/mandos/trunk : revision 444

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2010-09-26 18:32:58 UTC
Revision ID: teddy@fukt.bsnet.se-20100926183258-n31ux2r8d06m1hi1

Update copyright year to "2010" wherever appropriate.

* DBUS-API: Added copyright and license statement.
* README: Mention new "plymouth" plugin.
* debian/control: Depend on python-2.6 or python-multiprocessing.
* debian/mandos-client.README.Debian: Update info about DEVICE setting
of initramfs.conf.
* mandos-ctl: Added copyright and license statement.
* mandos-monitor: - '' -
* plugins.d/plymouth.c: - '' -

files removed:
debian/mandos-client.examples

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-unpack

intro.xml

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2015-07-20">

<!ENTITY TIMESTAMP "2010-09-26">

<!ENTITY % common SYSTEM "common.ent">

%common;

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<sbr/>

<arg><option>--debug</option></arg>

<sbr/>

<arg><option>--debuglevel

<replaceable>LEVEL</replaceable></option></arg>

<sbr/>

<sbr/>

<sbr/>

100

<arg><option>--no-restore</option></arg>

101

<sbr/>

102

<arg><option>--statedir

103

<replaceable>DIRECTORY</replaceable></option></arg>

104

<sbr/>

105

<arg><option>--socket

106

107

<sbr/>

108

<arg><option>--foreground</option></arg>

109

<sbr/>

110

<arg><option>--no-zeroconf</option></arg>

111

</cmdsynopsis>

112

113

<command>&COMMANDNAME;</command>

131

113

<para>

132

114

<command>&COMMANDNAME;</command> is a server daemon which

133

115

handles incoming request for passwords for a pre-defined list of

134

client host computers. For an introduction, see

135

<citerefentry><refentrytitle>intro</refentrytitle>

136

<manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server

137

uses Zeroconf to announce itself on the local network, and uses

138

TLS to communicate securely with and to authenticate the

139

clients. The Mandos server uses IPv6 to allow Mandos clients to

140

use IPv6 link-local addresses, since the clients will probably

141

not have any other addresses configured (see <xref

142

linkend="overview"/>). Any authenticated client is then given

143

the stored pre-encrypted password for that specific client.

116

client host computers. The Mandos server uses Zeroconf to

117

announce itself on the local network, and uses TLS to

118

communicate securely with and to authenticate the clients. The

119

Mandos server uses IPv6 to allow Mandos clients to use IPv6

120

link-local addresses, since the clients will probably not have

121

any other addresses configured (see <xref linkend="overview"/>).

122

Any authenticated client is then given the stored pre-encrypted

123

password for that specific client.

144

124

</para>

145

125

</refsect1>

146

126

215

195

</varlistentry>

216

196

217

197

218

<term><option>--debuglevel

219

<replaceable>LEVEL</replaceable></option></term>

220

221

<para>

222

Set the debugging log level.

223

<replaceable>LEVEL</replaceable> is a string, one of

224

<quote><literal>CRITICAL</literal></quote>,

225

<quote><literal>ERROR</literal></quote>,

226

<quote><literal>WARNING</literal></quote>,

227

<quote><literal>INFO</literal></quote>, or

228

<quote><literal>DEBUG</literal></quote>, in order of

229

increasing verbosity. The default level is

230

<quote><literal>WARNING</literal></quote>.

231

</para>

232

</listitem>

233

</varlistentry>

234

235

236

198

<term><option>--priority <replaceable>

237

199

PRIORITY</replaceable></option></term>

238

200

289

251

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

290

252

</listitem>

291

253

</varlistentry>

292

293

294

<term><option>--no-restore</option></term>

295

296

<xi:include href="mandos-options.xml" xpointer="restore"/>

297

<para>

298

See also <xref linkend="persistent_state"/>.

299

</para>

300

</listitem>

301

</varlistentry>

302

303

304

<term><option>--statedir

305

<replaceable>DIRECTORY</replaceable></option></term>

306

307

<xi:include href="mandos-options.xml" xpointer="statedir"/>

308

</listitem>

309

</varlistentry>

310

311

312

<term><option>--socket

313

314

315

<xi:include href="mandos-options.xml" xpointer="socket"/>

316

</listitem>

317

</varlistentry>

318

319

320

<term><option>--foreground</option></term>

321

322

<xi:include href="mandos-options.xml"

323

xpointer="foreground"/>

324

</listitem>

325

</varlistentry>

326

327

328

<term><option>--no-zeroconf</option></term>

329

330

<xi:include href="mandos-options.xml" xpointer="zeroconf"/>

331

</listitem>

332

</varlistentry>

333

334

254

</variablelist>

335

255

</refsect1>

336

256

410

330

for some time, the client is assumed to be compromised and is no

411

331

longer eligible to receive the encrypted password. (Manual

412

332

intervention is required to re-enable a client.) The timeout,

413

extended timeout, checker program, and interval between checks

414

can be configured both globally and per client; see

415

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

416

<manvolnum>5</manvolnum></citerefentry>.

333

checker program, and interval between checks can be configured

334

both globally and per client; see <citerefentry>

335

<refentrytitle>mandos-clients.conf</refentrytitle>

336

<manvolnum>5</manvolnum></citerefentry>. A client successfully

337

receiving its password will also be treated as a successful

338

checker run.

417

339

</para>

418

340

</refsect1>

419

341

441

363

<title>LOGGING</title>

442

364

<para>

443

365

The server will send log message with various severity levels to

444

<filename class="devicefile">/dev/log</filename>. With the

366

<filename>/dev/log</filename>. With the

445

367

<option>--debug</option> option, it will log even more messages,

446

368

and also show them on the console.

447

369

</para>

448

370

</refsect1>

449

371

450

451

<title>PERSISTENT STATE</title>

452

<para>

453

Client settings, initially read from

454

<filename>clients.conf</filename>, are persistent across

455

restarts, and run-time changes will override settings in

456

<filename>clients.conf</filename>. However, if a setting is

457

<emphasis>changed</emphasis> (or a client added, or removed) in

458

<filename>clients.conf</filename>, this will take precedence.

459

</para>

460

</refsect1>

461

462

372

463

373

<title>D-BUS INTERFACE</title>

464

374

<para>

526

436

</listitem>

527

437

</varlistentry>

528

438

529

<term><filename>/run/mandos.pid</filename></term>

439

<term><filename>/var/run/mandos.pid</filename></term>

530

440

531

441

<para>

532

442

The file containing the process id of the

533

443

<command>&COMMANDNAME;</command> process started last.

534

<emphasis >Note:</emphasis> If the <filename

535

class="directory">/run</filename> directory does not

536

exist, <filename>/var/run/mandos.pid</filename> will be

537

used instead.

538

</para>

539

</listitem>

540

</varlistentry>

541

542

543

</varlistentry>

544

545

<term><filename

546

class="directory">/var/lib/mandos</filename></term>

547

548

<para>

549

Directory where persistent state will be saved. Change

550

this with the <option>--statedir</option> option. See

551

also the <option>--no-restore</option> option.

552

444

</para>

553

445

</listitem>

554

446

</varlistentry>

582

474

backtrace. This could be considered a feature.

583

475

</para>

584

476

<para>

477

Currently, if a client is disabled due to having timed out, the

478

server does not record this fact onto permanent storage. This

479

has some security implications, see <xref linkend="clients"/>.

480

</para>

481

<para>

585

482

There is no fine-grained control over logging and debug output.

586

483

</para>

587

484

<para>

485

Debug mode is conflated with running in the foreground.

486

</para>

487

<para>

488

The console log messages do not show a time stamp.

489

</para>

490

<para>

588

491

This server does not check the expire time of clients’ OpenPGP

589

492

keys.

590

493

</para>

603

506

604

507

<para>

605

508

Run the server in debug mode, read configuration files from

606

the <filename class="directory">~/mandos</filename> directory,

607

and use the Zeroconf service name <quote>Test</quote> to not

608

collide with any other official Mandos server on this host:

509

the <filename>~/mandos</filename> directory, and use the

510

Zeroconf service name <quote>Test</quote> to not collide with

511

any other official Mandos server on this host:

609

512

</para>

610

513

<para>

611

514

660

563

compromised if they are gone for too long.

661

564

</para>

662

565

<para>

566

If a client is compromised, its downtime should be duly noted

567

by the server which would therefore disable the client. But

568

if the server was ever restarted, it would re-read its client

569

list from its configuration file and again regard all clients

570

therein as enabled, and hence eligible to receive their

571

passwords. Therefore, be careful when restarting servers if

572

it is suspected that a client has, in fact, been compromised

573

by parties who may now be running a fake Mandos client with

574

the keys from the non-encrypted initial <acronym>RAM</acronym>

575

image of the client host. What should be done in that case

576

(if restarting the server program really is necessary) is to

577

stop the server program, edit the configuration file to omit

578

any suspect clients, and restart the server program.

579

</para>

580

<para>

663

581

For more details on client-side security, see

664

582

<citerefentry><refentrytitle>mandos-client</refentrytitle>

665

583

<manvolnum>8mandos</manvolnum></citerefentry>.

670

588

671

589

672

590

<para>

673

<citerefentry><refentrytitle>intro</refentrytitle>

674

<manvolnum>8mandos</manvolnum></citerefentry>,

675

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

676

<manvolnum>5</manvolnum></citerefentry>,

677

<citerefentry><refentrytitle>mandos.conf</refentrytitle>

678

<manvolnum>5</manvolnum></citerefentry>,

679

<citerefentry><refentrytitle>mandos-client</refentrytitle>

680

<manvolnum>8mandos</manvolnum></citerefentry>,

681

682

591

592

<refentrytitle>mandos-clients.conf</refentrytitle>

593

594

<refentrytitle>mandos.conf</refentrytitle>

595

596

<refentrytitle>mandos-client</refentrytitle>

597

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

598

599

</citerefentry>

683

600

</para>

684

601

685

602

706

623

</varlistentry>

707

624

708

625

<term>

709

<ulink url="http://gnutls.org/">GnuTLS</ulink>

626

<ulink url="http://www.gnu.org/software/gnutls/"

627

>GnuTLS</ulink>

710

628

</term>

711

629

712

630

<para>

750

668

</varlistentry>

751

669

752

670

<term>

753

RFC 5246: <citetitle>The Transport Layer Security (TLS)

754

Protocol Version 1.2</citetitle>

671

RFC 4346: <citetitle>The Transport Layer Security (TLS)

672

Protocol Version 1.1</citetitle>

755

673

</term>

756

674

757

675

<para>

758

TLS 1.2 is the protocol implemented by GnuTLS.

676

TLS 1.1 is the protocol implemented by GnuTLS.

759

677

</para>

760

678

</listitem>

761

679

</varlistentry>

771

689

</varlistentry>

772

690

773

691

<term>

774

RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer

775

Security (TLS) Authentication</citetitle>

692

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

693

Security</citetitle>

776

694

</term>

777

695

778

696

<para>

Older »