To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos.xml
- browse files at revision 24.1.75
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.75
- Committer: Björn Påhlsson
- Date: 2008-08-30 19:59:42 UTC
- mfrom: (121 mandos)
- mto: (24.1.154 mandos) (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 132.
- Revision ID: belorn@braxen-20080830195942-o76ct0zo0ximvgfz
merge
added
removed
mandos.xml
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY VERSION "1.0">
5
5
<!ENTITY COMMANDNAME "mandos">
6
<!ENTITY TIMESTAMP "2008-09-05">
6
<!ENTITY TIMESTAMP "2008-08-30">
7
7
]>
8
8
9
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
34
34
<holder>Teddy Hogeborn</holder>
35
35
<holder>Björn Påhlsson</holder>
36
36
</copyright>
37
<xi:include href="legalnotice.xml"/>
37
<legalnotice>
38
<para>
39
This manual page is free software: you can redistribute it
40
and/or modify it under the terms of the GNU General Public
41
License as published by the Free Software Foundation,
42
either version 3 of the License, or (at your option) any
43
later version.
44
</para>
45
46
<para>
47
This manual page is distributed in the hope that it will
48
be useful, but WITHOUT ANY WARRANTY; without even the
49
implied warranty of MERCHANTABILITY or FITNESS FOR A
50
PARTICULAR PURPOSE. See the GNU General Public License
51
for more details.
52
</para>
53
54
<para>
55
You should have received a copy of the GNU General Public
56
License along with this program; If not, see
57
<ulink url="http://www.gnu.org/licenses/"/>.
58
</para>
59
</legalnotice>
38
60
</refentryinfo>
39
61
40
62
<refmeta>
87
109
<cmdsynopsis>
88
110
<command>&COMMANDNAME;</command>
89
111
<group choice="req">
112
<arg choice="plain"><option>-h</option></arg>
90
113
<arg choice="plain"><option>--help</option></arg>
91
<arg choice="plain"><option>-h</option></arg>
92
114
</group>
93
115
</cmdsynopsis>
94
116
<cmdsynopsis>
115
137
Any authenticated client is then given the stored pre-encrypted
116
138
password for that specific client.
117
139
</para>
140
118
141
</refsect1>
119
142
120
143
<refsect1 id="purpose">
121
144
<title>PURPOSE</title>
145
122
146
<para>
123
147
The purpose of this is to enable <emphasis>remote and unattended
124
148
rebooting</emphasis> of client host computer with an
125
149
<emphasis>encrypted root file system</emphasis>. See <xref
126
150
linkend="overview"/> for details.
127
151
</para>
152
128
153
</refsect1>
129
154
130
155
<refsect1 id="options">
131
156
<title>OPTIONS</title>
157
132
158
<variablelist>
133
159
<varlistentry>
160
<term><option>-h</option></term>
134
161
<term><option>--help</option></term>
135
<term><option>-h</option></term>
136
162
<listitem>
137
163
<para>
138
164
Show a help message and exit
139
165
</para>
140
166
</listitem>
141
167
</varlistentry>
142
168
143
169
<varlistentry>
170
<term><option>-i</option>
171
<replaceable>NAME</replaceable></term>
144
172
<term><option>--interface</option>
145
173
<replaceable>NAME</replaceable></term>
146
<term><option>-i</option>
147
<replaceable>NAME</replaceable></term>
148
174
<listitem>
149
175
<xi:include href="mandos-options.xml" xpointer="interface"/>
150
176
</listitem>
151
177
</varlistentry>
152
178
153
179
<varlistentry>
154
<term><option>--address
155
<replaceable>ADDRESS</replaceable></option></term>
156
<term><option>-a
157
<replaceable>ADDRESS</replaceable></option></term>
180
<term><literal>-a</literal>, <literal>--address <replaceable>
181
ADDRESS</replaceable></literal></term>
158
182
<listitem>
159
183
<xi:include href="mandos-options.xml" xpointer="address"/>
160
184
</listitem>
161
185
</varlistentry>
162
186
163
187
<varlistentry>
164
<term><option>--port
165
<replaceable>PORT</replaceable></option></term>
166
<term><option>-p
167
<replaceable>PORT</replaceable></option></term>
188
<term><literal>-p</literal>, <literal>--port <replaceable>
189
PORT</replaceable></literal></term>
168
190
<listitem>
169
191
<xi:include href="mandos-options.xml" xpointer="port"/>
170
192
</listitem>
171
193
</varlistentry>
172
194
173
195
<varlistentry>
174
<term><option>--check</option></term>
196
<term><literal>--check</literal></term>
175
197
<listitem>
176
198
<para>
177
199
Run the server’s self-tests. This includes any unit
179
201
</para>
180
202
</listitem>
181
203
</varlistentry>
182
204
183
205
<varlistentry>
184
<term><option>--debug</option></term>
206
<term><literal>--debug</literal></term>
185
207
<listitem>
186
208
<xi:include href="mandos-options.xml" xpointer="debug"/>
187
209
</listitem>
188
210
</varlistentry>
189
211
190
212
<varlistentry>
191
<term><option>--priority <replaceable>
192
PRIORITY</replaceable></option></term>
213
<term><literal>--priority <replaceable>
214
PRIORITY</replaceable></literal></term>
193
215
<listitem>
194
216
<xi:include href="mandos-options.xml" xpointer="priority"/>
195
217
</listitem>
196
218
</varlistentry>
197
219
198
220
<varlistentry>
199
<term><option>--servicename
200
<replaceable>NAME</replaceable></option></term>
221
<term><literal>--servicename <replaceable>NAME</replaceable>
222
</literal></term>
201
223
<listitem>
202
224
<xi:include href="mandos-options.xml"
203
225
xpointer="servicename"/>
205
227
</varlistentry>
206
228
207
229
<varlistentry>
208
<term><option>--configdir
209
<replaceable>DIRECTORY</replaceable></option></term>
230
<term><literal>--configdir <replaceable>DIR</replaceable>
231
</literal></term>
210
232
<listitem>
211
233
<para>
212
234
Directory to search for configuration files. Default is
220
242
</varlistentry>
221
243
222
244
<varlistentry>
223
<term><option>--version</option></term>
245
<term><literal>--version</literal></term>
224
246
<listitem>
225
247
<para>
226
248
Prints the program version and exit.
236
258
<para>
237
259
This program is the server part. It is a normal server program
238
260
and will run in a normal system environment, not in an initial
239
<acronym>RAM</acronym> disk environment.
261
RAM disk environment.
240
262
</para>
241
263
</refsect1>
242
264
379
401
</listitem>
380
402
</varlistentry>
381
403
<varlistentry>
382
<term><filename>/var/run/mandos.pid</filename></term>
404
<term><filename>/var/run/mandos/mandos.pid</filename></term>
383
405
<listitem>
384
406
<para>
385
407
The file containing the process id of
434
456
Debug mode is conflated with running in the foreground.
435
457
</para>
436
458
<para>
437
The console log messages does not show a time stamp.
438
</para>
439
<para>
440
This server does not check the expire time of clients’ OpenPGP
441
keys.
459
The console log messages does not show a timestamp.
442
460
</para>
443
461
</refsect1>
444
462
487
505
<para>
488
506
Running this <command>&COMMANDNAME;</command> server program
489
507
should not in itself present any security risk to the host
490
computer running it. The program switches to a non-root user
491
soon after startup.
508
computer running it. The program does not need any special
509
privileges to run, and is designed to run as a non-root user.
492
510
</para>
493
511
</refsect2>
494
512
<refsect2 id="CLIENTS">
521
539
restarting servers if it is suspected that a client has, in
522
540
fact, been compromised by parties who may now be running a
523
541
fake Mandos client with the keys from the non-encrypted
524
initial <acronym>RAM</acronym> image of the client host. What
525
should be done in that case (if restarting the server program
526
really is necessary) is to stop the server program, edit the
542
initial RAM image of the client host. What should be done in
543
that case (if restarting the server program really is
544
necessary) is to stop the server program, edit the
527
545
configuration file to omit any suspect clients, and restart
528
546
the server program.
529
547
</para>
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0