To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos.xml
- browse files at revision 444
- compare with another revision
- download diff
- download tarball
- view history from revision 444
- Committer: Teddy Hogeborn
- Date: 2010-09-26 18:32:58 UTC
- Revision ID: teddy@fukt.bsnet.se-20100926183258-n31ux2r8d06m1hi1
Update copyright year to "2010" wherever appropriate.
* DBUS-API: Added copyright and license statement.
* README: Mention new "plymouth" plugin.
* debian/control: Depend on python-2.6 or python-multiprocessing.
* debian/mandos-client.README.Debian: Update info about DEVICE setting
of initramfs.conf.
* mandos-ctl: Added copyright and license statement.
* mandos-monitor: - '' -
* plugins.d/plymouth.c: - '' -
* DBUS-API: Added copyright and license statement.
* README: Mention new "plymouth" plugin.
* debian/control: Depend on python-2.6 or python-multiprocessing.
* debian/mandos-client.README.Debian: Update info about DEVICE setting
of initramfs.conf.
* mandos-ctl: Added copyright and license statement.
* mandos-monitor: - '' -
* plugins.d/plymouth.c: - '' -
- files removed:
- debian/mandos-client.examples
- debian/source
- debian/upstream
- network-hooks.d
- files modified:
- .bzrignore
added
removed
mandos.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
<!ENTITY TIMESTAMP "2015-01-25">
5
<!ENTITY TIMESTAMP "2010-09-26">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
<firstname>Björn</firstname>
20
20
<surname>Påhlsson</surname>
21
21
<address>
22
<email>belorn@recompile.se</email>
22
<email>belorn@fukt.bsnet.se</email>
23
23
</address>
24
24
</author>
25
25
<author>
26
26
<firstname>Teddy</firstname>
27
27
<surname>Hogeborn</surname>
28
28
<address>
29
<email>teddy@recompile.se</email>
29
<email>teddy@fukt.bsnet.se</email>
30
30
</address>
31
31
</author>
32
32
</authorgroup>
34
34
<year>2008</year>
35
35
<year>2009</year>
36
36
<year>2010</year>
37
<year>2011</year>
38
<year>2012</year>
39
<year>2013</year>
40
37
<holder>Teddy Hogeborn</holder>
41
38
<holder>Björn Påhlsson</holder>
42
39
</copyright>
90
87
<sbr/>
91
88
<arg><option>--debug</option></arg>
92
89
<sbr/>
93
<arg><option>--debuglevel
94
<replaceable>LEVEL</replaceable></option></arg>
95
<sbr/>
96
90
<arg><option>--no-dbus</option></arg>
97
91
<sbr/>
98
92
<arg><option>--no-ipv6</option></arg>
99
<sbr/>
100
<arg><option>--no-restore</option></arg>
101
<sbr/>
102
<arg><option>--statedir
103
<replaceable>DIRECTORY</replaceable></option></arg>
104
<sbr/>
105
<arg><option>--socket
106
<replaceable>FD</replaceable></option></arg>
107
<sbr/>
108
<arg><option>--foreground</option></arg>
109
<sbr/>
110
<arg><option>--no-zeroconf</option></arg>
111
93
</cmdsynopsis>
112
94
<cmdsynopsis>
113
95
<command>&COMMANDNAME;</command>
131
113
<para>
132
114
<command>&COMMANDNAME;</command> is a server daemon which
133
115
handles incoming request for passwords for a pre-defined list of
134
client host computers. For an introduction, see
135
<citerefentry><refentrytitle>intro</refentrytitle>
136
<manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server
137
uses Zeroconf to announce itself on the local network, and uses
138
TLS to communicate securely with and to authenticate the
139
clients. The Mandos server uses IPv6 to allow Mandos clients to
140
use IPv6 link-local addresses, since the clients will probably
141
not have any other addresses configured (see <xref
142
linkend="overview"/>). Any authenticated client is then given
143
the stored pre-encrypted password for that specific client.
116
client host computers. The Mandos server uses Zeroconf to
117
announce itself on the local network, and uses TLS to
118
communicate securely with and to authenticate the clients. The
119
Mandos server uses IPv6 to allow Mandos clients to use IPv6
120
link-local addresses, since the clients will probably not have
121
any other addresses configured (see <xref linkend="overview"/>).
122
Any authenticated client is then given the stored pre-encrypted
123
password for that specific client.
144
124
</para>
145
125
</refsect1>
146
126
215
195
</varlistentry>
216
196
217
197
<varlistentry>
218
<term><option>--debuglevel
219
<replaceable>LEVEL</replaceable></option></term>
220
<listitem>
221
<para>
222
Set the debugging log level.
223
<replaceable>LEVEL</replaceable> is a string, one of
224
<quote><literal>CRITICAL</literal></quote>,
225
<quote><literal>ERROR</literal></quote>,
226
<quote><literal>WARNING</literal></quote>,
227
<quote><literal>INFO</literal></quote>, or
228
<quote><literal>DEBUG</literal></quote>, in order of
229
increasing verbosity. The default level is
230
<quote><literal>WARNING</literal></quote>.
231
</para>
232
</listitem>
233
</varlistentry>
234
235
<varlistentry>
236
198
<term><option>--priority <replaceable>
237
199
PRIORITY</replaceable></option></term>
238
200
<listitem>
239
<xi:include href="mandos-options.xml"
240
xpointer="priority_compat"/>
201
<xi:include href="mandos-options.xml" xpointer="priority"/>
241
202
</listitem>
242
203
</varlistentry>
243
204
290
251
<xi:include href="mandos-options.xml" xpointer="ipv6"/>
291
252
</listitem>
292
253
</varlistentry>
293
294
<varlistentry>
295
<term><option>--no-restore</option></term>
296
<listitem>
297
<xi:include href="mandos-options.xml" xpointer="restore"/>
298
<para>
299
See also <xref linkend="persistent_state"/>.
300
</para>
301
</listitem>
302
</varlistentry>
303
304
<varlistentry>
305
<term><option>--statedir
306
<replaceable>DIRECTORY</replaceable></option></term>
307
<listitem>
308
<xi:include href="mandos-options.xml" xpointer="statedir"/>
309
</listitem>
310
</varlistentry>
311
312
<varlistentry>
313
<term><option>--socket
314
<replaceable>FD</replaceable></option></term>
315
<listitem>
316
<xi:include href="mandos-options.xml" xpointer="socket"/>
317
</listitem>
318
</varlistentry>
319
320
<varlistentry>
321
<term><option>--foreground</option></term>
322
<listitem>
323
<xi:include href="mandos-options.xml"
324
xpointer="foreground"/>
325
</listitem>
326
</varlistentry>
327
328
<varlistentry>
329
<term><option>--no-zeroconf</option></term>
330
<listitem>
331
<xi:include href="mandos-options.xml" xpointer="zeroconf"/>
332
</listitem>
333
</varlistentry>
334
335
254
</variablelist>
336
255
</refsect1>
337
256
411
330
for some time, the client is assumed to be compromised and is no
412
331
longer eligible to receive the encrypted password. (Manual
413
332
intervention is required to re-enable a client.) The timeout,
414
extended timeout, checker program, and interval between checks
415
can be configured both globally and per client; see
416
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
417
<manvolnum>5</manvolnum></citerefentry>.
333
checker program, and interval between checks can be configured
334
both globally and per client; see <citerefentry>
335
<refentrytitle>mandos-clients.conf</refentrytitle>
336
<manvolnum>5</manvolnum></citerefentry>. A client successfully
337
receiving its password will also be treated as a successful
338
checker run.
418
339
</para>
419
340
</refsect1>
420
341
442
363
<title>LOGGING</title>
443
364
<para>
444
365
The server will send log message with various severity levels to
445
<filename class="devicefile">/dev/log</filename>. With the
366
<filename>/dev/log</filename>. With the
446
367
<option>--debug</option> option, it will log even more messages,
447
368
and also show them on the console.
448
369
</para>
449
370
</refsect1>
450
371
451
<refsect1 id="persistent_state">
452
<title>PERSISTENT STATE</title>
453
<para>
454
Client settings, initially read from
455
<filename>clients.conf</filename>, are persistent across
456
restarts, and run-time changes will override settings in
457
<filename>clients.conf</filename>. However, if a setting is
458
<emphasis>changed</emphasis> (or a client added, or removed) in
459
<filename>clients.conf</filename>, this will take precedence.
460
</para>
461
</refsect1>
462
463
372
<refsect1 id="dbus_interface">
464
373
<title>D-BUS INTERFACE</title>
465
374
<para>
527
436
</listitem>
528
437
</varlistentry>
529
438
<varlistentry>
530
<term><filename>/run/mandos.pid</filename></term>
439
<term><filename>/var/run/mandos.pid</filename></term>
531
440
<listitem>
532
441
<para>
533
442
The file containing the process id of the
534
443
<command>&COMMANDNAME;</command> process started last.
535
<emphasis >Note:</emphasis> If the <filename
536
class="directory">/run</filename> directory does not
537
exist, <filename>/var/run/mandos.pid</filename> will be
538
used instead.
539
</para>
540
</listitem>
541
</varlistentry>
542
<varlistentry>
543
<term><filename class="devicefile">/dev/log</filename></term>
544
</varlistentry>
545
<varlistentry>
546
<term><filename
547
class="directory">/var/lib/mandos</filename></term>
548
<listitem>
549
<para>
550
Directory where persistent state will be saved. Change
551
this with the <option>--statedir</option> option. See
552
also the <option>--no-restore</option> option.
553
444
</para>
554
445
</listitem>
555
446
</varlistentry>
583
474
backtrace. This could be considered a feature.
584
475
</para>
585
476
<para>
477
Currently, if a client is disabled due to having timed out, the
478
server does not record this fact onto permanent storage. This
479
has some security implications, see <xref linkend="clients"/>.
480
</para>
481
<para>
586
482
There is no fine-grained control over logging and debug output.
587
483
</para>
588
484
<para>
485
Debug mode is conflated with running in the foreground.
486
</para>
487
<para>
488
The console log messages do not show a time stamp.
489
</para>
490
<para>
589
491
This server does not check the expire time of clients’ OpenPGP
590
492
keys.
591
493
</para>
604
506
<informalexample>
605
507
<para>
606
508
Run the server in debug mode, read configuration files from
607
the <filename class="directory">~/mandos</filename> directory,
608
and use the Zeroconf service name <quote>Test</quote> to not
609
collide with any other official Mandos server on this host:
509
the <filename>~/mandos</filename> directory, and use the
510
Zeroconf service name <quote>Test</quote> to not collide with
511
any other official Mandos server on this host:
610
512
</para>
611
513
<para>
612
514
661
563
compromised if they are gone for too long.
662
564
</para>
663
565
<para>
566
If a client is compromised, its downtime should be duly noted
567
by the server which would therefore disable the client. But
568
if the server was ever restarted, it would re-read its client
569
list from its configuration file and again regard all clients
570
therein as enabled, and hence eligible to receive their
571
passwords. Therefore, be careful when restarting servers if
572
it is suspected that a client has, in fact, been compromised
573
by parties who may now be running a fake Mandos client with
574
the keys from the non-encrypted initial <acronym>RAM</acronym>
575
image of the client host. What should be done in that case
576
(if restarting the server program really is necessary) is to
577
stop the server program, edit the configuration file to omit
578
any suspect clients, and restart the server program.
579
</para>
580
<para>
664
581
For more details on client-side security, see
665
582
<citerefentry><refentrytitle>mandos-client</refentrytitle>
666
583
<manvolnum>8mandos</manvolnum></citerefentry>.
671
588
<refsect1 id="see_also">
672
589
<title>SEE ALSO</title>
673
590
<para>
674
<citerefentry><refentrytitle>intro</refentrytitle>
675
<manvolnum>8mandos</manvolnum></citerefentry>,
676
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
677
<manvolnum>5</manvolnum></citerefentry>,
678
<citerefentry><refentrytitle>mandos.conf</refentrytitle>
679
<manvolnum>5</manvolnum></citerefentry>,
680
<citerefentry><refentrytitle>mandos-client</refentrytitle>
681
<manvolnum>8mandos</manvolnum></citerefentry>,
682
<citerefentry><refentrytitle>sh</refentrytitle>
683
<manvolnum>1</manvolnum></citerefentry>
591
<citerefentry>
592
<refentrytitle>mandos-clients.conf</refentrytitle>
593
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
594
<refentrytitle>mandos.conf</refentrytitle>
595
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
596
<refentrytitle>mandos-client</refentrytitle>
597
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
598
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
599
</citerefentry>
684
600
</para>
685
601
<variablelist>
686
602
<varlistentry>
707
623
</varlistentry>
708
624
<varlistentry>
709
625
<term>
710
<ulink url="http://gnutls.org/">GnuTLS</ulink>
626
<ulink url="http://www.gnu.org/software/gnutls/"
627
>GnuTLS</ulink>
711
628
</term>
712
629
<listitem>
713
630
<para>
751
668
</varlistentry>
752
669
<varlistentry>
753
670
<term>
754
RFC 5246: <citetitle>The Transport Layer Security (TLS)
755
Protocol Version 1.2</citetitle>
671
RFC 4346: <citetitle>The Transport Layer Security (TLS)
672
Protocol Version 1.1</citetitle>
756
673
</term>
757
674
<listitem>
758
675
<para>
759
TLS 1.2 is the protocol implemented by GnuTLS.
676
TLS 1.1 is the protocol implemented by GnuTLS.
760
677
</para>
761
678
</listitem>
762
679
</varlistentry>
772
689
</varlistentry>
773
690
<varlistentry>
774
691
<term>
775
RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
776
Security (TLS) Authentication</citetitle>
692
RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
693
Security</citetitle>
777
694
</term>
778
695
<listitem>
779
696
<para>
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0