/mandos/trunk : revision 24.1.77

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Björn Påhlsson
Date: 2008-08-31 16:04:03 UTC
mfrom: (131 mandos)
mto: (24.1.154 mandos) (237.4.3 mandos-release)
mto: This revision was merged to the branch mainline in revision 132.
Revision ID: belorn@braxen-20080831160403-pflpgf754pmqnvx4

merge

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2009-02-24">

<!ENTITY % common SYSTEM "common.ent">

%common;

<!ENTITY TIMESTAMP "2008-08-31">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<replaceable>DIRECTORY</replaceable></option></arg>

<sbr/>

<arg><option>--debug</option></arg>

<sbr/>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

104

100

<arg choice="plain"><option>--check</option></arg>

105

101

</cmdsynopsis>

106

102

</refsynopsisdiv>

107

103

108

104

109

105

<title>DESCRIPTION</title>

110

106

<para>

119

115

Any authenticated client is then given the stored pre-encrypted

120

116

password for that specific client.

121

117

</para>

118

122

119

</refsect1>

123

120

124

121

125

122

<title>PURPOSE</title>

123

126

124

<para>

127

125

The purpose of this is to enable <emphasis>remote and unattended

128

126

rebooting</emphasis> of client host computer with an

129

127

<emphasis>encrypted root file system</emphasis>. See <xref

130

128

linkend="overview"/> for details.

131

129

</para>

130

132

131

</refsect1>

133

132

134

133

135

134

<title>OPTIONS</title>

135

136

137

138

190

<xi:include href="mandos-options.xml" xpointer="debug"/>

191

</listitem>

192

</varlistentry>

193

194

195

<term><option>--priority <replaceable>

196

PRIORITY</replaceable></option></term>

198

<xi:include href="mandos-options.xml" xpointer="priority"/>

199

</listitem>

200

</varlistentry>

201

202

203

<term><option>--servicename

204

207

xpointer="servicename"/>

208

</listitem>

209

</varlistentry>

210

211

212

<term><option>--configdir

213

<replaceable>DIRECTORY</replaceable></option></term>

222

</para>

223

</listitem>

224

</varlistentry>

225

226

227

<term><option>--version</option></term>

228

231

</para>

232

</listitem>

233

</varlistentry>

234

235

236

237

238

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

239

</listitem>

240

</varlistentry>

241

234

</variablelist>

242

235

</refsect1>

243

236

244

237

245

238

<title>OVERVIEW</title>

246

239

<xi:include href="overview.xml"/>

247

240

<para>

248

241

This program is the server part. It is a normal server program

249

242

and will run in a normal system environment, not in an initial

250

<acronym>RAM</acronym> disk environment.

243

RAM disk environment.

251

244

</para>

252

245

</refsect1>

253

246

254

247

255

248

<title>NETWORK PROTOCOL</title>

256

249

<para>

308

301

</row>

309

302

</tbody></tgroup></table>

310

303

</refsect1>

311

304

312

305

313

306

<title>CHECKING</title>

314

307

<para>

322

315

<manvolnum>5</manvolnum></citerefentry>.

323

316

</para>

324

317

</refsect1>

325

318

326

319

327

320

<title>LOGGING</title>

328

321

<para>

332

325

and also show them on the console.

333

326

</para>

334

327

</refsect1>

335

328

336

329

337

330

<title>EXIT STATUS</title>

338

331

<para>

340

333

critical error is encountered.

341

334

</para>

342

335

</refsect1>

343

336

344

337

345

338

<title>ENVIRONMENT</title>

346

339

360

353

</varlistentry>

361

354

</variablelist>

362

355

</refsect1>

363

364

356

357

365

358

<title>FILES</title>

366

359

<para>

367

360

Use the <option>--configdir</option> option to change where

390

383

</listitem>

391

384

</varlistentry>

392

385

393

<term><filename>/var/run/mandos.pid</filename></term>

386

<term><filename>/var/run/mandos/mandos.pid</filename></term>

394

387

395

388

<para>

396

389

The file containing the process id of

431

424

Currently, if a client is declared <quote>invalid</quote> due to

432

425

having timed out, the server does not record this fact onto

433

426

permanent storage. This has some security implications, see

434

<xref linkend="clients"/>.

427

<xref linkend="CLIENTS"/>.

435

428

</para>

436

429

<para>

437

430

There is currently no way of querying the server of the current

445

438

Debug mode is conflated with running in the foreground.

446

439

</para>

447

440

<para>

448

The console log messages do not show a time stamp.

449

</para>

450

<para>

451

This server does not check the expire time of clients’ OpenPGP

452

keys.

441

The console log messages does not show a timestamp.

453

442

</para>

454

443

</refsect1>

455

444

490

479

</para>

491

480

</informalexample>

492

481

</refsect1>

493

482

494

483

495

484

<title>SECURITY</title>

496

485

497

486

<title>SERVER</title>

498

487

<para>

499

488

Running this <command>&COMMANDNAME;</command> server program

500

489

should not in itself present any security risk to the host

501

computer running it. The program switches to a non-root user

502

soon after startup.

490

computer running it. The program does not need any special

491

privileges to run, and is designed to run as a non-root user.

503

492

</para>

504

493

</refsect2>

505

494

506

495

<title>CLIENTS</title>

507

496

<para>

508

497

The server only gives out its stored data to clients which

515

504

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

516

505

<manvolnum>5</manvolnum></citerefentry>)

517

506

<emphasis>must</emphasis> be made non-readable by anyone

518

except the user starting the server (usually root).

507

except the user running the server.

519

508

</para>

520

509

<para>

521

510

As detailed in <xref linkend="checking"/>, the status of all

532

521

restarting servers if it is suspected that a client has, in

533

522

fact, been compromised by parties who may now be running a

534

523

fake Mandos client with the keys from the non-encrypted

535

initial <acronym>RAM</acronym> image of the client host. What

536

should be done in that case (if restarting the server program

537

really is necessary) is to stop the server program, edit the

524

initial RAM image of the client host. What should be done in

525

that case (if restarting the server program really is

526

necessary) is to stop the server program, edit the

538

527

configuration file to omit any suspect clients, and restart

539

528

the server program.

540

529

</para>

541

530

<para>

542

531

For more details on client-side security, see

543

<citerefentry><refentrytitle>mandos-client</refentrytitle>

532

<citerefentry><refentrytitle>password-request</refentrytitle>

544

533

<manvolnum>8mandos</manvolnum></citerefentry>.

545

534

</para>

546

535

</refsect2>

547

536

</refsect1>

548

537

549

538

550

539

551

540

<para>

554

543

555

544

<refentrytitle>mandos.conf</refentrytitle>

556

545

557

<refentrytitle>mandos-client</refentrytitle>

546

<refentrytitle>password-request</refentrytitle>

558

547

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

559

548

560

549

</citerefentry>

Older »