/mandos/trunk : revision 237.2.1

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2009-01-05 23:26:06 UTC
mfrom: (248 mandos)
mto: (24.1.170 mandos) (237.4.29 release)
mto: This revision was merged to the branch mainline in revision 271.
Revision ID: teddy@fukt.bsnet.se-20090105232606-2iohqjcsfj076z7i

Merge from trunk, but disable the unfinished D-Bus feature:

* Makefile (PROGS): Removed "mandos-list".
  (mandos-list): Removed.
* mandos (main): Hide "--no-dbus" option.  Hard-code "use_dbus" to
                 "False".
* mandos-list: Removed.
* mandos.xml (SYNOPSIS): Removed "--no-dbus" option.
  (OPTIONS): - '' -
  (D-BUS INTERFACE): Removed section.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.config

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.config

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

default-mandos

init.d-mandos

legalnotice.xml

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-08-31">

<!ENTITY TIMESTAMP "2009-01-04">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

122

102

<arg choice="plain"><option>--check</option></arg>

123

103

</cmdsynopsis>

124

104

</refsynopsisdiv>

125

105

126

106

127

107

<title>DESCRIPTION</title>

128

108

<para>

137

117

Any authenticated client is then given the stored pre-encrypted

138

118

password for that specific client.

139

119

</para>

140

141

120

</refsect1>

142

121

143

122

144

123

<title>PURPOSE</title>

145

146

124

<para>

147

125

The purpose of this is to enable <emphasis>remote and unattended

148

126

rebooting</emphasis> of client host computer with an

149

127

<emphasis>encrypted root file system</emphasis>. See <xref

150

128

linkend="overview"/> for details.

151

129

</para>

152

153

130

</refsect1>

154

131

155

132

156

133

<title>OPTIONS</title>

157

158

134

159

135

160

136

212

188

<xi:include href="mandos-options.xml" xpointer="debug"/>

213

189

</listitem>

214

190

</varlistentry>

215

191

216

192

217

193

<term><option>--priority <replaceable>

218

194

PRIORITY</replaceable></option></term>

220

196

<xi:include href="mandos-options.xml" xpointer="priority"/>

221

197

</listitem>

222

198

</varlistentry>

223

199

224

200

225

201

<term><option>--servicename

226

202

229

205

xpointer="servicename"/>

230

206

</listitem>

231

207

</varlistentry>

232

208

233

209

234

210

<term><option>--configdir

235

211

<replaceable>DIRECTORY</replaceable></option></term>

244

220

</para>

245

221

</listitem>

246

222

</varlistentry>

247

223

248

224

249

225

<term><option>--version</option></term>

250

226

255

231

</varlistentry>

256

232

</variablelist>

257

233

</refsect1>

258

234

259

235

260

236

<title>OVERVIEW</title>

261

237

<xi:include href="overview.xml"/>

262

238

<para>

263

239

This program is the server part. It is a normal server program

264

240

and will run in a normal system environment, not in an initial

265

RAM disk environment.

241

<acronym>RAM</acronym> disk environment.

266

242

</para>

267

243

</refsect1>

268

244

269

245

270

246

<title>NETWORK PROTOCOL</title>

271

247

<para>

323

299

</row>

324

300

</tbody></tgroup></table>

325

301

</refsect1>

326

302

327

303

328

304

<title>CHECKING</title>

329

305

<para>

337

313

<manvolnum>5</manvolnum></citerefentry>.

338

314

</para>

339

315

</refsect1>

340

316

341

317

342

318

<title>LOGGING</title>

343

319

<para>

347

323

and also show them on the console.

348

324

</para>

349

325

</refsect1>

350

326

351

327

352

328

<title>EXIT STATUS</title>

353

329

<para>

355

331

critical error is encountered.

356

332

</para>

357

333

</refsect1>

358

334

359

335

360

336

<title>ENVIRONMENT</title>

361

337

375

351

</varlistentry>

376

352

</variablelist>

377

353

</refsect1>

378

379

354

355

380

356

<title>FILES</title>

381

357

<para>

382

358

Use the <option>--configdir</option> option to change where

405

381

</listitem>

406

382

</varlistentry>

407

383

408

<term><filename>/var/run/mandos/mandos.pid</filename></term>

384

<term><filename>/var/run/mandos.pid</filename></term>

409

385

410

386

<para>

411

387

The file containing the process id of

446

422

Currently, if a client is declared <quote>invalid</quote> due to

447

423

having timed out, the server does not record this fact onto

448

424

permanent storage. This has some security implications, see

449

<xref linkend="CLIENTS"/>.

425

<xref linkend="clients"/>.

450

426

</para>

451

427

<para>

452

428

There is currently no way of querying the server of the current

460

436

Debug mode is conflated with running in the foreground.

461

437

</para>

462

438

<para>

463

The console log messages does not show a timestamp.

439

The console log messages does not show a time stamp.

440

</para>

441

<para>

442

This server does not check the expire time of clients’ OpenPGP

443

keys.

464

444

</para>

465

445

</refsect1>

466

446

501

481

</para>

502

482

</informalexample>

503

483

</refsect1>

504

484

505

485

506

486

<title>SECURITY</title>

507

487

508

488

<title>SERVER</title>

509

489

<para>

510

490

Running this <command>&COMMANDNAME;</command> server program

511

491

should not in itself present any security risk to the host

512

computer running it. The program does not need any special

513

privileges to run, and is designed to run as a non-root user.

492

computer running it. The program switches to a non-root user

493

soon after startup.

514

494

</para>

515

495

</refsect2>

516

496

517

497

<title>CLIENTS</title>

518

498

<para>

519

499

The server only gives out its stored data to clients which

526

506

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

527

507

<manvolnum>5</manvolnum></citerefentry>)

528

508

<emphasis>must</emphasis> be made non-readable by anyone

529

except the user running the server.

509

except the user starting the server (usually root).

530

510

</para>

531

511

<para>

532

512

As detailed in <xref linkend="checking"/>, the status of all

543

523

restarting servers if it is suspected that a client has, in

544

524

fact, been compromised by parties who may now be running a

545

525

fake Mandos client with the keys from the non-encrypted

546

initial RAM image of the client host. What should be done in

547

that case (if restarting the server program really is

548

necessary) is to stop the server program, edit the

526

initial <acronym>RAM</acronym> image of the client host. What

527

should be done in that case (if restarting the server program

528

really is necessary) is to stop the server program, edit the

549

529

configuration file to omit any suspect clients, and restart

550

530

the server program.

551

531

</para>

552

532

<para>

553

533

For more details on client-side security, see

554

<citerefentry><refentrytitle>password-request</refentrytitle>

534

<citerefentry><refentrytitle>mandos-client</refentrytitle>

555

535

<manvolnum>8mandos</manvolnum></citerefentry>.

556

536

</para>

557

537

</refsect2>

558

538

</refsect1>

559

539

560

540

561

541

562

542

<para>

565

545

566

546

<refentrytitle>mandos.conf</refentrytitle>

567

547

568

<refentrytitle>password-request</refentrytitle>

548

<refentrytitle>mandos-client</refentrytitle>

569

549

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

570

550

571

551

</citerefentry>

Older »