/mandos/trunk : revision 237.2.13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2009-02-13 08:00:47 UTC
mfrom: (315 mandos)
mto: (24.1.170 mandos) (237.4.29 release)
mto: This revision was merged to the branch mainline in revision 316.
Revision ID: teddy@fukt.bsnet.se-20090213080047-eibfmj4j2a9zt53d

Merge from trunk.  Notable changes:

1. Server package now depends on "python-gobject".
2. Permission fix for /lib64.
3. Support for DEVICE setting from initramfs.conf, kernel parameters
    "ip=" and "mandos=connect".
4. Fix for the bug where the server would stop responding, with a
    zombie checker process.
5. Add support for disabling IPv6 in the server
6. Fix for the bug which made the server, plugin-runner and
    mandos-client fail to change group ID.
7. Add GnuTLS debugging to server debug output.
8. Fix for the bug of the "--options-for" option of plugin-runner,
    where it would cut the value at the first colon character.
9. Stop using sscanf() throughout, since it does not detect overflow.
10. Fix for the bug where plugin-runner would not go to the fallback
    if all plugins failed.
11. Fix for the bug where mandos-client would not clean up after a
    signal.
12. Added support for connecting to IPv4 addresses in mandos-client.
13. Added support for not using a specific network interface in
    mandos-client.
14. Kernel log level will be lowered by mandos-client while bringing
    up the network interface.
15. Add an option for the maximum time for mandos-client to wait for
    the network interface to come up.
16. Fix for the bug where mandos-client would not clean the temporary
    directory on some filesystems.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-08-29">

<!ENTITY TIMESTAMP "2009-02-13">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<refname><command>&COMMANDNAME;</command></refname>

Sends encrypted passwords to authenticated Mandos clients

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<arg>--interface<arg choice="plain">NAME</arg></arg>

<arg>--address<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg>-a<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

<arg choice="plain"><option>--address

<replaceable>ADDRESS</replaceable></option></arg>

<arg choice="plain"><option>-a

<replaceable>ADDRESS</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--port

<arg choice="plain"><option>-p

</group>

<sbr/>

<arg><option>--priority

<replaceable>PRIORITY</replaceable></option></arg>

<sbr/>

<arg><option>--servicename

<sbr/>

<arg><option>--configdir

<replaceable>DIRECTORY</replaceable></option></arg>

<sbr/>

<arg><option>--debug</option></arg>

<sbr/>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

100

</group>

101

</cmdsynopsis>

102

103

<command>&COMMANDNAME;</command>

104

<arg choice="plain">--version</arg>

100

<arg choice="plain"><option>--version</option></arg>

105

101

</cmdsynopsis>

106

102

107

103

<command>&COMMANDNAME;</command>

108

<arg choice="plain">--check</arg>

104

<arg choice="plain"><option>--check</option></arg>

109

105

</cmdsynopsis>

110

106

</refsynopsisdiv>

111

107

112

108

113

109

<title>DESCRIPTION</title>

114

110

<para>

123

119

Any authenticated client is then given the stored pre-encrypted

124

120

password for that specific client.

125

121

</para>

126

127

122

</refsect1>

128

123

129

124

130

125

<title>PURPOSE</title>

131

132

126

<para>

133

127

The purpose of this is to enable <emphasis>remote and unattended

134

128

rebooting</emphasis> of client host computer with an

135

129

<emphasis>encrypted root file system</emphasis>. See <xref

136

130

linkend="overview"/> for details.

137

131

</para>

138

139

132

</refsect1>

140

133

141

134

142

135

<title>OPTIONS</title>

143

144

136

145

137

146

138

139

147

140

148

141

<para>

149

142

Show a help message and exit

150

143

</para>

151

144

</listitem>

152

145

</varlistentry>

153

146

154

147

155

<term><literal>-i</literal>, <literal>--interface <replaceable

156

>NAME</replaceable></literal></term>

148

<term><option>--interface</option>

149

150

151

157

152

158

153

<xi:include href="mandos-options.xml" xpointer="interface"/>

159

154

</listitem>

160

155

</varlistentry>

161

156

162

157

163

<term><literal>-a</literal>, <literal>--address <replaceable>

164

ADDRESS</replaceable></literal></term>

158

<term><option>--address

159

<replaceable>ADDRESS</replaceable></option></term>

160

<term><option>-a

161

<replaceable>ADDRESS</replaceable></option></term>

165

162

166

163

<xi:include href="mandos-options.xml" xpointer="address"/>

167

164

</listitem>

168

165

</varlistentry>

169

166

170

167

171

172

PORT</replaceable></literal></term>

168

<term><option>--port

169

170

<term><option>-p

171

173

172

174

173

<xi:include href="mandos-options.xml" xpointer="port"/>

175

174

</listitem>

176

175

</varlistentry>

177

176

178

177

179

<term><literal>--check</literal></term>

178

<term><option>--check</option></term>

180

179

181

180

<para>

182

181

Run the server’s self-tests. This includes any unit

184

183

</para>

185

184

</listitem>

186

185

</varlistentry>

187

186

188

187

189

<term><literal>--debug</literal></term>

188

<term><option>--debug</option></term>

190

189

191

190

<xi:include href="mandos-options.xml" xpointer="debug"/>

192

191

</listitem>

193

192

</varlistentry>

194

193

195

194

196

<term><literal>--priority <replaceable>

197

PRIORITY</replaceable></literal></term>

195

<term><option>--priority <replaceable>

196

PRIORITY</replaceable></option></term>

198

197

199

198

<xi:include href="mandos-options.xml" xpointer="priority"/>

200

199

</listitem>

201

200

</varlistentry>

202

201

203

202

204

<term><literal>--servicename <replaceable>NAME</replaceable>

205

</literal></term>

203

<term><option>--servicename

204

206

205

207

206

<xi:include href="mandos-options.xml"

208

207

xpointer="servicename"/>

209

208

</listitem>

210

209

</varlistentry>

211

210

212

211

213

<term><literal>--configdir <replaceable>DIR</replaceable>

214

</literal></term>

212

<term><option>--configdir

213

<replaceable>DIRECTORY</replaceable></option></term>

215

214

216

215

<para>

217

216

Directory to search for configuration files. Default is

223

222

</para>

224

223

</listitem>

225

224

</varlistentry>

226

225

227

226

228

<term><literal>--version</literal></term>

227

<term><option>--version</option></term>

229

228

230

229

<para>

231

230

Prints the program version and exit.

232

231

</para>

233

232

</listitem>

234

233

</varlistentry>

234

235

236

237

238

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

239

</listitem>

240

</varlistentry>

235

241

</variablelist>

236

242

</refsect1>

237

243

238

244

239

245

<title>OVERVIEW</title>

240

246

<xi:include href="overview.xml"/>

241

247

<para>

242

248

This program is the server part. It is a normal server program

243

249

and will run in a normal system environment, not in an initial

244

RAM disk environment.

250

<acronym>RAM</acronym> disk environment.

245

251

</para>

246

252

</refsect1>

247

253

248

254

249

255

<title>NETWORK PROTOCOL</title>

250

256

<para>

302

308

</row>

303

309

</tbody></tgroup></table>

304

310

</refsect1>

305

311

306

312

307

313

<title>CHECKING</title>

308

314

<para>

316

322

<manvolnum>5</manvolnum></citerefentry>.

317

323

</para>

318

324

</refsect1>

319

325

320

326

321

327

<title>LOGGING</title>

322

328

<para>

326

332

and also show them on the console.

327

333

</para>

328

334

</refsect1>

329

335

330

336

331

337

<title>EXIT STATUS</title>

332

338

<para>

334

340

critical error is encountered.

335

341

</para>

336

342

</refsect1>

337

343

338

344

339

345

<title>ENVIRONMENT</title>

340

346

341

347

342

348

343

349

344

350

<para>

345

351

To start the configured checker (see <xref

354

360

</varlistentry>

355

361

</variablelist>

356

362

</refsect1>

357

358

363

364

359

365

<title>FILES</title>

360

366

<para>

361

367

Use the <option>--configdir</option> option to change where

384

390

</listitem>

385

391

</varlistentry>

386

392

387

<term><filename>/var/run/mandos/mandos.pid</filename></term>

393

<term><filename>/var/run/mandos.pid</filename></term>

388

394

389

395

<para>

390

396

The file containing the process id of

425

431

Currently, if a client is declared <quote>invalid</quote> due to

426

432

having timed out, the server does not record this fact onto

427

433

permanent storage. This has some security implications, see

428

<xref linkend="CLIENTS"/>.

434

<xref linkend="clients"/>.

429

435

</para>

430

436

<para>

431

437

There is currently no way of querying the server of the current

439

445

Debug mode is conflated with running in the foreground.

440

446

</para>

441

447

<para>

442

The console log messages does not show a timestamp.

448

The console log messages does not show a time stamp.

449

</para>

450

<para>

451

This server does not check the expire time of clients’ OpenPGP

452

keys.

443

453

</para>

444

454

</refsect1>

445

455

480

490

</para>

481

491

</informalexample>

482

492

</refsect1>

483

493

484

494

485

495

<title>SECURITY</title>

486

496

487

497

<title>SERVER</title>

488

498

<para>

489

499

Running this <command>&COMMANDNAME;</command> server program

490

500

should not in itself present any security risk to the host

491

computer running it. The program does not need any special

492

privileges to run, and is designed to run as a non-root user.

501

computer running it. The program switches to a non-root user

502

soon after startup.

493

503

</para>

494

504

</refsect2>

495

505

496

506

<title>CLIENTS</title>

497

507

<para>

498

508

The server only gives out its stored data to clients which

505

515

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

506

516

<manvolnum>5</manvolnum></citerefentry>)

507

517

<emphasis>must</emphasis> be made non-readable by anyone

508

except the user running the server.

518

except the user starting the server (usually root).

509

519

</para>

510

520

<para>

511

521

As detailed in <xref linkend="checking"/>, the status of all

522

532

restarting servers if it is suspected that a client has, in

523

533

fact, been compromised by parties who may now be running a

524

534

fake Mandos client with the keys from the non-encrypted

525

initial RAM image of the client host. What should be done in

526

that case (if restarting the server program really is

527

necessary) is to stop the server program, edit the

535

initial <acronym>RAM</acronym> image of the client host. What

536

should be done in that case (if restarting the server program

537

really is necessary) is to stop the server program, edit the

528

538

configuration file to omit any suspect clients, and restart

529

539

the server program.

530

540

</para>

531

541

<para>

532

542

For more details on client-side security, see

533

<citerefentry><refentrytitle>password-request</refentrytitle>

543

<citerefentry><refentrytitle>mandos-client</refentrytitle>

534

544

<manvolnum>8mandos</manvolnum></citerefentry>.

535

545

</para>

536

546

</refsect2>

537

547

</refsect1>

538

548

539

549

540

550

541

551

<para>

542

552

553

<refentrytitle>mandos-clients.conf</refentrytitle>

554

543

555

<refentrytitle>mandos.conf</refentrytitle>

544

556

545

<refentrytitle>mandos-clients.conf</refentrytitle>

546

547

<refentrytitle>password-request</refentrytitle>

557

<refentrytitle>mandos-client</refentrytitle>

548

558

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

549

559

550

560

</citerefentry>

Older »