/mandos/trunk : revision 237.2.27

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2009-09-17 11:47:22 UTC
mfrom: (375 mandos)
mto: (24.1.170 mandos) (237.4.29 release)
mto: This revision was merged to the branch mainline in revision 419.
Revision ID: teddy@fukt.bsnet.se-20090917114722-azcwe7sdowxc95ba

Merge from trunk. Lots of bug fixes, including Debian bug #546928.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-08-31">

<!ENTITY TIMESTAMP "2009-09-17">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

105

<replaceable>DIRECTORY</replaceable></option></arg>

106

<sbr/>

107

<arg><option>--debug</option></arg>

<sbr/>

108

</cmdsynopsis>

109

110

<command>&COMMANDNAME;</command>

122

104

<arg choice="plain"><option>--check</option></arg>

123

105

</cmdsynopsis>

124

106

</refsynopsisdiv>

125

107

126

108

127

109

<title>DESCRIPTION</title>

128

110

<para>

137

119

Any authenticated client is then given the stored pre-encrypted

138

120

password for that specific client.

139

121

</para>

140

141

122

</refsect1>

142

123

143

124

144

125

<title>PURPOSE</title>

145

146

126

<para>

147

127

The purpose of this is to enable <emphasis>remote and unattended

148

128

rebooting</emphasis> of client host computer with an

149

129

<emphasis>encrypted root file system</emphasis>. See <xref

150

130

linkend="overview"/> for details.

151

131

</para>

152

153

132

</refsect1>

154

133

155

134

156

135

<title>OPTIONS</title>

157

158

136

159

137

160

138

212

190

<xi:include href="mandos-options.xml" xpointer="debug"/>

213

191

</listitem>

214

192

</varlistentry>

215

193

216

194

217

195

<term><option>--priority <replaceable>

218

196

PRIORITY</replaceable></option></term>

220

198

<xi:include href="mandos-options.xml" xpointer="priority"/>

221

199

</listitem>

222

200

</varlistentry>

223

201

224

202

225

203

<term><option>--servicename

226

204

229

207

xpointer="servicename"/>

230

208

</listitem>

231

209

</varlistentry>

232

210

233

211

234

212

<term><option>--configdir

235

213

<replaceable>DIRECTORY</replaceable></option></term>

244

222

</para>

245

223

</listitem>

246

224

</varlistentry>

247

225

248

226

249

227

<term><option>--version</option></term>

250

228

253

231

</para>

254

232

</listitem>

255

233

</varlistentry>

234

235

236

237

238

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

239

</listitem>

240

</varlistentry>

256

241

</variablelist>

257

242

</refsect1>

258

243

259

244

260

245

<title>OVERVIEW</title>

261

246

<xi:include href="overview.xml"/>

262

247

<para>

263

248

This program is the server part. It is a normal server program

264

249

and will run in a normal system environment, not in an initial

265

RAM disk environment.

250

<acronym>RAM</acronym> disk environment.

266

251

</para>

267

252

</refsect1>

268

253

269

254

270

255

<title>NETWORK PROTOCOL</title>

271

256

<para>

323

308

</row>

324

309

</tbody></tgroup></table>

325

310

</refsect1>

326

311

327

312

328

313

<title>CHECKING</title>

329

314

<para>

330

315

The server will, by default, continually check that the clients

331

316

are still up. If a client has not been confirmed as being up

332

317

for some time, the client is assumed to be compromised and is no

333

longer eligible to receive the encrypted password. The timeout,

318

longer eligible to receive the encrypted password. (Manual

319

intervention is required to re-enable a client.) The timeout,

334

320

checker program, and interval between checks can be configured

335

321

both globally and per client; see <citerefentry>

336

322

<refentrytitle>mandos-clients.conf</refentrytitle>

337

<manvolnum>5</manvolnum></citerefentry>.

323

<manvolnum>5</manvolnum></citerefentry>. A client successfully

324

receiving its password will also be treated as a successful

325

checker run.

338

326

</para>

339

327

</refsect1>

340

328

341

329

342

330

<title>LOGGING</title>

343

331

<para>

347

335

and also show them on the console.

348

336

</para>

349

337

</refsect1>

350

338

351

339

352

340

<title>EXIT STATUS</title>

353

341

<para>

355

343

critical error is encountered.

356

344

</para>

357

345

</refsect1>

358

346

359

347

360

348

<title>ENVIRONMENT</title>

361

349

375

363

</varlistentry>

376

364

</variablelist>

377

365

</refsect1>

378

379

366

367

380

368

<title>FILES</title>

381

369

<para>

382

370

Use the <option>--configdir</option> option to change where

405

393

</listitem>

406

394

</varlistentry>

407

395

408

<term><filename>/var/run/mandos/mandos.pid</filename></term>

396

<term><filename>/var/run/mandos.pid</filename></term>

409

397

410

398

<para>

411

399

The file containing the process id of

446

434

Currently, if a client is declared <quote>invalid</quote> due to

447

435

having timed out, the server does not record this fact onto

448

436

permanent storage. This has some security implications, see

449

<xref linkend="CLIENTS"/>.

437

<xref linkend="clients"/>.

450

438

</para>

451

439

<para>

452

440

There is currently no way of querying the server of the current

460

448

Debug mode is conflated with running in the foreground.

461

449

</para>

462

450

<para>

463

The console log messages does not show a timestamp.

451

The console log messages do not show a time stamp.

452

</para>

453

<para>

454

This server does not check the expire time of clients’ OpenPGP

455

keys.

464

456

</para>

465

457

</refsect1>

466

458

501

493

</para>

502

494

</informalexample>

503

495

</refsect1>

504

496

505

497

506

498

<title>SECURITY</title>

507

499

508

500

<title>SERVER</title>

509

501

<para>

510

502

Running this <command>&COMMANDNAME;</command> server program

511

503

should not in itself present any security risk to the host

512

computer running it. The program does not need any special

513

privileges to run, and is designed to run as a non-root user.

504

computer running it. The program switches to a non-root user

505

soon after startup.

514

506

</para>

515

507

</refsect2>

516

508

517

509

<title>CLIENTS</title>

518

510

<para>

519

511

The server only gives out its stored data to clients which

526

518

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

527

519

<manvolnum>5</manvolnum></citerefentry>)

528

520

<emphasis>must</emphasis> be made non-readable by anyone

529

except the user running the server.

521

except the user starting the server (usually root).

530

522

</para>

531

523

<para>

532

524

As detailed in <xref linkend="checking"/>, the status of all

543

535

restarting servers if it is suspected that a client has, in

544

536

fact, been compromised by parties who may now be running a

545

537

fake Mandos client with the keys from the non-encrypted

546

initial RAM image of the client host. What should be done in

547

that case (if restarting the server program really is

548

necessary) is to stop the server program, edit the

538

initial <acronym>RAM</acronym> image of the client host. What

539

should be done in that case (if restarting the server program

540

really is necessary) is to stop the server program, edit the

549

541

configuration file to omit any suspect clients, and restart

550

542

the server program.

551

543

</para>

552

544

<para>

553

545

For more details on client-side security, see

554

<citerefentry><refentrytitle>password-request</refentrytitle>

546

<citerefentry><refentrytitle>mandos-client</refentrytitle>

555

547

<manvolnum>8mandos</manvolnum></citerefentry>.

556

548

</para>

557

549

</refsect2>

558

550

</refsect1>

559

551

560

552

561

553

562

554

<para>

565

557

566

558

<refentrytitle>mandos.conf</refentrytitle>

567

559

568

<refentrytitle>password-request</refentrytitle>

560

<refentrytitle>mandos-client</refentrytitle>

569

561

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

570

562

571

563

</citerefentry>

Older »