To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos.xml
- browse files at revision 472
- compare with another revision
- download diff
- download tarball
- view history from revision 472
- Committer: Teddy Hogeborn
- Date: 2011-03-08 19:09:03 UTC
- Revision ID: teddy@fukt.bsnet.se-20110308190903-j499ebtb9bpk31ar
* INSTALL: Updated.
- files removed:
- bugs.xml
- debian/upstream
- network-hooks.d
- plugin-helpers
- files modified:
- .bzrignore
added
removed
mandos.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
<!ENTITY TIMESTAMP "2016-03-05">
5
<!ENTITY TIMESTAMP "2011-02-27">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
<firstname>Björn</firstname>
20
20
<surname>Påhlsson</surname>
21
21
<address>
22
<email>belorn@recompile.se</email>
22
<email>belorn@fukt.bsnet.se</email>
23
23
</address>
24
24
</author>
25
25
<author>
26
26
<firstname>Teddy</firstname>
27
27
<surname>Hogeborn</surname>
28
28
<address>
29
<email>teddy@recompile.se</email>
29
<email>teddy@fukt.bsnet.se</email>
30
30
</address>
31
31
</author>
32
32
</authorgroup>
35
35
<year>2009</year>
36
36
<year>2010</year>
37
37
<year>2011</year>
38
<year>2012</year>
39
<year>2013</year>
40
<year>2014</year>
41
<year>2015</year>
42
<year>2016</year>
43
38
<holder>Teddy Hogeborn</holder>
44
39
<holder>Björn Påhlsson</holder>
45
40
</copyright>
99
94
<arg><option>--no-dbus</option></arg>
100
95
<sbr/>
101
96
<arg><option>--no-ipv6</option></arg>
102
<sbr/>
103
<arg><option>--no-restore</option></arg>
104
<sbr/>
105
<arg><option>--statedir
106
<replaceable>DIRECTORY</replaceable></option></arg>
107
<sbr/>
108
<arg><option>--socket
109
<replaceable>FD</replaceable></option></arg>
110
<sbr/>
111
<arg><option>--foreground</option></arg>
112
<sbr/>
113
<arg><option>--no-zeroconf</option></arg>
114
97
</cmdsynopsis>
115
98
<cmdsynopsis>
116
99
<command>&COMMANDNAME;</command>
134
117
<para>
135
118
<command>&COMMANDNAME;</command> is a server daemon which
136
119
handles incoming request for passwords for a pre-defined list of
137
client host computers. For an introduction, see
138
<citerefentry><refentrytitle>intro</refentrytitle>
139
<manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server
140
uses Zeroconf to announce itself on the local network, and uses
141
TLS to communicate securely with and to authenticate the
142
clients. The Mandos server uses IPv6 to allow Mandos clients to
143
use IPv6 link-local addresses, since the clients will probably
144
not have any other addresses configured (see <xref
145
linkend="overview"/>). Any authenticated client is then given
146
the stored pre-encrypted password for that specific client.
120
client host computers. The Mandos server uses Zeroconf to
121
announce itself on the local network, and uses TLS to
122
communicate securely with and to authenticate the clients. The
123
Mandos server uses IPv6 to allow Mandos clients to use IPv6
124
link-local addresses, since the clients will probably not have
125
any other addresses configured (see <xref linkend="overview"/>).
126
Any authenticated client is then given the stored pre-encrypted
127
password for that specific client.
147
128
</para>
148
129
</refsect1>
149
130
292
273
<xi:include href="mandos-options.xml" xpointer="ipv6"/>
293
274
</listitem>
294
275
</varlistentry>
295
296
<varlistentry>
297
<term><option>--no-restore</option></term>
298
<listitem>
299
<xi:include href="mandos-options.xml" xpointer="restore"/>
300
<para>
301
See also <xref linkend="persistent_state"/>.
302
</para>
303
</listitem>
304
</varlistentry>
305
306
<varlistentry>
307
<term><option>--statedir
308
<replaceable>DIRECTORY</replaceable></option></term>
309
<listitem>
310
<xi:include href="mandos-options.xml" xpointer="statedir"/>
311
</listitem>
312
</varlistentry>
313
314
<varlistentry>
315
<term><option>--socket
316
<replaceable>FD</replaceable></option></term>
317
<listitem>
318
<xi:include href="mandos-options.xml" xpointer="socket"/>
319
</listitem>
320
</varlistentry>
321
322
<varlistentry>
323
<term><option>--foreground</option></term>
324
<listitem>
325
<xi:include href="mandos-options.xml"
326
xpointer="foreground"/>
327
</listitem>
328
</varlistentry>
329
330
<varlistentry>
331
<term><option>--no-zeroconf</option></term>
332
<listitem>
333
<xi:include href="mandos-options.xml" xpointer="zeroconf"/>
334
</listitem>
335
</varlistentry>
336
337
276
</variablelist>
338
277
</refsect1>
339
278
413
352
for some time, the client is assumed to be compromised and is no
414
353
longer eligible to receive the encrypted password. (Manual
415
354
intervention is required to re-enable a client.) The timeout,
416
extended timeout, checker program, and interval between checks
417
can be configured both globally and per client; see
418
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
419
<manvolnum>5</manvolnum></citerefentry>.
355
checker program, and interval between checks can be configured
356
both globally and per client; see <citerefentry>
357
<refentrytitle>mandos-clients.conf</refentrytitle>
358
<manvolnum>5</manvolnum></citerefentry>. A client successfully
359
receiving its password will also be treated as a successful
360
checker run.
420
361
</para>
421
362
</refsect1>
422
363
444
385
<title>LOGGING</title>
445
386
<para>
446
387
The server will send log message with various severity levels to
447
<filename class="devicefile">/dev/log</filename>. With the
388
<filename>/dev/log</filename>. With the
448
389
<option>--debug</option> option, it will log even more messages,
449
390
and also show them on the console.
450
391
</para>
451
392
</refsect1>
452
393
453
<refsect1 id="persistent_state">
454
<title>PERSISTENT STATE</title>
455
<para>
456
Client settings, initially read from
457
<filename>clients.conf</filename>, are persistent across
458
restarts, and run-time changes will override settings in
459
<filename>clients.conf</filename>. However, if a setting is
460
<emphasis>changed</emphasis> (or a client added, or removed) in
461
<filename>clients.conf</filename>, this will take precedence.
462
</para>
463
</refsect1>
464
465
394
<refsect1 id="dbus_interface">
466
395
<title>D-BUS INTERFACE</title>
467
396
<para>
529
458
</listitem>
530
459
</varlistentry>
531
460
<varlistentry>
532
<term><filename>/run/mandos.pid</filename></term>
461
<term><filename>/var/run/mandos.pid</filename></term>
533
462
<listitem>
534
463
<para>
535
464
The file containing the process id of the
536
465
<command>&COMMANDNAME;</command> process started last.
537
<emphasis >Note:</emphasis> If the <filename
538
class="directory">/run</filename> directory does not
539
exist, <filename>/var/run/mandos.pid</filename> will be
540
used instead.
541
</para>
542
</listitem>
543
</varlistentry>
544
<varlistentry>
545
<term><filename
546
class="directory">/var/lib/mandos</filename></term>
547
<listitem>
548
<para>
549
Directory where persistent state will be saved. Change
550
this with the <option>--statedir</option> option. See
551
also the <option>--no-restore</option> option.
552
</para>
553
</listitem>
554
</varlistentry>
555
<varlistentry>
556
<term><filename class="devicefile">/dev/log</filename></term>
466
</para>
467
</listitem>
468
</varlistentry>
469
<varlistentry>
470
<term><filename>/dev/log</filename></term>
557
471
<listitem>
558
472
<para>
559
473
The Unix domain socket to where local syslog messages are
582
496
backtrace. This could be considered a feature.
583
497
</para>
584
498
<para>
499
Currently, if a client is disabled due to having timed out, the
500
server does not record this fact onto permanent storage. This
501
has some security implications, see <xref linkend="clients"/>.
502
</para>
503
<para>
585
504
There is no fine-grained control over logging and debug output.
586
505
</para>
587
506
<para>
507
Debug mode is conflated with running in the foreground.
508
</para>
509
<para>
510
The console log messages do not show a time stamp.
511
</para>
512
<para>
588
513
This server does not check the expire time of clients’ OpenPGP
589
514
keys.
590
515
</para>
591
<xi:include href="bugs.xml"/>
592
516
</refsect1>
593
517
594
518
<refsect1 id="example">
604
528
<informalexample>
605
529
<para>
606
530
Run the server in debug mode, read configuration files from
607
the <filename class="directory">~/mandos</filename> directory,
608
and use the Zeroconf service name <quote>Test</quote> to not
609
collide with any other official Mandos server on this host:
531
the <filename>~/mandos</filename> directory, and use the
532
Zeroconf service name <quote>Test</quote> to not collide with
533
any other official Mandos server on this host:
610
534
</para>
611
535
<para>
612
536
661
585
compromised if they are gone for too long.
662
586
</para>
663
587
<para>
588
If a client is compromised, its downtime should be duly noted
589
by the server which would therefore disable the client. But
590
if the server was ever restarted, it would re-read its client
591
list from its configuration file and again regard all clients
592
therein as enabled, and hence eligible to receive their
593
passwords. Therefore, be careful when restarting servers if
594
it is suspected that a client has, in fact, been compromised
595
by parties who may now be running a fake Mandos client with
596
the keys from the non-encrypted initial <acronym>RAM</acronym>
597
image of the client host. What should be done in that case
598
(if restarting the server program really is necessary) is to
599
stop the server program, edit the configuration file to omit
600
any suspect clients, and restart the server program.
601
</para>
602
<para>
664
603
For more details on client-side security, see
665
604
<citerefentry><refentrytitle>mandos-client</refentrytitle>
666
605
<manvolnum>8mandos</manvolnum></citerefentry>.
671
610
<refsect1 id="see_also">
672
611
<title>SEE ALSO</title>
673
612
<para>
674
<citerefentry><refentrytitle>intro</refentrytitle>
675
<manvolnum>8mandos</manvolnum></citerefentry>,
676
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
677
<manvolnum>5</manvolnum></citerefentry>,
678
<citerefentry><refentrytitle>mandos.conf</refentrytitle>
679
<manvolnum>5</manvolnum></citerefentry>,
680
<citerefentry><refentrytitle>mandos-client</refentrytitle>
681
<manvolnum>8mandos</manvolnum></citerefentry>,
682
<citerefentry><refentrytitle>sh</refentrytitle>
683
<manvolnum>1</manvolnum></citerefentry>
613
<citerefentry>
614
<refentrytitle>mandos-clients.conf</refentrytitle>
615
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
616
<refentrytitle>mandos.conf</refentrytitle>
617
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
618
<refentrytitle>mandos-client</refentrytitle>
619
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
620
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
621
</citerefentry>
684
622
</para>
685
623
<variablelist>
686
624
<varlistentry>
707
645
</varlistentry>
708
646
<varlistentry>
709
647
<term>
710
<ulink url="http://gnutls.org/">GnuTLS</ulink>
648
<ulink url="http://www.gnu.org/software/gnutls/"
649
>GnuTLS</ulink>
711
650
</term>
712
651
<listitem>
713
652
<para>
751
690
</varlistentry>
752
691
<varlistentry>
753
692
<term>
754
RFC 5246: <citetitle>The Transport Layer Security (TLS)
755
Protocol Version 1.2</citetitle>
693
RFC 4346: <citetitle>The Transport Layer Security (TLS)
694
Protocol Version 1.1</citetitle>
756
695
</term>
757
696
<listitem>
758
697
<para>
759
TLS 1.2 is the protocol implemented by GnuTLS.
698
TLS 1.1 is the protocol implemented by GnuTLS.
760
699
</para>
761
700
</listitem>
762
701
</varlistentry>
772
711
</varlistentry>
773
712
<varlistentry>
774
713
<term>
775
RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
776
Security (TLS) Authentication</citetitle>
714
RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
715
Security</citetitle>
777
716
</term>
778
717
<listitem>
779
718
<para>
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0