/mandos/trunk : revision 237.2.33

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: teddy at bsnet
Date: 2010-08-10 19:08:24 UTC
mto: This revision was merged to the branch mainline in revision 419.
Revision ID: teddy@fukt.bsnet.se-20100810190824-5yquozxy4kh6py3f

* plugins.d/mandos-client.c: An empty interface name now means to
                             autodetect an interface; to specify no
                             particular interface, use "none".
  (sys_class_net): New global variable for the "/sys/class/net" path.
  (good_interface): New function to determine the suitability of an
                    interface.  Used by a scandir() call in main().
  (main): Changed default value for "interface" to the empty string.
          Moved "connect_to" to be a global variable.  Only take down
          and up interface if its name is not "none".
* plugins.d/mandos-client.xml (OPTIONS): Update documentation for the
                                         "--interface" option.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-08-31">

<!ENTITY TIMESTAMP "2009-09-17">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

105

<replaceable>DIRECTORY</replaceable></option></arg>

106

<sbr/>

107

<arg><option>--debug</option></arg>

<sbr/>

108

</cmdsynopsis>

109

110

<command>&COMMANDNAME;</command>

122

104

<arg choice="plain"><option>--check</option></arg>

123

105

</cmdsynopsis>

124

106

</refsynopsisdiv>

125

107

126

108

127

109

<title>DESCRIPTION</title>

128

110

<para>

137

119

Any authenticated client is then given the stored pre-encrypted

138

120

password for that specific client.

139

121

</para>

140

141

122

</refsect1>

142

123

143

124

144

125

<title>PURPOSE</title>

145

146

126

<para>

147

127

The purpose of this is to enable <emphasis>remote and unattended

148

128

rebooting</emphasis> of client host computer with an

149

129

<emphasis>encrypted root file system</emphasis>. See <xref

150

130

linkend="overview"/> for details.

151

131

</para>

152

153

132

</refsect1>

154

133

155

134

156

135

<title>OPTIONS</title>

157

158

136

159

137

138

160

139

161

162

140

163

141

<para>

164

142

Show a help message and exit

165

143

</para>

166

144

</listitem>

167

145

</varlistentry>

168

146

169

147

148

<term><option>--interface</option>

149

170

150

171

151

172

<term><option>--interface</option>

173

174

152

175

153

<xi:include href="mandos-options.xml" xpointer="interface"/>

176

154

</listitem>

177

155

</varlistentry>

178

156

179

157

180

<term><literal>-a</literal>, <literal>--address <replaceable>

181

ADDRESS</replaceable></literal></term>

158

<term><option>--address

159

<replaceable>ADDRESS</replaceable></option></term>

160

<term><option>-a

161

<replaceable>ADDRESS</replaceable></option></term>

182

162

183

163

<xi:include href="mandos-options.xml" xpointer="address"/>

184

164

</listitem>

185

165

</varlistentry>

186

166

187

167

188

189

PORT</replaceable></literal></term>

168

<term><option>--port

169

170

<term><option>-p

171

190

172

191

173

<xi:include href="mandos-options.xml" xpointer="port"/>

192

174

</listitem>

193

175

</varlistentry>

194

176

195

177

196

<term><literal>--check</literal></term>

178

<term><option>--check</option></term>

197

179

198

180

<para>

199

181

Run the server’s self-tests. This includes any unit

201

183

</para>

202

184

</listitem>

203

185

</varlistentry>

204

186

205

187

206

<term><literal>--debug</literal></term>

188

<term><option>--debug</option></term>

207

189

208

190

<xi:include href="mandos-options.xml" xpointer="debug"/>

209

191

</listitem>

210

192

</varlistentry>

211

193

212

194

213

<term><literal>--priority <replaceable>

214

PRIORITY</replaceable></literal></term>

195

<term><option>--priority <replaceable>

196

PRIORITY</replaceable></option></term>

215

197

216

198

<xi:include href="mandos-options.xml" xpointer="priority"/>

217

199

</listitem>

218

200

</varlistentry>

219

201

220

202

221

<term><literal>--servicename <replaceable>NAME</replaceable>

222

</literal></term>

203

<term><option>--servicename

204

223

205

224

206

<xi:include href="mandos-options.xml"

225

207

xpointer="servicename"/>

226

208

</listitem>

227

209

</varlistentry>

228

210

229

211

230

<term><literal>--configdir <replaceable>DIR</replaceable>

231

</literal></term>

212

<term><option>--configdir

213

<replaceable>DIRECTORY</replaceable></option></term>

232

214

233

215

<para>

234

216

Directory to search for configuration files. Default is

240

222

</para>

241

223

</listitem>

242

224

</varlistentry>

243

225

244

226

245

<term><literal>--version</literal></term>

227

<term><option>--version</option></term>

246

228

247

229

<para>

248

230

Prints the program version and exit.

249

231

</para>

250

232

</listitem>

251

233

</varlistentry>

234

235

236

237

238

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

239

</listitem>

240

</varlistentry>

252

241

</variablelist>

253

242

</refsect1>

254

243

255

244

256

245

<title>OVERVIEW</title>

257

246

<xi:include href="overview.xml"/>

258

247

<para>

259

248

This program is the server part. It is a normal server program

260

249

and will run in a normal system environment, not in an initial

261

RAM disk environment.

250

<acronym>RAM</acronym> disk environment.

262

251

</para>

263

252

</refsect1>

264

253

265

254

266

255

<title>NETWORK PROTOCOL</title>

267

256

<para>

319

308

</row>

320

309

</tbody></tgroup></table>

321

310

</refsect1>

322

311

323

312

324

313

<title>CHECKING</title>

325

314

<para>

326

315

The server will, by default, continually check that the clients

327

316

are still up. If a client has not been confirmed as being up

328

317

for some time, the client is assumed to be compromised and is no

329

longer eligible to receive the encrypted password. The timeout,

318

longer eligible to receive the encrypted password. (Manual

319

intervention is required to re-enable a client.) The timeout,

330

320

checker program, and interval between checks can be configured

331

321

both globally and per client; see <citerefentry>

332

322

<refentrytitle>mandos-clients.conf</refentrytitle>

333

<manvolnum>5</manvolnum></citerefentry>.

323

<manvolnum>5</manvolnum></citerefentry>. A client successfully

324

receiving its password will also be treated as a successful

325

checker run.

334

326

</para>

335

327

</refsect1>

336

328

337

329

338

330

<title>LOGGING</title>

339

331

<para>

343

335

and also show them on the console.

344

336

</para>

345

337

</refsect1>

346

338

347

339

348

340

<title>EXIT STATUS</title>

349

341

<para>

351

343

critical error is encountered.

352

344

</para>

353

345

</refsect1>

354

346

355

347

356

348

<title>ENVIRONMENT</title>

357

349

371

363

</varlistentry>

372

364

</variablelist>

373

365

</refsect1>

374

375

366

367

376

368

<title>FILES</title>

377

369

<para>

378

370

Use the <option>--configdir</option> option to change where

401

393

</listitem>

402

394

</varlistentry>

403

395

404

<term><filename>/var/run/mandos/mandos.pid</filename></term>

396

<term><filename>/var/run/mandos.pid</filename></term>

405

397

406

398

<para>

407

399

The file containing the process id of

442

434

Currently, if a client is declared <quote>invalid</quote> due to

443

435

having timed out, the server does not record this fact onto

444

436

permanent storage. This has some security implications, see

445

<xref linkend="CLIENTS"/>.

437

<xref linkend="clients"/>.

446

438

</para>

447

439

<para>

448

440

There is currently no way of querying the server of the current

456

448

Debug mode is conflated with running in the foreground.

457

449

</para>

458

450

<para>

459

The console log messages does not show a timestamp.

451

The console log messages do not show a time stamp.

452

</para>

453

<para>

454

This server does not check the expire time of clients’ OpenPGP

455

keys.

460

456

</para>

461

457

</refsect1>

462

458

497

493

</para>

498

494

</informalexample>

499

495

</refsect1>

500

496

501

497

502

498

<title>SECURITY</title>

503

499

504

500

<title>SERVER</title>

505

501

<para>

506

502

Running this <command>&COMMANDNAME;</command> server program

507

503

should not in itself present any security risk to the host

508

computer running it. The program does not need any special

509

privileges to run, and is designed to run as a non-root user.

504

computer running it. The program switches to a non-root user

505

soon after startup.

510

506

</para>

511

507

</refsect2>

512

508

513

509

<title>CLIENTS</title>

514

510

<para>

515

511

The server only gives out its stored data to clients which

522

518

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

523

519

<manvolnum>5</manvolnum></citerefentry>)

524

520

<emphasis>must</emphasis> be made non-readable by anyone

525

except the user running the server.

521

except the user starting the server (usually root).

526

522

</para>

527

523

<para>

528

524

As detailed in <xref linkend="checking"/>, the status of all

539

535

restarting servers if it is suspected that a client has, in

540

536

fact, been compromised by parties who may now be running a

541

537

fake Mandos client with the keys from the non-encrypted

542

initial RAM image of the client host. What should be done in

543

that case (if restarting the server program really is

544

necessary) is to stop the server program, edit the

538

initial <acronym>RAM</acronym> image of the client host. What

539

should be done in that case (if restarting the server program

540

really is necessary) is to stop the server program, edit the

545

541

configuration file to omit any suspect clients, and restart

546

542

the server program.

547

543

</para>

548

544

<para>

549

545

For more details on client-side security, see

550

<citerefentry><refentrytitle>password-request</refentrytitle>

546

<citerefentry><refentrytitle>mandos-client</refentrytitle>

551

547

<manvolnum>8mandos</manvolnum></citerefentry>.

552

548

</para>

553

549

</refsect2>

554

550

</refsect1>

555

551

556

552

557

553

558

554

<para>

561

557

562

558

<refentrytitle>mandos.conf</refentrytitle>

563

559

564

<refentrytitle>password-request</refentrytitle>

560

<refentrytitle>mandos-client</refentrytitle>

565

561

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

566

562

567

563

</citerefentry>

Older »