/mandos/trunk : revision 237.2.13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2009-02-13 08:00:47 UTC
mfrom: (315 mandos)
mto: (24.1.170 mandos) (237.4.29 release)
mto: This revision was merged to the branch mainline in revision 316.
Revision ID: teddy@fukt.bsnet.se-20090213080047-eibfmj4j2a9zt53d

Merge from trunk.  Notable changes:

1. Server package now depends on "python-gobject".
2. Permission fix for /lib64.
3. Support for DEVICE setting from initramfs.conf, kernel parameters
    "ip=" and "mandos=connect".
4. Fix for the bug where the server would stop responding, with a
    zombie checker process.
5. Add support for disabling IPv6 in the server
6. Fix for the bug which made the server, plugin-runner and
    mandos-client fail to change group ID.
7. Add GnuTLS debugging to server debug output.
8. Fix for the bug of the "--options-for" option of plugin-runner,
    where it would cut the value at the first colon character.
9. Stop using sscanf() throughout, since it does not detect overflow.
10. Fix for the bug where plugin-runner would not go to the fallback
    if all plugins failed.
11. Fix for the bug where mandos-client would not clean up after a
    signal.
12. Added support for connecting to IPv4 addresses in mandos-client.
13. Added support for not using a specific network interface in
    mandos-client.
14. Kernel log level will be lowered by mandos-client while bringing
    up the network interface.
15. Add an option for the maximum time for mandos-client to wait for
    the network interface to come up.
16. Fix for the bug where mandos-client would not clean the temporary
    directory on some filesystems.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-08-29">

<!ENTITY TIMESTAMP "2009-02-13">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<refname><command>&COMMANDNAME;</command></refname>

Sends encrypted passwords to authenticated Mandos clients

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<arg>--interface<arg choice="plain">NAME</arg></arg>

<arg>--address<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg>-a<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

<arg choice="plain"><option>--address

<replaceable>ADDRESS</replaceable></option></arg>

<arg choice="plain"><option>-a

<replaceable>ADDRESS</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--port

<arg choice="plain"><option>-p

</group>

<sbr/>

<arg><option>--priority

<replaceable>PRIORITY</replaceable></option></arg>

<sbr/>

<arg><option>--servicename

<sbr/>

<arg><option>--configdir

<replaceable>DIRECTORY</replaceable></option></arg>

<sbr/>

<arg><option>--debug</option></arg>

<sbr/>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

100

</group>

101

</cmdsynopsis>

102

103

<command>&COMMANDNAME;</command>

104

<arg choice="plain">--version</arg>

100

<arg choice="plain"><option>--version</option></arg>

105

101

</cmdsynopsis>

106

102

107

103

<command>&COMMANDNAME;</command>

108

<arg choice="plain">--check</arg>

104

<arg choice="plain"><option>--check</option></arg>

109

105

</cmdsynopsis>

110

106

</refsynopsisdiv>

111

107

112

108

113

109

<title>DESCRIPTION</title>

114

110

<para>

123

119

Any authenticated client is then given the stored pre-encrypted

124

120

password for that specific client.

125

121

</para>

126

127

122

</refsect1>

128

123

129

124

130

125

<title>PURPOSE</title>

131

132

126

<para>

133

127

The purpose of this is to enable <emphasis>remote and unattended

134

128

rebooting</emphasis> of client host computer with an

135

129

<emphasis>encrypted root file system</emphasis>. See <xref

136

130

linkend="overview"/> for details.

137

131

</para>

138

139

132

</refsect1>

140

133

141

134

142

135

<title>OPTIONS</title>

143

144

136

145

137

138

146

139

147

148

140

149

141

<para>

150

142

Show a help message and exit

151

143

</para>

152

144

</listitem>

153

145

</varlistentry>

154

146

155

147

148

<term><option>--interface</option>

149

156

150

157

151

158

<term><option>--interface</option>

159

160

152

161

153

<xi:include href="mandos-options.xml" xpointer="interface"/>

162

154

</listitem>

163

155

</varlistentry>

164

156

165

157

166

<term><literal>-a</literal>, <literal>--address <replaceable>

167

ADDRESS</replaceable></literal></term>

158

<term><option>--address

159

<replaceable>ADDRESS</replaceable></option></term>

160

<term><option>-a

161

<replaceable>ADDRESS</replaceable></option></term>

168

162

169

163

<xi:include href="mandos-options.xml" xpointer="address"/>

170

164

</listitem>

171

165

</varlistentry>

172

166

173

167

174

175

PORT</replaceable></literal></term>

168

<term><option>--port

169

170

<term><option>-p

171

176

172

177

173

<xi:include href="mandos-options.xml" xpointer="port"/>

178

174

</listitem>

179

175

</varlistentry>

180

176

181

177

182

<term><literal>--check</literal></term>

178

<term><option>--check</option></term>

183

179

184

180

<para>

185

181

Run the server’s self-tests. This includes any unit

187

183

</para>

188

184

</listitem>

189

185

</varlistentry>

190

186

191

187

192

<term><literal>--debug</literal></term>

188

<term><option>--debug</option></term>

193

189

194

190

<xi:include href="mandos-options.xml" xpointer="debug"/>

195

191

</listitem>

196

192

</varlistentry>

197

193

198

194

199

<term><literal>--priority <replaceable>

200

PRIORITY</replaceable></literal></term>

195

<term><option>--priority <replaceable>

196

PRIORITY</replaceable></option></term>

201

197

202

198

<xi:include href="mandos-options.xml" xpointer="priority"/>

203

199

</listitem>

204

200

</varlistentry>

205

201

206

202

207

<term><literal>--servicename <replaceable>NAME</replaceable>

208

</literal></term>

203

<term><option>--servicename

204

209

205

210

206

<xi:include href="mandos-options.xml"

211

207

xpointer="servicename"/>

212

208

</listitem>

213

209

</varlistentry>

214

210

215

211

216

<term><literal>--configdir <replaceable>DIR</replaceable>

217

</literal></term>

212

<term><option>--configdir

213

<replaceable>DIRECTORY</replaceable></option></term>

218

214

219

215

<para>

220

216

Directory to search for configuration files. Default is

226

222

</para>

227

223

</listitem>

228

224

</varlistentry>

229

225

230

226

231

<term><literal>--version</literal></term>

227

<term><option>--version</option></term>

232

228

233

229

<para>

234

230

Prints the program version and exit.

235

231

</para>

236

232

</listitem>

237

233

</varlistentry>

234

235

236

237

238

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

239

</listitem>

240

</varlistentry>

238

241

</variablelist>

239

242

</refsect1>

240

243

241

244

242

245

<title>OVERVIEW</title>

243

246

<xi:include href="overview.xml"/>

244

247

<para>

245

248

This program is the server part. It is a normal server program

246

249

and will run in a normal system environment, not in an initial

247

RAM disk environment.

250

<acronym>RAM</acronym> disk environment.

248

251

</para>

249

252

</refsect1>

250

253

251

254

252

255

<title>NETWORK PROTOCOL</title>

253

256

<para>

305

308

</row>

306

309

</tbody></tgroup></table>

307

310

</refsect1>

308

311

309

312

310

313

<title>CHECKING</title>

311

314

<para>

319

322

<manvolnum>5</manvolnum></citerefentry>.

320

323

</para>

321

324

</refsect1>

322

325

323

326

324

327

<title>LOGGING</title>

325

328

<para>

329

332

and also show them on the console.

330

333

</para>

331

334

</refsect1>

332

335

333

336

334

337

<title>EXIT STATUS</title>

335

338

<para>

337

340

critical error is encountered.

338

341

</para>

339

342

</refsect1>

340

343

341

344

342

345

<title>ENVIRONMENT</title>

343

346

344

347

345

348

346

349

347

350

<para>

348

351

To start the configured checker (see <xref

357

360

</varlistentry>

358

361

</variablelist>

359

362

</refsect1>

360

361

363

364

362

365

<title>FILES</title>

363

366

<para>

364

367

Use the <option>--configdir</option> option to change where

387

390

</listitem>

388

391

</varlistentry>

389

392

390

<term><filename>/var/run/mandos/mandos.pid</filename></term>

393

<term><filename>/var/run/mandos.pid</filename></term>

391

394

392

395

<para>

393

396

The file containing the process id of

428

431

Currently, if a client is declared <quote>invalid</quote> due to

429

432

having timed out, the server does not record this fact onto

430

433

permanent storage. This has some security implications, see

431

<xref linkend="CLIENTS"/>.

434

<xref linkend="clients"/>.

432

435

</para>

433

436

<para>

434

437

There is currently no way of querying the server of the current

442

445

Debug mode is conflated with running in the foreground.

443

446

</para>

444

447

<para>

445

The console log messages does not show a timestamp.

448

The console log messages does not show a time stamp.

449

</para>

450

<para>

451

This server does not check the expire time of clients’ OpenPGP

452

keys.

446

453

</para>

447

454

</refsect1>

448

455

483

490

</para>

484

491

</informalexample>

485

492

</refsect1>

486

493

487

494

488

495

<title>SECURITY</title>

489

496

490

497

<title>SERVER</title>

491

498

<para>

492

499

Running this <command>&COMMANDNAME;</command> server program

493

500

should not in itself present any security risk to the host

494

computer running it. The program does not need any special

495

privileges to run, and is designed to run as a non-root user.

501

computer running it. The program switches to a non-root user

502

soon after startup.

496

503

</para>

497

504

</refsect2>

498

505

499

506

<title>CLIENTS</title>

500

507

<para>

501

508

The server only gives out its stored data to clients which

508

515

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

509

516

<manvolnum>5</manvolnum></citerefentry>)

510

517

<emphasis>must</emphasis> be made non-readable by anyone

511

except the user running the server.

518

except the user starting the server (usually root).

512

519

</para>

513

520

<para>

514

521

As detailed in <xref linkend="checking"/>, the status of all

525

532

restarting servers if it is suspected that a client has, in

526

533

fact, been compromised by parties who may now be running a

527

534

fake Mandos client with the keys from the non-encrypted

528

initial RAM image of the client host. What should be done in

529

that case (if restarting the server program really is

530

necessary) is to stop the server program, edit the

535

initial <acronym>RAM</acronym> image of the client host. What

536

should be done in that case (if restarting the server program

537

really is necessary) is to stop the server program, edit the

531

538

configuration file to omit any suspect clients, and restart

532

539

the server program.

533

540

</para>

534

541

<para>

535

542

For more details on client-side security, see

536

<citerefentry><refentrytitle>password-request</refentrytitle>

543

<citerefentry><refentrytitle>mandos-client</refentrytitle>

537

544

<manvolnum>8mandos</manvolnum></citerefentry>.

538

545

</para>

539

546

</refsect2>

540

547

</refsect1>

541

548

542

549

543

550

544

551

<para>

547

554

548

555

<refentrytitle>mandos.conf</refentrytitle>

549

556

550

<refentrytitle>password-request</refentrytitle>

557

<refentrytitle>mandos-client</refentrytitle>

551

558

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

552

559

553

560

</citerefentry>

Older »