To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos.xml
- browse files at revision 237.4.3
- compare with another revision
- download diff
- download tarball
- view history from revision 237.4.3
- Committer: Björn Påhlsson
- Date: 2010-10-02 16:57:03 UTC
- mfrom: (24.1.168 mandos)
- mto: (24.1.170 mandos) (237.4.29 release)
- mto: This revision was merged to the branch mainline in revision 453.
- Revision ID: belorn@fukt.bsnet.se-20101002165703-u41e3cdyj12t728p
Merge from trunk. Just a minor release to make it lintian clean.
- files removed:
- debian/mandos-client.examples
- debian/source
- debian/upstream
- network-hooks.d
- plugin-helpers
- files modified:
- .bzrignore
added
removed
mandos.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
<!ENTITY TIMESTAMP "2015-07-20">
5
<!ENTITY TIMESTAMP "2010-09-26">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
<firstname>Björn</firstname>
20
20
<surname>Påhlsson</surname>
21
21
<address>
22
<email>belorn@recompile.se</email>
22
<email>belorn@fukt.bsnet.se</email>
23
23
</address>
24
24
</author>
25
25
<author>
26
26
<firstname>Teddy</firstname>
27
27
<surname>Hogeborn</surname>
28
28
<address>
29
<email>teddy@recompile.se</email>
29
<email>teddy@fukt.bsnet.se</email>
30
30
</address>
31
31
</author>
32
32
</authorgroup>
34
34
<year>2008</year>
35
35
<year>2009</year>
36
36
<year>2010</year>
37
<year>2011</year>
38
<year>2012</year>
39
<year>2013</year>
40
37
<holder>Teddy Hogeborn</holder>
41
38
<holder>Björn Påhlsson</holder>
42
39
</copyright>
96
93
<arg><option>--no-dbus</option></arg>
97
94
<sbr/>
98
95
<arg><option>--no-ipv6</option></arg>
99
<sbr/>
100
<arg><option>--no-restore</option></arg>
101
<sbr/>
102
<arg><option>--statedir
103
<replaceable>DIRECTORY</replaceable></option></arg>
104
<sbr/>
105
<arg><option>--socket
106
<replaceable>FD</replaceable></option></arg>
107
<sbr/>
108
<arg><option>--foreground</option></arg>
109
<sbr/>
110
<arg><option>--no-zeroconf</option></arg>
111
96
</cmdsynopsis>
112
97
<cmdsynopsis>
113
98
<command>&COMMANDNAME;</command>
131
116
<para>
132
117
<command>&COMMANDNAME;</command> is a server daemon which
133
118
handles incoming request for passwords for a pre-defined list of
134
client host computers. For an introduction, see
135
<citerefentry><refentrytitle>intro</refentrytitle>
136
<manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server
137
uses Zeroconf to announce itself on the local network, and uses
138
TLS to communicate securely with and to authenticate the
139
clients. The Mandos server uses IPv6 to allow Mandos clients to
140
use IPv6 link-local addresses, since the clients will probably
141
not have any other addresses configured (see <xref
142
linkend="overview"/>). Any authenticated client is then given
143
the stored pre-encrypted password for that specific client.
119
client host computers. The Mandos server uses Zeroconf to
120
announce itself on the local network, and uses TLS to
121
communicate securely with and to authenticate the clients. The
122
Mandos server uses IPv6 to allow Mandos clients to use IPv6
123
link-local addresses, since the clients will probably not have
124
any other addresses configured (see <xref linkend="overview"/>).
125
Any authenticated client is then given the stored pre-encrypted
126
password for that specific client.
144
127
</para>
145
128
</refsect1>
146
129
289
272
<xi:include href="mandos-options.xml" xpointer="ipv6"/>
290
273
</listitem>
291
274
</varlistentry>
292
293
<varlistentry>
294
<term><option>--no-restore</option></term>
295
<listitem>
296
<xi:include href="mandos-options.xml" xpointer="restore"/>
297
<para>
298
See also <xref linkend="persistent_state"/>.
299
</para>
300
</listitem>
301
</varlistentry>
302
303
<varlistentry>
304
<term><option>--statedir
305
<replaceable>DIRECTORY</replaceable></option></term>
306
<listitem>
307
<xi:include href="mandos-options.xml" xpointer="statedir"/>
308
</listitem>
309
</varlistentry>
310
311
<varlistentry>
312
<term><option>--socket
313
<replaceable>FD</replaceable></option></term>
314
<listitem>
315
<xi:include href="mandos-options.xml" xpointer="socket"/>
316
</listitem>
317
</varlistentry>
318
319
<varlistentry>
320
<term><option>--foreground</option></term>
321
<listitem>
322
<xi:include href="mandos-options.xml"
323
xpointer="foreground"/>
324
</listitem>
325
</varlistentry>
326
327
<varlistentry>
328
<term><option>--no-zeroconf</option></term>
329
<listitem>
330
<xi:include href="mandos-options.xml" xpointer="zeroconf"/>
331
</listitem>
332
</varlistentry>
333
334
275
</variablelist>
335
276
</refsect1>
336
277
410
351
for some time, the client is assumed to be compromised and is no
411
352
longer eligible to receive the encrypted password. (Manual
412
353
intervention is required to re-enable a client.) The timeout,
413
extended timeout, checker program, and interval between checks
414
can be configured both globally and per client; see
415
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
416
<manvolnum>5</manvolnum></citerefentry>.
354
checker program, and interval between checks can be configured
355
both globally and per client; see <citerefentry>
356
<refentrytitle>mandos-clients.conf</refentrytitle>
357
<manvolnum>5</manvolnum></citerefentry>. A client successfully
358
receiving its password will also be treated as a successful
359
checker run.
417
360
</para>
418
361
</refsect1>
419
362
441
384
<title>LOGGING</title>
442
385
<para>
443
386
The server will send log message with various severity levels to
444
<filename class="devicefile">/dev/log</filename>. With the
387
<filename>/dev/log</filename>. With the
445
388
<option>--debug</option> option, it will log even more messages,
446
389
and also show them on the console.
447
390
</para>
448
391
</refsect1>
449
392
450
<refsect1 id="persistent_state">
451
<title>PERSISTENT STATE</title>
452
<para>
453
Client settings, initially read from
454
<filename>clients.conf</filename>, are persistent across
455
restarts, and run-time changes will override settings in
456
<filename>clients.conf</filename>. However, if a setting is
457
<emphasis>changed</emphasis> (or a client added, or removed) in
458
<filename>clients.conf</filename>, this will take precedence.
459
</para>
460
</refsect1>
461
462
393
<refsect1 id="dbus_interface">
463
394
<title>D-BUS INTERFACE</title>
464
395
<para>
526
457
</listitem>
527
458
</varlistentry>
528
459
<varlistentry>
529
<term><filename>/run/mandos.pid</filename></term>
460
<term><filename>/var/run/mandos.pid</filename></term>
530
461
<listitem>
531
462
<para>
532
463
The file containing the process id of the
533
464
<command>&COMMANDNAME;</command> process started last.
534
<emphasis >Note:</emphasis> If the <filename
535
class="directory">/run</filename> directory does not
536
exist, <filename>/var/run/mandos.pid</filename> will be
537
used instead.
538
</para>
539
</listitem>
540
</varlistentry>
541
<varlistentry>
542
<term><filename class="devicefile">/dev/log</filename></term>
543
</varlistentry>
544
<varlistentry>
545
<term><filename
546
class="directory">/var/lib/mandos</filename></term>
547
<listitem>
548
<para>
549
Directory where persistent state will be saved. Change
550
this with the <option>--statedir</option> option. See
551
also the <option>--no-restore</option> option.
552
465
</para>
553
466
</listitem>
554
467
</varlistentry>
582
495
backtrace. This could be considered a feature.
583
496
</para>
584
497
<para>
498
Currently, if a client is disabled due to having timed out, the
499
server does not record this fact onto permanent storage. This
500
has some security implications, see <xref linkend="clients"/>.
501
</para>
502
<para>
585
503
There is no fine-grained control over logging and debug output.
586
504
</para>
587
505
<para>
506
Debug mode is conflated with running in the foreground.
507
</para>
508
<para>
509
The console log messages do not show a time stamp.
510
</para>
511
<para>
588
512
This server does not check the expire time of clients’ OpenPGP
589
513
keys.
590
514
</para>
603
527
<informalexample>
604
528
<para>
605
529
Run the server in debug mode, read configuration files from
606
the <filename class="directory">~/mandos</filename> directory,
607
and use the Zeroconf service name <quote>Test</quote> to not
608
collide with any other official Mandos server on this host:
530
the <filename>~/mandos</filename> directory, and use the
531
Zeroconf service name <quote>Test</quote> to not collide with
532
any other official Mandos server on this host:
609
533
</para>
610
534
<para>
611
535
660
584
compromised if they are gone for too long.
661
585
</para>
662
586
<para>
587
If a client is compromised, its downtime should be duly noted
588
by the server which would therefore disable the client. But
589
if the server was ever restarted, it would re-read its client
590
list from its configuration file and again regard all clients
591
therein as enabled, and hence eligible to receive their
592
passwords. Therefore, be careful when restarting servers if
593
it is suspected that a client has, in fact, been compromised
594
by parties who may now be running a fake Mandos client with
595
the keys from the non-encrypted initial <acronym>RAM</acronym>
596
image of the client host. What should be done in that case
597
(if restarting the server program really is necessary) is to
598
stop the server program, edit the configuration file to omit
599
any suspect clients, and restart the server program.
600
</para>
601
<para>
663
602
For more details on client-side security, see
664
603
<citerefentry><refentrytitle>mandos-client</refentrytitle>
665
604
<manvolnum>8mandos</manvolnum></citerefentry>.
670
609
<refsect1 id="see_also">
671
610
<title>SEE ALSO</title>
672
611
<para>
673
<citerefentry><refentrytitle>intro</refentrytitle>
674
<manvolnum>8mandos</manvolnum></citerefentry>,
675
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
676
<manvolnum>5</manvolnum></citerefentry>,
677
<citerefentry><refentrytitle>mandos.conf</refentrytitle>
678
<manvolnum>5</manvolnum></citerefentry>,
679
<citerefentry><refentrytitle>mandos-client</refentrytitle>
680
<manvolnum>8mandos</manvolnum></citerefentry>,
681
<citerefentry><refentrytitle>sh</refentrytitle>
682
<manvolnum>1</manvolnum></citerefentry>
612
<citerefentry>
613
<refentrytitle>mandos-clients.conf</refentrytitle>
614
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
615
<refentrytitle>mandos.conf</refentrytitle>
616
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
617
<refentrytitle>mandos-client</refentrytitle>
618
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
619
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
620
</citerefentry>
683
621
</para>
684
622
<variablelist>
685
623
<varlistentry>
706
644
</varlistentry>
707
645
<varlistentry>
708
646
<term>
709
<ulink url="http://gnutls.org/">GnuTLS</ulink>
647
<ulink url="http://www.gnu.org/software/gnutls/"
648
>GnuTLS</ulink>
710
649
</term>
711
650
<listitem>
712
651
<para>
750
689
</varlistentry>
751
690
<varlistentry>
752
691
<term>
753
RFC 5246: <citetitle>The Transport Layer Security (TLS)
754
Protocol Version 1.2</citetitle>
692
RFC 4346: <citetitle>The Transport Layer Security (TLS)
693
Protocol Version 1.1</citetitle>
755
694
</term>
756
695
<listitem>
757
696
<para>
758
TLS 1.2 is the protocol implemented by GnuTLS.
697
TLS 1.1 is the protocol implemented by GnuTLS.
759
698
</para>
760
699
</listitem>
761
700
</varlistentry>
771
710
</varlistentry>
772
711
<varlistentry>
773
712
<term>
774
RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
775
Security (TLS) Authentication</citetitle>
713
RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
714
Security</citetitle>
776
715
</term>
777
716
<listitem>
778
717
<para>
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0