/mandos/trunk : revision 24.1.77

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Björn Påhlsson
Date: 2008-08-31 16:04:03 UTC
mfrom: (131 mandos)
mto: (24.1.154 mandos) (237.4.3 mandos-release)
mto: This revision was merged to the branch mainline in revision 132.
Revision ID: belorn@braxen-20080831160403-pflpgf754pmqnvx4

merge

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.config

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.config

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/sv.po

debian/rules

default-mandos

init.d-mandos

mandos-list

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-12-28">

<!ENTITY % common SYSTEM "common.ent">

%common;

<!ENTITY TIMESTAMP "2008-08-31">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Gives encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<replaceable>DIRECTORY</replaceable></option></arg>

<sbr/>

<arg><option>--debug</option></arg>

<sbr/>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

103

100

<arg choice="plain"><option>--check</option></arg>

104

101

</cmdsynopsis>

105

102

</refsynopsisdiv>

106

103

107

104

108

105

<title>DESCRIPTION</title>

109

106

<para>

118

115

Any authenticated client is then given the stored pre-encrypted

119

116

password for that specific client.

120

117

</para>

118

121

119

</refsect1>

122

120

123

121

124

122

<title>PURPOSE</title>

123

125

124

<para>

126

125

The purpose of this is to enable <emphasis>remote and unattended

127

126

rebooting</emphasis> of client host computer with an

128

127

<emphasis>encrypted root file system</emphasis>. See <xref

129

128

linkend="overview"/> for details.

130

129

</para>

130

131

</refsect1>

132

133

134

<title>OPTIONS</title>

135

136

136

137

137

138

189

190

<xi:include href="mandos-options.xml" xpointer="debug"/>

190

191

</listitem>

191

192

</varlistentry>

192

193

194

194

195

<term><option>--priority <replaceable>

195

196

PRIORITY</replaceable></option></term>

197

198

<xi:include href="mandos-options.xml" xpointer="priority"/>

198

199

</listitem>

199

200

</varlistentry>

200

201

202

202

203

<term><option>--servicename

203

204

206

207

xpointer="servicename"/>

207

208

</listitem>

208

209

</varlistentry>

209

210

211

211

212

<term><option>--configdir

212

213

<replaceable>DIRECTORY</replaceable></option></term>

221

222

</para>

222

223

</listitem>

223

224

</varlistentry>

224

225

226

226

227

<term><option>--version</option></term>

227

228

230

231

</para>

231

232

</listitem>

232

233

</varlistentry>

233

234

235

236

237

<xi:include href="mandos-options.xml" xpointer="dbus"/>

238

<para>

239

See also <xref linkend="dbus"/>.

240

</listitem>

241

</varlistentry>

242

234

</variablelist>

243

235

</refsect1>

244

236

245

237

246

238

<title>OVERVIEW</title>

247

239

<xi:include href="overview.xml"/>

248

240

<para>

249

241

This program is the server part. It is a normal server program

250

242

and will run in a normal system environment, not in an initial

251

<acronym>RAM</acronym> disk environment.

243

RAM disk environment.

252

244

</para>

253

245

</refsect1>

254

246

255

247

256

248

<title>NETWORK PROTOCOL</title>

257

249

<para>

309

301

</row>

310

302

</tbody></tgroup></table>

311

303

</refsect1>

312

304

313

305

314

306

<title>CHECKING</title>

315

307

<para>

323

315

<manvolnum>5</manvolnum></citerefentry>.

324

316

</para>

325

317

</refsect1>

326

318

327

319

328

320

<title>LOGGING</title>

329

321

<para>

333

325

and also show them on the console.

334

326

</para>

335

327

</refsect1>

336

337

338

<title>D-BUS INTERFACE</title>

339

<para>

340

The server will by default provide a D-Bus system bus interface.

341

This interface will only be accessible by the root user or a

342

Mandos-specific user, if such a user exists.

343

344

</para>

345

</refsect1>

346

328

347

329

348

330

<title>EXIT STATUS</title>

351

333

critical error is encountered.

352

334

</para>

353

335

</refsect1>

354

336

355

337

356

338

<title>ENVIRONMENT</title>

357

339

371

353

</varlistentry>

372

354

</variablelist>

373

355

</refsect1>

374

375

356

357

376

358

<title>FILES</title>

377

359

<para>

378

360

Use the <option>--configdir</option> option to change where

401

383

</listitem>

402

384

</varlistentry>

403

385

404

<term><filename>/var/run/mandos.pid</filename></term>

386

<term><filename>/var/run/mandos/mandos.pid</filename></term>

405

387

406

388

<para>

407

389

The file containing the process id of

442

424

Currently, if a client is declared <quote>invalid</quote> due to

443

425

having timed out, the server does not record this fact onto

444

426

permanent storage. This has some security implications, see

445

<xref linkend="clients"/>.

427

<xref linkend="CLIENTS"/>.

446

428

</para>

447

429

<para>

448

430

There is currently no way of querying the server of the current

456

438

Debug mode is conflated with running in the foreground.

457

439

</para>

458

440

<para>

459

The console log messages does not show a time stamp.

460

</para>

461

<para>

462

This server does not check the expire time of clients’ OpenPGP

463

keys.

441

The console log messages does not show a timestamp.

464

442

</para>

465

443

</refsect1>

466

444

501

479

</para>

502

480

</informalexample>

503

481

</refsect1>

504

482

505

483

506

484

<title>SECURITY</title>

507

485

508

486

<title>SERVER</title>

509

487

<para>

510

488

Running this <command>&COMMANDNAME;</command> server program

511

489

should not in itself present any security risk to the host

512

computer running it. The program switches to a non-root user

513

soon after startup.

490

computer running it. The program does not need any special

491

privileges to run, and is designed to run as a non-root user.

514

492

</para>

515

493

</refsect2>

516

494

517

495

<title>CLIENTS</title>

518

496

<para>

519

497

The server only gives out its stored data to clients which

526

504

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

527

505

<manvolnum>5</manvolnum></citerefentry>)

528

506

<emphasis>must</emphasis> be made non-readable by anyone

529

except the user starting the server (usually root).

507

except the user running the server.

530

508

</para>

531

509

<para>

532

510

As detailed in <xref linkend="checking"/>, the status of all

543

521

restarting servers if it is suspected that a client has, in

544

522

fact, been compromised by parties who may now be running a

545

523

fake Mandos client with the keys from the non-encrypted

546

initial <acronym>RAM</acronym> image of the client host. What

547

should be done in that case (if restarting the server program

548

really is necessary) is to stop the server program, edit the

524

initial RAM image of the client host. What should be done in

525

that case (if restarting the server program really is

526

necessary) is to stop the server program, edit the

549

527

configuration file to omit any suspect clients, and restart

550

528

the server program.

551

529

</para>

552

530

<para>

553

531

For more details on client-side security, see

554

<citerefentry><refentrytitle>mandos-client</refentrytitle>

532

<citerefentry><refentrytitle>password-request</refentrytitle>

555

533

<manvolnum>8mandos</manvolnum></citerefentry>.

556

534

</para>

557

535

</refsect2>

558

536

</refsect1>

559

537

560

538

561

539

562

540

<para>

565

543

566

544

<refentrytitle>mandos.conf</refentrytitle>

567

545

568

<refentrytitle>mandos-client</refentrytitle>

546

<refentrytitle>password-request</refentrytitle>

569

547

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

570

548

571

549

</citerefentry>

Older »