To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos.xml
- browse files at revision 24.1.170
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.170
- Committer: Björn Påhlsson
- Date: 2010-10-02 18:28:21 UTC
- mfrom: (237.4.6 mandos-release)
- mto: This revision was merged to the branch mainline in revision 453.
- Revision ID: belorn@fukt.bsnet.se-20101002182821-cazexo9y46o0g72o
Merge from release branch.
- files removed:
- debian/mandos-client.examples
- debian/upstream
- network-hooks.d
- plugin-helpers
- files modified:
- .bzrignore
added
removed
mandos.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
<!ENTITY TIMESTAMP "2015-12-06">
5
<!ENTITY TIMESTAMP "2010-09-26">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
<firstname>Björn</firstname>
20
20
<surname>Påhlsson</surname>
21
21
<address>
22
<email>belorn@recompile.se</email>
22
<email>belorn@fukt.bsnet.se</email>
23
23
</address>
24
24
</author>
25
25
<author>
26
26
<firstname>Teddy</firstname>
27
27
<surname>Hogeborn</surname>
28
28
<address>
29
<email>teddy@recompile.se</email>
29
<email>teddy@fukt.bsnet.se</email>
30
30
</address>
31
31
</author>
32
32
</authorgroup>
34
34
<year>2008</year>
35
35
<year>2009</year>
36
36
<year>2010</year>
37
<year>2011</year>
38
<year>2012</year>
39
<year>2013</year>
40
<year>2014</year>
41
<year>2015</year>
42
37
<holder>Teddy Hogeborn</holder>
43
38
<holder>Björn Påhlsson</holder>
44
39
</copyright>
98
93
<arg><option>--no-dbus</option></arg>
99
94
<sbr/>
100
95
<arg><option>--no-ipv6</option></arg>
101
<sbr/>
102
<arg><option>--no-restore</option></arg>
103
<sbr/>
104
<arg><option>--statedir
105
<replaceable>DIRECTORY</replaceable></option></arg>
106
<sbr/>
107
<arg><option>--socket
108
<replaceable>FD</replaceable></option></arg>
109
<sbr/>
110
<arg><option>--foreground</option></arg>
111
<sbr/>
112
<arg><option>--no-zeroconf</option></arg>
113
96
</cmdsynopsis>
114
97
<cmdsynopsis>
115
98
<command>&COMMANDNAME;</command>
133
116
<para>
134
117
<command>&COMMANDNAME;</command> is a server daemon which
135
118
handles incoming request for passwords for a pre-defined list of
136
client host computers. For an introduction, see
137
<citerefentry><refentrytitle>intro</refentrytitle>
138
<manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server
139
uses Zeroconf to announce itself on the local network, and uses
140
TLS to communicate securely with and to authenticate the
141
clients. The Mandos server uses IPv6 to allow Mandos clients to
142
use IPv6 link-local addresses, since the clients will probably
143
not have any other addresses configured (see <xref
144
linkend="overview"/>). Any authenticated client is then given
145
the stored pre-encrypted password for that specific client.
119
client host computers. The Mandos server uses Zeroconf to
120
announce itself on the local network, and uses TLS to
121
communicate securely with and to authenticate the clients. The
122
Mandos server uses IPv6 to allow Mandos clients to use IPv6
123
link-local addresses, since the clients will probably not have
124
any other addresses configured (see <xref linkend="overview"/>).
125
Any authenticated client is then given the stored pre-encrypted
126
password for that specific client.
146
127
</para>
147
128
</refsect1>
148
129
291
272
<xi:include href="mandos-options.xml" xpointer="ipv6"/>
292
273
</listitem>
293
274
</varlistentry>
294
295
<varlistentry>
296
<term><option>--no-restore</option></term>
297
<listitem>
298
<xi:include href="mandos-options.xml" xpointer="restore"/>
299
<para>
300
See also <xref linkend="persistent_state"/>.
301
</para>
302
</listitem>
303
</varlistentry>
304
305
<varlistentry>
306
<term><option>--statedir
307
<replaceable>DIRECTORY</replaceable></option></term>
308
<listitem>
309
<xi:include href="mandos-options.xml" xpointer="statedir"/>
310
</listitem>
311
</varlistentry>
312
313
<varlistentry>
314
<term><option>--socket
315
<replaceable>FD</replaceable></option></term>
316
<listitem>
317
<xi:include href="mandos-options.xml" xpointer="socket"/>
318
</listitem>
319
</varlistentry>
320
321
<varlistentry>
322
<term><option>--foreground</option></term>
323
<listitem>
324
<xi:include href="mandos-options.xml"
325
xpointer="foreground"/>
326
</listitem>
327
</varlistentry>
328
329
<varlistentry>
330
<term><option>--no-zeroconf</option></term>
331
<listitem>
332
<xi:include href="mandos-options.xml" xpointer="zeroconf"/>
333
</listitem>
334
</varlistentry>
335
336
275
</variablelist>
337
276
</refsect1>
338
277
412
351
for some time, the client is assumed to be compromised and is no
413
352
longer eligible to receive the encrypted password. (Manual
414
353
intervention is required to re-enable a client.) The timeout,
415
extended timeout, checker program, and interval between checks
416
can be configured both globally and per client; see
417
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
418
<manvolnum>5</manvolnum></citerefentry>.
354
checker program, and interval between checks can be configured
355
both globally and per client; see <citerefentry>
356
<refentrytitle>mandos-clients.conf</refentrytitle>
357
<manvolnum>5</manvolnum></citerefentry>. A client successfully
358
receiving its password will also be treated as a successful
359
checker run.
419
360
</para>
420
361
</refsect1>
421
362
443
384
<title>LOGGING</title>
444
385
<para>
445
386
The server will send log message with various severity levels to
446
<filename class="devicefile">/dev/log</filename>. With the
387
<filename>/dev/log</filename>. With the
447
388
<option>--debug</option> option, it will log even more messages,
448
389
and also show them on the console.
449
390
</para>
450
391
</refsect1>
451
392
452
<refsect1 id="persistent_state">
453
<title>PERSISTENT STATE</title>
454
<para>
455
Client settings, initially read from
456
<filename>clients.conf</filename>, are persistent across
457
restarts, and run-time changes will override settings in
458
<filename>clients.conf</filename>. However, if a setting is
459
<emphasis>changed</emphasis> (or a client added, or removed) in
460
<filename>clients.conf</filename>, this will take precedence.
461
</para>
462
</refsect1>
463
464
393
<refsect1 id="dbus_interface">
465
394
<title>D-BUS INTERFACE</title>
466
395
<para>
528
457
</listitem>
529
458
</varlistentry>
530
459
<varlistentry>
531
<term><filename>/run/mandos.pid</filename></term>
460
<term><filename>/var/run/mandos.pid</filename></term>
532
461
<listitem>
533
462
<para>
534
463
The file containing the process id of the
535
464
<command>&COMMANDNAME;</command> process started last.
536
<emphasis >Note:</emphasis> If the <filename
537
class="directory">/run</filename> directory does not
538
exist, <filename>/var/run/mandos.pid</filename> will be
539
used instead.
540
</para>
541
</listitem>
542
</varlistentry>
543
<varlistentry>
544
<term><filename
545
class="directory">/var/lib/mandos</filename></term>
546
<listitem>
547
<para>
548
Directory where persistent state will be saved. Change
549
this with the <option>--statedir</option> option. See
550
also the <option>--no-restore</option> option.
551
</para>
552
</listitem>
553
</varlistentry>
554
<varlistentry>
555
<term><filename class="devicefile">/dev/log</filename></term>
465
</para>
466
</listitem>
467
</varlistentry>
468
<varlistentry>
469
<term><filename>/dev/log</filename></term>
556
470
<listitem>
557
471
<para>
558
472
The Unix domain socket to where local syslog messages are
581
495
backtrace. This could be considered a feature.
582
496
</para>
583
497
<para>
498
Currently, if a client is disabled due to having timed out, the
499
server does not record this fact onto permanent storage. This
500
has some security implications, see <xref linkend="clients"/>.
501
</para>
502
<para>
584
503
There is no fine-grained control over logging and debug output.
585
504
</para>
586
505
<para>
506
Debug mode is conflated with running in the foreground.
507
</para>
508
<para>
509
The console log messages do not show a time stamp.
510
</para>
511
<para>
587
512
This server does not check the expire time of clients’ OpenPGP
588
513
keys.
589
514
</para>
602
527
<informalexample>
603
528
<para>
604
529
Run the server in debug mode, read configuration files from
605
the <filename class="directory">~/mandos</filename> directory,
606
and use the Zeroconf service name <quote>Test</quote> to not
607
collide with any other official Mandos server on this host:
530
the <filename>~/mandos</filename> directory, and use the
531
Zeroconf service name <quote>Test</quote> to not collide with
532
any other official Mandos server on this host:
608
533
</para>
609
534
<para>
610
535
659
584
compromised if they are gone for too long.
660
585
</para>
661
586
<para>
587
If a client is compromised, its downtime should be duly noted
588
by the server which would therefore disable the client. But
589
if the server was ever restarted, it would re-read its client
590
list from its configuration file and again regard all clients
591
therein as enabled, and hence eligible to receive their
592
passwords. Therefore, be careful when restarting servers if
593
it is suspected that a client has, in fact, been compromised
594
by parties who may now be running a fake Mandos client with
595
the keys from the non-encrypted initial <acronym>RAM</acronym>
596
image of the client host. What should be done in that case
597
(if restarting the server program really is necessary) is to
598
stop the server program, edit the configuration file to omit
599
any suspect clients, and restart the server program.
600
</para>
601
<para>
662
602
For more details on client-side security, see
663
603
<citerefentry><refentrytitle>mandos-client</refentrytitle>
664
604
<manvolnum>8mandos</manvolnum></citerefentry>.
669
609
<refsect1 id="see_also">
670
610
<title>SEE ALSO</title>
671
611
<para>
672
<citerefentry><refentrytitle>intro</refentrytitle>
673
<manvolnum>8mandos</manvolnum></citerefentry>,
674
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
675
<manvolnum>5</manvolnum></citerefentry>,
676
<citerefentry><refentrytitle>mandos.conf</refentrytitle>
677
<manvolnum>5</manvolnum></citerefentry>,
678
<citerefentry><refentrytitle>mandos-client</refentrytitle>
679
<manvolnum>8mandos</manvolnum></citerefentry>,
680
<citerefentry><refentrytitle>sh</refentrytitle>
681
<manvolnum>1</manvolnum></citerefentry>
612
<citerefentry>
613
<refentrytitle>mandos-clients.conf</refentrytitle>
614
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
615
<refentrytitle>mandos.conf</refentrytitle>
616
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
617
<refentrytitle>mandos-client</refentrytitle>
618
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
619
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
620
</citerefentry>
682
621
</para>
683
622
<variablelist>
684
623
<varlistentry>
705
644
</varlistentry>
706
645
<varlistentry>
707
646
<term>
708
<ulink url="http://gnutls.org/">GnuTLS</ulink>
647
<ulink url="http://www.gnu.org/software/gnutls/"
648
>GnuTLS</ulink>
709
649
</term>
710
650
<listitem>
711
651
<para>
749
689
</varlistentry>
750
690
<varlistentry>
751
691
<term>
752
RFC 5246: <citetitle>The Transport Layer Security (TLS)
753
Protocol Version 1.2</citetitle>
692
RFC 4346: <citetitle>The Transport Layer Security (TLS)
693
Protocol Version 1.1</citetitle>
754
694
</term>
755
695
<listitem>
756
696
<para>
757
TLS 1.2 is the protocol implemented by GnuTLS.
697
TLS 1.1 is the protocol implemented by GnuTLS.
758
698
</para>
759
699
</listitem>
760
700
</varlistentry>
770
710
</varlistentry>
771
711
<varlistentry>
772
712
<term>
773
RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
774
Security (TLS) Authentication</citetitle>
713
RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
714
Security</citetitle>
775
715
</term>
776
716
<listitem>
777
717
<para>
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0