host computer with an

187

<emphasis>encrypted root file system</emphasis>. See <xref

188

linkend="overview"/> for details.

189

</para>

190

</refsect1>

191

192

193

<title>OPTIONS</title>

194

195

196

197

198

199

200

<para>

201

Show a help message and exit

202

</para>

203

</listitem>

204

</varlistentry>

205

206

207

<term><option>--enable</option></term>

208

209

210

<para>

211

Enable client(s). An enabled client will be eligble to

212

receive its secret.

213

</para>

214

</listitem>

215

</varlistentry>

216

217

218

<term><option>--disable</option></term>

219

220

221

<para>

222

Disable client(s). A disabled client will not be eligble

223

to receive its secret, and no checkers will be started for

224

it.

225

</para>

226

</listitem>

227

</varlistentry>

228

229

230

<term><option>--bump-timeout</option></term>

231

232

<para>

233

Bump the timeout of the specified client(s), just as if a

234

checker had completed successfully for it/them.

235

</para>

236

</listitem>

237

</varlistentry>

238

239

240

<term><option>--start-checker</option></term>

241

242

<para>

243

Start a new checker now for the specified client(s).

244

</para>

245

</listitem>

246

</varlistentry>

247

248

249

<term><option>--stop-checker</option></term>

250

251

<para>

252

Stop any running checker for the specified client(s).

253

</para>

254

</listitem>

255

</varlistentry>

256

257

258

<term><option>--remove</option></term>

259

260

261

<para>

262

Remove the specified client(s) from the server.

263

</para>

264

</listitem>

265

</varlistentry>

266

267

268

<term><option>--checker

269

<replaceable>COMMAND</replaceable></option></term>

270

<term><option>-c

271

<replaceable>COMMAND</replaceable></option></term>

272

273

<para>

274

Set the <varname>checker</varname> option of the specified

275

client(s); see <citerefentry><refentrytitle

276

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

277

></citerefentry>.

278

</para>

279

</listitem>

280

</varlistentry>

281

282

283

<term><option>--timeout

284

285

<term><option>-t

286

287

288

<para>

289

Set the <varname>timeout</varname> option of the specified

290

client(s); see <citerefentry><refentrytitle

291

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

292

></citerefentry>.

293

</para>

294

</listitem>

295

</varlistentry>

296

297

298

<term><option>--interval

299

300

<term><option>-i

301

302

303

<para>

304

Set the <varname>interval</varname> option of the specified

305

client(s); see <citerefentry><refentrytitle

306

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

307

></citerefentry>.

308

</para>

309

</listitem>

310

</varlistentry>

311

312

313

<term><option>--host

314

<replaceable>STRING</replaceable></option></term>

315

<term><option>-H

316

<replaceable>STRING</replaceable></option></term>

317

318

<para>

319

Set the <varname>host</varname> option of the specified

320

client(s); see <citerefentry><refentrytitle

321

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

322

></citerefentry>.

323

</para>

324

</listitem>

325

</varlistentry>

326

327

328

<term><option>--secret

329

<replaceable>FILENAME</replaceable></option></term>

330

<term><option>-s

331

<replaceable>FILENAME</replaceable></option></term>

332

333

<para>

334

Set the <varname>secfile</varname> option of the specified

335

client(s); see <citerefentry><refentrytitle

336

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

337

></citerefentry>.

338

</para>

339

</listitem>

340

</varlistentry>

341

342

343

<term><option>--approve</option></term>

344

345

346

<para>

347

Approve client(s) if currently waiting for approval.

348

</para>

349

</listitem>

350

</varlistentry>

351

352

353

354

355

356

<para>

357

Deny client(s) if currently waiting for approval.

358

</para>

359

</listitem>

360

</varlistentry>

361

362

363

364

365

366

<para>

367

Make the client-modifying options modify <emphasis

368

>all</emphasis> clients.

369

</para>

370

</listitem>

371

</varlistentry>

372

373

374

<term><option>--verbose</option></term>

375

376

377

<para>

378

Show all client settings, not just a subset.

379

</para>

380

</listitem>

381

</varlistentry>

382

383

384

<term><option>--is-enabled</option></term>

385

386

387

<para>

388

Check if a single client is enabled or not, and exit with

389

a successful exit status only if the client is enabled.

390

</para>

391

</listitem>

392

</varlistentry>

393

394

</variablelist>

395

</refsect1>

396

397

398

<title>OVERVIEW</title>

399

<xi:include href="overview.xml"/>

400

<para>

401

This program is a small utility to generate new OpenPGP keys for

402

new Mandos clients, and to generate sections for inclusion in

403

<filename>clients.conf</filename> on the server.

404

</para>

405

</refsect1>

406

407

408

<title>EXIT STATUS</title>

409

<para>

410

If the <option>--is-enabled</option> option is used, the exit

411

status will be 0 only if the specified client is enabled.

412

</para>

413

</refsect1>

414

415

416

417

418

419

420

421

422

<title>EXAMPLE</title>

423

424

<para>

425

To list all clients:

426

</para>

427

<para>

428

<userinput>&COMMANDNAME;</userinput>

429

</para>

430

</informalexample>

431

432

433

<para>

434

To list <emphasis>all</emphasis> settings for the clients

435

named <quote>foo1.example.org</quote> and <quote

436

>foo2.example.org</quote>:

437

</para>

438

<para>

439

440

441

<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>

442

443

</para>

444

</informalexample>

445

446

447

<para>

448

To enable all clients:

449

</para>

450

<para>

451

<userinput>&COMMANDNAME; --enable --all</userinput>

452

</para>

453

</informalexample>

454

455

456

<para>

457

To change timeout and interval value for the clients

458

named <quote>foo1.example.org</quote> and <quote

459

>foo2.example.org</quote>:

460

</para>

461

<para>

462

463

464

<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>

465

466

</para>

467

</informalexample>

468

469

470

<para>

471

To approve all clients currently waiting for it:

472

</para>

473

<para>

474

475

476

<userinput>&COMMANDNAME; --approve --all</userinput>

477

478

</para>

479

</informalexample>

480

</refsect1>

481

482

483

<title>SECURITY</title>

484

<para>

485

This program must be permitted to access the Mandos server via

486

the D-Bus interface. This normally requires the root user, but

487

could be configured otherwise by reconfiguring the D-Bus server.

488

</para>

489

</refsect1>

490

491

492

493

<para>

494

<citerefentry><refentrytitle>mandos</refentrytitle>

495

<manvolnum>8</manvolnum></citerefentry>,

496

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

497

<manvolnum>5</manvolnum></citerefentry>,

498

<citerefentry><refentrytitle>mandos-monitor</refentrytitle>

499

500

</para>

501

</refsect1>

502

503

</refentry>

504

505

506

507

508

Older »