/mandos/trunk : revision 518.2.1

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2011-11-26 20:59:56 UTC
mto: (518.1.8 mandos-persistent)
mto: This revision was merged to the branch mainline in revision 524.
Revision ID: teddy@recompile.se-20111126205956-vft6g0z2i6my0165

Use GPG to encrypt instead of AES.

* Makefile (run-server): Use "--no-restore" option.
* debian/control (mandos/Depends): Added "python-gnupginterface".
* mandos: (CryptoError, Crypto): New; uses GPG.
  (Client.encrypt_secret, Client.decrypt_secret): Removed.
  (ClientHandler.fingerprint): Use binascii.hexlify().
  (main): Use Crypto class to decrypt.
  (main/cleanup): Use Crypto class to encrypt.  Handle EACCES.

files removed:
debian/mandos-client.examples

debian/upstream

debian/upstream/signing-key.asc

initramfs-unpack

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2015-07-20">

<!ENTITY TIMESTAMP "2011-10-22">

<!ENTITY % common SYSTEM "common.ent">

%common;

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<sbr/>

100

<arg><option>--no-restore</option></arg>

101

<sbr/>

102

<arg><option>--statedir

103

<replaceable>DIRECTORY</replaceable></option></arg>

104

<sbr/>

105

<arg><option>--socket

106

107

<sbr/>

108

<arg><option>--foreground</option></arg>

109

<sbr/>

110

<arg><option>--no-zeroconf</option></arg>

111

</cmdsynopsis>

112

100

113

101

<command>&COMMANDNAME;</command>

294

282

<term><option>--no-restore</option></term>

295

283

296

284

<xi:include href="mandos-options.xml" xpointer="restore"/>

297

<para>

298

See also <xref linkend="persistent_state"/>.

299

</para>

300

</listitem>

301

</varlistentry>

302

303

304

<term><option>--statedir

305

<replaceable>DIRECTORY</replaceable></option></term>

306

307

<xi:include href="mandos-options.xml" xpointer="statedir"/>

308

</listitem>

309

</varlistentry>

310

311

312

<term><option>--socket

313

314

315

<xi:include href="mandos-options.xml" xpointer="socket"/>

316

</listitem>

317

</varlistentry>

318

319

320

<term><option>--foreground</option></term>

321

322

<xi:include href="mandos-options.xml"

323

xpointer="foreground"/>

324

</listitem>

325

</varlistentry>

326

327

328

<term><option>--no-zeroconf</option></term>

329

330

<xi:include href="mandos-options.xml" xpointer="zeroconf"/>

331

</listitem>

332

</varlistentry>

333

285

</listitem>

286

</varlistentry>

334

287

</variablelist>

335

288

</refsect1>

336

289

413

366

extended timeout, checker program, and interval between checks

414

367

can be configured both globally and per client; see

415

368

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

416

<manvolnum>5</manvolnum></citerefentry>.

369

<manvolnum>5</manvolnum></citerefentry>. A client successfully

370

receiving its password will also be treated as a successful

371

checker run.

417

372

</para>

418

373

</refsect1>

419

374

441

396

<title>LOGGING</title>

442

397

<para>

443

398

The server will send log message with various severity levels to

444

<filename class="devicefile">/dev/log</filename>. With the

399

<filename>/dev/log</filename>. With the

445

400

<option>--debug</option> option, it will log even more messages,

446

401

and also show them on the console.

447

402

</para>

448

403

</refsect1>

449

404

450

451

<title>PERSISTENT STATE</title>

452

<para>

453

Client settings, initially read from

454

<filename>clients.conf</filename>, are persistent across

455

restarts, and run-time changes will override settings in

456

<filename>clients.conf</filename>. However, if a setting is

457

<emphasis>changed</emphasis> (or a client added, or removed) in

458

<filename>clients.conf</filename>, this will take precedence.

459

</para>

460

</refsect1>

461

462

405

463

406

<title>D-BUS INTERFACE</title>

464

407

<para>

526

469

</listitem>

527

470

</varlistentry>

528

471

529

<term><filename>/run/mandos.pid</filename></term>

472

<term><filename>/var/run/mandos.pid</filename></term>

530

473

531

474

<para>

532

475

The file containing the process id of the

533

476

<command>&COMMANDNAME;</command> process started last.

534

<emphasis >Note:</emphasis> If the <filename

535

class="directory">/run</filename> directory does not

536

exist, <filename>/var/run/mandos.pid</filename> will be

537

used instead.

538

</para>

539

</listitem>

540

</varlistentry>

541

542

543

</varlistentry>

544

545

<term><filename

546

class="directory">/var/lib/mandos</filename></term>

547

548

<para>

549

Directory where persistent state will be saved. Change

550

this with the <option>--statedir</option> option. See

551

also the <option>--no-restore</option> option.

552

477

</para>

553

478

</listitem>

554

479

</varlistentry>

582

507

backtrace. This could be considered a feature.

583

508

</para>

584

509

<para>

510

Currently, if a client is disabled due to having timed out, the

511

server does not record this fact onto permanent storage. This

512

has some security implications, see <xref linkend="clients"/>.

513

</para>

514

<para>

585

515

There is no fine-grained control over logging and debug output.

586

516

</para>

587

517

<para>

518

Debug mode is conflated with running in the foreground.

519

</para>

520

<para>

588

521

This server does not check the expire time of clients’ OpenPGP

589

522

keys.

590

523

</para>

603

536

604

537

<para>

605

538

Run the server in debug mode, read configuration files from

606

the <filename class="directory">~/mandos</filename> directory,

607

and use the Zeroconf service name <quote>Test</quote> to not

608

collide with any other official Mandos server on this host:

539

the <filename>~/mandos</filename> directory, and use the

540

Zeroconf service name <quote>Test</quote> to not collide with

541

any other official Mandos server on this host:

609

542

</para>

610

543

<para>

611

544

660

593

compromised if they are gone for too long.

661

594

</para>

662

595

<para>

596

If a client is compromised, its downtime should be duly noted

597

by the server which would therefore disable the client. But

598

if the server was ever restarted, it would re-read its client

599

list from its configuration file and again regard all clients

600

therein as enabled, and hence eligible to receive their

601

passwords. Therefore, be careful when restarting servers if

602

it is suspected that a client has, in fact, been compromised

603

by parties who may now be running a fake Mandos client with

604

the keys from the non-encrypted initial <acronym>RAM</acronym>

605

image of the client host. What should be done in that case

606

(if restarting the server program really is necessary) is to

607

stop the server program, edit the configuration file to omit

608

any suspect clients, and restart the server program.

609

</para>

610

<para>

663

611

For more details on client-side security, see

664

612

<citerefentry><refentrytitle>mandos-client</refentrytitle>

665

613

<manvolnum>8mandos</manvolnum></citerefentry>.

706

654

</varlistentry>

707

655

708

656

<term>

709

<ulink url="http://gnutls.org/">GnuTLS</ulink>

657

<ulink url="http://www.gnu.org/software/gnutls/"

658

>GnuTLS</ulink>

710

659

</term>

711

660

712

661

<para>

750

699

</varlistentry>

751

700

752

701

<term>

753

RFC 5246: <citetitle>The Transport Layer Security (TLS)

754

Protocol Version 1.2</citetitle>

702

RFC 4346: <citetitle>The Transport Layer Security (TLS)

703

Protocol Version 1.1</citetitle>

755

704

</term>

756

705

757

706

<para>

758

TLS 1.2 is the protocol implemented by GnuTLS.

707

TLS 1.1 is the protocol implemented by GnuTLS.

759

708

</para>

760

709

</listitem>

761

710

</varlistentry>

771

720

</varlistentry>

772

721

773

722

<term>

774

RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer

775

Security (TLS) Authentication</citetitle>

723

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

724

Security</citetitle>

776

725

</term>

777

726

778

727

<para>

Older »