/mandos/trunk : revision 244

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

Committer: Teddy Hogeborn
Date: 2009-01-04 21:20:50 UTC
Revision ID: teddy@fukt.bsnet.se-20090104212050-cl2px2i2oz7wlxw1

* debian/control (Build-Depends): Bug fix: Added "docbook-xml".

* mandos (main): Keep running even if no clients are defined.

* mandos.xml (OPTIONS): Bug fix: Close unclosed <para> tag.
(D-BUS INTERFACE): Changed id to "dbus_interface". All references
changed.

files added:
debian/mandos-client.config

debian/mandos-client.templates

debian/mandos.config

debian/mandos.templates

debian/po/POTFILES.in

debian/po/sv.po

files removed:
DBUS-API

dbus-mandos.conf

debian/source

debian/source/format

debian/source/local-options

debian/watch

intro.xml

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugins.d/plymouth.c

plugins.d/plymouth.xml

files renamed:
mandos-ctl => mandos-list

files modified:
.bzrignore

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.postinst

debian/mandos.prerm

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-ctl.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-ctl">

<!ENTITY TIMESTAMP "2012-01-01">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

</refmeta>

<refname><command>&COMMANDNAME;</command></refname>

Control the operation of the Mandos server

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--enable</option></arg>

<sbr/>

<arg choice="plain"><option>--disable</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--bump-timeout</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--start-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--stop-checker</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--remove</option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--checker

<replaceable>COMMAND</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>COMMAND</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--timeout

<arg choice="plain"><option>-t

</group>

<sbr/>

<group>

<arg choice="plain"><option>--extended-timeout

100

101

</group>

102

<sbr/>

103

<group>

104

<arg choice="plain"><option>--interval

105

106

<arg choice="plain"><option>-i

107

108

</group>

109

<sbr/>

110

<group>

111

<arg choice="plain"><option>--approve-by-default</option

112

></arg>

113

<sbr/>

114

<arg choice="plain"><option>--deny-by-default</option></arg>

115

</group>

116

<sbr/>

117

<group>

118

<arg choice="plain"><option>--approval-delay

119

120

</group>

121

<sbr/>

122

<group>

123

<arg choice="plain"><option>--approval-duration

124

125

</group>

126

<sbr/>

127

<group>

128

<arg choice="plain"><option>--interval

129

130

<arg choice="plain"><option>-i

131

132

</group>

133

<sbr/>

134

<group>

135

<arg choice="plain"><option>--host

136

<replaceable>STRING</replaceable></option></arg>

137

<arg choice="plain"><option>-H

138

<replaceable>STRING</replaceable></option></arg>

139

</group>

140

<sbr/>

141

<group>

142

<arg choice="plain"><option>--secret

143

<replaceable>FILENAME</replaceable></option></arg>

144

<arg choice="plain"><option>-s

145

<replaceable>FILENAME</replaceable></option></arg>

146

</group>

147

<sbr/>

148

<group>

149

<arg choice="plain"><option>--approve</option></arg>

150

151

<sbr/>

152

153

154

</group>

155

<sbr/>

156

157

158

159

160

<replaceable>CLIENT</replaceable>

161

</arg>

162

</group>

163

</cmdsynopsis>

164

165

<command>&COMMANDNAME;</command>

166

<group>

167

<arg choice="plain"><option>--verbose</option></arg>

168

169

</group>

170

<group>

171

172

<replaceable>CLIENT</replaceable>

173

</arg>

174

</group>

175

</cmdsynopsis>

176

177

<command>&COMMANDNAME;</command>

178

179

<arg choice="plain"><option>--is-enabled</option></arg>

180

181

</group>

182

<arg choice='plain'><replaceable>CLIENT</replaceable></arg>

183

</cmdsynopsis>

184

185

<command>&COMMANDNAME;</command>

186

187

188

189

</group>

190

</cmdsynopsis>

191

192

<command>&COMMANDNAME;</command>

193

194

<arg choice="plain"><option>--version</option></arg>

195

196

</group>

197

</cmdsynopsis>

198

</refsynopsisdiv>

199

200

201

<title>DESCRIPTION</title>

202

<para>

203

<command>&COMMANDNAME;</command> is a program to control the

204

operation of the Mandos server <citerefentry><refentrytitle

205

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

206

</para>

207

<para>

208

This program can be used to change client settings, approve or

209

deny client requests, and to remove clients from the server.

210

</para>

211

</refsect1>

212

213

214

<title>PURPOSE</title>

215

<para>

216

The purpose of this is to enable <emphasis>remote and unattended

217

rebooting</emphasis> of client host computer with an

218

<emphasis>encrypted root file system</emphasis>. See <xref

219

linkend="overview"/> for details.

220

</para>

221

</refsect1>

222

223

224

<title>OPTIONS</title>

225

226

227

228

229

230

231

<para>

232

Show a help message and exit

233

</para>

234

</listitem>

235

</varlistentry>

236

237

238

<term><option>--enable</option></term>

239

240

241

<para>

242

Enable client(s). An enabled client will be eligble to

243

receive its secret.

244

</para>

245

</listitem>

246

</varlistentry>

247

248

249

<term><option>--disable</option></term>

250

251

252

<para>

253

Disable client(s). A disabled client will not be eligble

254

to receive its secret, and no checkers will be started for

255

it.

256

</para>

257

</listitem>

258

</varlistentry>

259

260

261

<term><option>--bump-timeout</option></term>

262

263

<para>

264

Bump the timeout of the specified client(s), just as if a

265

checker had completed successfully for it/them.

266

</para>

267

</listitem>

268

</varlistentry>

269

270

271

<term><option>--start-checker</option></term>

272

273

<para>

274

Start a new checker now for the specified client(s).

275

</para>

276

</listitem>

277

</varlistentry>

278

279

280

<term><option>--stop-checker</option></term>

281

282

<para>

283

Stop any running checker for the specified client(s).

284

</para>

285

</listitem>

286

</varlistentry>

287

288

289

<term><option>--remove</option></term>

290

291

292

<para>

293

Remove the specified client(s) from the server.

294

</para>

295

</listitem>

296

</varlistentry>

297

298

299

<term><option>--checker

300

<replaceable>COMMAND</replaceable></option></term>

301

<term><option>-c

302

<replaceable>COMMAND</replaceable></option></term>

303

304

<para>

305

Set the <varname>checker</varname> option of the specified

306

client(s); see <citerefentry><refentrytitle

307

>mandos-clients.conf</refentrytitle><manvolnum

308

>5</manvolnum></citerefentry>.

309

</para>

310

</listitem>

311

</varlistentry>

312

313

314

<term><option>--timeout

315

316

<term><option>-t

317

318

319

<para>

320

Set the <varname>timeout</varname> option of the specified

321

client(s); see <citerefentry><refentrytitle

322

>mandos-clients.conf</refentrytitle><manvolnum

323

>5</manvolnum></citerefentry>.

324

</para>

325

</listitem>

326

</varlistentry>

327

328

329

<term><option>--extended-timeout

330

331

332

<para>

333

Set the <varname>extended_timeout</varname> option of the

334

specified client(s); see <citerefentry><refentrytitle

335

>mandos-clients.conf</refentrytitle><manvolnum

336

>5</manvolnum></citerefentry>.

337

</para>

338

</listitem>

339

</varlistentry>

340

341

342

<term><option>--interval

343

344

<term><option>-i

345

346

347

<para>

348

Set the <varname>interval</varname> option of the

349

specified client(s); see <citerefentry><refentrytitle

350

>mandos-clients.conf</refentrytitle><manvolnum

351

>5</manvolnum></citerefentry>.

352

</para>

353

</listitem>

354

</varlistentry>

355

356

357

<term><option>--approve-by-default</option></term>

358

<term><option>--deny-by-default</option></term>

359

360

<para>

361

Set the <varname>approved_by_default</varname> option of

362

the specified client(s) to <literal>True</literal> or

363

<literal>False</literal>, respectively; see

364

<citerefentry><refentrytitle

365

>mandos-clients.conf</refentrytitle><manvolnum

366

>5</manvolnum></citerefentry>.

367

</para>

368

</listitem>

369

</varlistentry>

370

371

372

<term><option>--approval-delay

373

374

375

<para>

376

Set the <varname>approval_delay</varname> option of the

377

specified client(s); see <citerefentry><refentrytitle

378

>mandos-clients.conf</refentrytitle><manvolnum

379

>5</manvolnum></citerefentry>.

380

</para>

381

</listitem>

382

</varlistentry>

383

384

385

<term><option>--approval-duration

386

387

388

<para>

389

Set the <varname>approval_duration</varname> option of the

390

specified client(s); see <citerefentry><refentrytitle

391

>mandos-clients.conf</refentrytitle><manvolnum

392

>5</manvolnum></citerefentry>.

393

</para>

394

</listitem>

395

</varlistentry>

396

397

398

<term><option>--host

399

<replaceable>STRING</replaceable></option></term>

400

<term><option>-H

401

<replaceable>STRING</replaceable></option></term>

402

403

<para>

404

Set the <varname>host</varname> option of the specified

405

client(s); see <citerefentry><refentrytitle

406

>mandos-clients.conf</refentrytitle><manvolnum

407

>5</manvolnum></citerefentry>.

408

</para>

409

</listitem>

410

</varlistentry>

411

412

413

<term><option>--secret

414

<replaceable>FILENAME</replaceable></option></term>

415

<term><option>-s

416

<replaceable>FILENAME</replaceable></option></term>

417

418

<para>

419

Set the <varname>secfile</varname> option of the specified

420

client(s); see <citerefentry><refentrytitle

421

>mandos-clients.conf</refentrytitle><manvolnum

422

>5</manvolnum></citerefentry>.

423

</para>

424

</listitem>

425

</varlistentry>

426

427

428

<term><option>--approve</option></term>

429

430

431

<para>

432

Approve client(s) if currently waiting for approval.

433

</para>

434

</listitem>

435

</varlistentry>

436

437

438

439

440

441

<para>

442

Deny client(s) if currently waiting for approval.

443

</para>

444

</listitem>

445

</varlistentry>

446

447

448

449

450

451

<para>

452

Make the client-modifying options modify <emphasis

453

>all</emphasis> clients.

454

</para>

455

</listitem>

456

</varlistentry>

457

458

459

<term><option>--verbose</option></term>

460

461

462

<para>

463

Show all client settings, not just a subset.

464

</para>

465

</listitem>

466

</varlistentry>

467

468

469

<term><option>--is-enabled</option></term>

470

471

472

<para>

473

Check if a single client is enabled or not, and exit with

474

a successful exit status only if the client is enabled.

475

</para>

476

</listitem>

477

</varlistentry>

478

479

</variablelist>

480

</refsect1>

481

482

483

<title>OVERVIEW</title>

484

<xi:include href="overview.xml"/>

485

<para>

486

This program is a small utility to generate new OpenPGP keys for

487

new Mandos clients, and to generate sections for inclusion in

488

<filename>clients.conf</filename> on the server.

489

</para>

490

</refsect1>

491

492

493

<title>EXIT STATUS</title>

494

<para>

495

If the <option>--is-enabled</option> option is used, the exit

496

status will be 0 only if the specified client is enabled.

497

</para>

498

</refsect1>

499

500

501

502

503

504

505

506

507

<title>EXAMPLE</title>

508

509

<para>

510

To list all clients:

511

</para>

512

<para>

513

<userinput>&COMMANDNAME;</userinput>

514

</para>

515

</informalexample>

516

517

518

<para>

519

To list <emphasis>all</emphasis> settings for the clients

520

named <quote>foo1.example.org</quote> and <quote

521

>foo2.example.org</quote>:

522

</para>

523

<para>

524

525

526

<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>

527

528

</para>

529

</informalexample>

530

531

532

<para>

533

To enable all clients:

534

</para>

535

<para>

536

<userinput>&COMMANDNAME; --enable --all</userinput>

537

</para>

538

</informalexample>

539

540

541

<para>

542

To change timeout and interval value for the clients

543

named <quote>foo1.example.org</quote> and <quote

544

>foo2.example.org</quote>:

545

</para>

546

<para>

547

548

549

<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>

550

551

</para>

552

</informalexample>

553

554

555

<para>

556

To approve all clients currently waiting for it:

557

</para>

558

<para>

559

<userinput>&COMMANDNAME; --approve --all</userinput>

560

</para>

561

</informalexample>

562

</refsect1>

563

564

565

<title>SECURITY</title>

566

<para>

567

This program must be permitted to access the Mandos server via

568

the D-Bus interface. This normally requires the root user, but

569

could be configured otherwise by reconfiguring the D-Bus server.

570

</para>

571

</refsect1>

572

573

574

575

<para>

576

<citerefentry><refentrytitle>intro</refentrytitle>

577

<manvolnum>8mandos</manvolnum></citerefentry>,

578

<citerefentry><refentrytitle>mandos</refentrytitle>

579

<manvolnum>8</manvolnum></citerefentry>,

580

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

581

<manvolnum>5</manvolnum></citerefentry>,

582

<citerefentry><refentrytitle>mandos-monitor</refentrytitle>

583

584

</para>

585

</refsect1>

586

587

</refentry>

588

589

590

591

592

Older »