/mandos/trunk : revision 518.1.1

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Björn Påhlsson
Date: 2011-11-09 11:16:17 UTC
mto: (518.2.5 persistent-state-gpgme)
mto: This revision was merged to the branch mainline in revision 520.
Revision ID: belorn@fukt.bsnet.se-20111109111617-jpey2sy4dupqzabc

Persistent state: New feature. Client state is now stored when mandos
                  server exits, and restored when starting up. Secrets
                  are encrypted with key based on clients config file.
--no-restore: New argument to mandos server. Disables restore
              functionallity
minor changes: clients are now dicts!

files removed:
debian/mandos-client.examples

debian/upstream

debian/upstream/signing-key.asc

initramfs-unpack

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2015-07-20">

<!ENTITY TIMESTAMP "2011-10-03">

<!ENTITY % common SYSTEM "common.ent">

%common;

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<sbr/>

100

<arg><option>--no-restore</option></arg>

101

<sbr/>

102

<arg><option>--statedir

103

<replaceable>DIRECTORY</replaceable></option></arg>

104

<sbr/>

105

<arg><option>--socket

106

107

<sbr/>

108

<arg><option>--foreground</option></arg>

109

<sbr/>

110

<arg><option>--no-zeroconf</option></arg>

111

</cmdsynopsis>

112

100

113

101

<command>&COMMANDNAME;</command>

294

282

<term><option>--no-restore</option></term>

295

283

296

284

<xi:include href="mandos-options.xml" xpointer="restore"/>

297

<para>

298

See also <xref linkend="persistent_state"/>.

299

</para>

300

</listitem>

301

</varlistentry>

302

303

304

<term><option>--statedir

305

<replaceable>DIRECTORY</replaceable></option></term>

306

307

<xi:include href="mandos-options.xml" xpointer="statedir"/>

308

</listitem>

309

</varlistentry>

310

311

312

<term><option>--socket

313

314

315

<xi:include href="mandos-options.xml" xpointer="socket"/>

316

</listitem>

317

</varlistentry>

318

319

320

<term><option>--foreground</option></term>

321

322

<xi:include href="mandos-options.xml"

323

xpointer="foreground"/>

324

</listitem>

325

</varlistentry>

326

327

328

<term><option>--no-zeroconf</option></term>

329

330

<xi:include href="mandos-options.xml" xpointer="zeroconf"/>

331

</listitem>

332

</varlistentry>

333

285

</listitem>

286

</varlistentry>

334

287

</variablelist>

335

288

</refsect1>

336

289

413

366

extended timeout, checker program, and interval between checks

414

367

can be configured both globally and per client; see

415

368

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

416

<manvolnum>5</manvolnum></citerefentry>.

369

<manvolnum>5</manvolnum></citerefentry>. A client successfully

370

receiving its password will also be treated as a successful

371

checker run.

417

372

</para>

418

373

</refsect1>

419

374

441

396

<title>LOGGING</title>

442

397

<para>

443

398

The server will send log message with various severity levels to

444

<filename class="devicefile">/dev/log</filename>. With the

399

<filename>/dev/log</filename>. With the

445

400

<option>--debug</option> option, it will log even more messages,

446

401

and also show them on the console.

447

402

</para>

448

403

</refsect1>

449

404

450

451

<title>PERSISTENT STATE</title>

452

<para>

453

Client settings, initially read from

454

<filename>clients.conf</filename>, are persistent across

455

restarts, and run-time changes will override settings in

456

<filename>clients.conf</filename>. However, if a setting is

457

<emphasis>changed</emphasis> (or a client added, or removed) in

458

<filename>clients.conf</filename>, this will take precedence.

459

</para>

460

</refsect1>

461

462

405

463

406

<title>D-BUS INTERFACE</title>

464

407

<para>

526

469

</listitem>

527

470

</varlistentry>

528

471

529

<term><filename>/run/mandos.pid</filename></term>

472

<term><filename>/var/run/mandos.pid</filename></term>

530

473

531

474

<para>

532

475

The file containing the process id of the

533

476

<command>&COMMANDNAME;</command> process started last.

534

<emphasis >Note:</emphasis> If the <filename

535

class="directory">/run</filename> directory does not

536

exist, <filename>/var/run/mandos.pid</filename> will be

537

used instead.

538

</para>

539

</listitem>

540

</varlistentry>

541

542

543

</varlistentry>

544

545

<term><filename

546

class="directory">/var/lib/mandos</filename></term>

547

548

<para>

549

Directory where persistent state will be saved. Change

550

this with the <option>--statedir</option> option. See

551

also the <option>--no-restore</option> option.

552

477

</para>

553

478

</listitem>

554

479

</varlistentry>

582

507

backtrace. This could be considered a feature.

583

508

</para>

584

509

<para>

510

Currently, if a client is disabled due to having timed out, the

511

server does not record this fact onto permanent storage. This

512

has some security implications, see <xref linkend="clients"/>.

513

</para>

514

<para>

585

515

There is no fine-grained control over logging and debug output.

586

516

</para>

587

517

<para>

518

Debug mode is conflated with running in the foreground.

519

</para>

520

<para>

521

The console log messages do not show a time stamp.

522

</para>

523

<para>

588

524

This server does not check the expire time of clients’ OpenPGP

589

525

keys.

590

526

</para>

603

539

604

540

<para>

605

541

Run the server in debug mode, read configuration files from

606

the <filename class="directory">~/mandos</filename> directory,

607

and use the Zeroconf service name <quote>Test</quote> to not

608

collide with any other official Mandos server on this host:

542

the <filename>~/mandos</filename> directory, and use the

543

Zeroconf service name <quote>Test</quote> to not collide with

544

any other official Mandos server on this host:

609

545

</para>

610

546

<para>

611

547

660

596

compromised if they are gone for too long.

661

597

</para>

662

598

<para>

599

If a client is compromised, its downtime should be duly noted

600

by the server which would therefore disable the client. But

601

if the server was ever restarted, it would re-read its client

602

list from its configuration file and again regard all clients

603

therein as enabled, and hence eligible to receive their

604

passwords. Therefore, be careful when restarting servers if

605

it is suspected that a client has, in fact, been compromised

606

by parties who may now be running a fake Mandos client with

607

the keys from the non-encrypted initial <acronym>RAM</acronym>

608

image of the client host. What should be done in that case

609

(if restarting the server program really is necessary) is to

610

stop the server program, edit the configuration file to omit

611

any suspect clients, and restart the server program.

612

</para>

613

<para>

663

614

For more details on client-side security, see

664

615

<citerefentry><refentrytitle>mandos-client</refentrytitle>

665

616

<manvolnum>8mandos</manvolnum></citerefentry>.

706

657

</varlistentry>

707

658

708

659

<term>

709

<ulink url="http://gnutls.org/">GnuTLS</ulink>

660

<ulink url="http://www.gnu.org/software/gnutls/"

661

>GnuTLS</ulink>

710

662

</term>

711

663

712

664

<para>

750

702

</varlistentry>

751

703

752

704

<term>

753

RFC 5246: <citetitle>The Transport Layer Security (TLS)

754

Protocol Version 1.2</citetitle>

705

RFC 4346: <citetitle>The Transport Layer Security (TLS)

706

Protocol Version 1.1</citetitle>

755

707

</term>

756

708

757

709

<para>

758

TLS 1.2 is the protocol implemented by GnuTLS.

710

TLS 1.1 is the protocol implemented by GnuTLS.

759

711

</para>

760

712

</listitem>

761

713

</varlistentry>

771

723

</varlistentry>

772

724

773

725

<term>

774

RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer

775

Security (TLS) Authentication</citetitle>

726

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

727

Security</citetitle>

776

728

</term>

777

729

778

730

<para>

Older »