/mandos/trunk : revision 631

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2013-10-22 19:24:01 UTC
Revision ID: teddy@recompile.se-20131022192401-op6mwsb7f7gygjyh

http://bugs.debian.org/702120

* mandos (priority): Bug fix: Add even more magic to make the old
DSA/ELG 2048-bit keys work with GnuTLS.
* mandos-keygen (KEYCOMMENT): Changed default to "".
* mandos-keygen (OPTIONS): Document new default value of "--comment".
* mandos-options.xml (priority): Document new default value.
* mandos.conf (priority): - '' -

files added:
debian/mandos-client.examples

debian/source

debian/source/format

debian/source/local-options

initramfs-unpack

intro.xml

mandos-change-keytype

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2010-09-25">

<!ENTITY TIMESTAMP "2013-10-20">

<!ENTITY % common SYSTEM "common.ent">

%common;

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<sbr/>

<arg><option>--debug</option></arg>

<sbr/>

<arg><option>--debuglevel

<replaceable>LEVEL</replaceable></option></arg>

<sbr/>

<sbr/>

<sbr/>

100

<arg><option>--no-restore</option></arg>

101

<sbr/>

102

<arg><option>--statedir

103

<replaceable>DIRECTORY</replaceable></option></arg>

104

<sbr/>

105

<arg><option>--socket

106

107

<sbr/>

108

<arg><option>--foreground</option></arg>

109

</cmdsynopsis>

110

111

<command>&COMMANDNAME;</command>

112

129

<para>

113

130

<command>&COMMANDNAME;</command> is a server daemon which

114

131

handles incoming request for passwords for a pre-defined list of

115

client host computers. The Mandos server uses Zeroconf to

116

announce itself on the local network, and uses TLS to

117

communicate securely with and to authenticate the clients. The

118

Mandos server uses IPv6 to allow Mandos clients to use IPv6

119

link-local addresses, since the clients will probably not have

120

any other addresses configured (see <xref linkend="overview"/>).

121

Any authenticated client is then given the stored pre-encrypted

122

password for that specific client.

132

client host computers. For an introduction, see

133

<citerefentry><refentrytitle>intro</refentrytitle>

134

<manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server

135

uses Zeroconf to announce itself on the local network, and uses

136

TLS to communicate securely with and to authenticate the

137

clients. The Mandos server uses IPv6 to allow Mandos clients to

138

use IPv6 link-local addresses, since the clients will probably

139

not have any other addresses configured (see <xref

140

linkend="overview"/>). Any authenticated client is then given

141

the stored pre-encrypted password for that specific client.

123

142

</para>

124

143

</refsect1>

125

144

194

213

</varlistentry>

195

214

196

215

216

<term><option>--debuglevel

217

<replaceable>LEVEL</replaceable></option></term>

218

219

<para>

220

Set the debugging log level.

221

<replaceable>LEVEL</replaceable> is a string, one of

222

<quote><literal>CRITICAL</literal></quote>,

223

<quote><literal>ERROR</literal></quote>,

224

<quote><literal>WARNING</literal></quote>,

225

<quote><literal>INFO</literal></quote>, or

226

<quote><literal>DEBUG</literal></quote>, in order of

227

increasing verbosity. The default level is

228

<quote><literal>WARNING</literal></quote>.

229

</para>

230

</listitem>

231

</varlistentry>

232

233

197

234

<term><option>--priority <replaceable>

198

235

PRIORITY</replaceable></option></term>

199

236

250

287

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

251

288

</listitem>

252

289

</varlistentry>

290

291

292

<term><option>--no-restore</option></term>

293

294

<xi:include href="mandos-options.xml" xpointer="restore"/>

295

<para>

296

See also <xref linkend="persistent_state"/>.

297

</para>

298

</listitem>

299

</varlistentry>

300

301

302

<term><option>--statedir

303

<replaceable>DIRECTORY</replaceable></option></term>

304

305

<xi:include href="mandos-options.xml" xpointer="statedir"/>

306

</listitem>

307

</varlistentry>

308

309

310

<term><option>--socket

311

312

313

<xi:include href="mandos-options.xml" xpointer="socket"/>

314

</listitem>

315

</varlistentry>

316

317

318

<term><option>--foreground</option></term>

319

320

<xi:include href="mandos-options.xml"

321

xpointer="foreground"/>

322

</listitem>

323

</varlistentry>

324

253

325

</variablelist>

254

326

</refsect1>

255

327

329

401

for some time, the client is assumed to be compromised and is no

330

402

longer eligible to receive the encrypted password. (Manual

331

403

intervention is required to re-enable a client.) The timeout,

332

checker program, and interval between checks can be configured

333

both globally and per client; see <citerefentry>

334

<refentrytitle>mandos-clients.conf</refentrytitle>

335

<manvolnum>5</manvolnum></citerefentry>. A client successfully

336

receiving its password will also be treated as a successful

337

checker run.

404

extended timeout, checker program, and interval between checks

405

can be configured both globally and per client; see

406

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

407

<manvolnum>5</manvolnum></citerefentry>.

338

408

</para>

339

409

</refsect1>

340

410

362

432

<title>LOGGING</title>

363

433

<para>

364

434

The server will send log message with various severity levels to

365

<filename>/dev/log</filename>. With the

435

<filename class="devicefile">/dev/log</filename>. With the

366

436

<option>--debug</option> option, it will log even more messages,

367

437

and also show them on the console.

368

438

</para>

369

439

</refsect1>

370

440

441

442

<title>PERSISTENT STATE</title>

443

<para>

444

Client settings, initially read from

445

<filename>clients.conf</filename>, are persistent across

446

restarts, and run-time changes will override settings in

447

<filename>clients.conf</filename>. However, if a setting is

448

<emphasis>changed</emphasis> (or a client added, or removed) in

449

<filename>clients.conf</filename>, this will take precedence.

450

</para>

451

</refsect1>

452

371

453

372

454

<title>D-BUS INTERFACE</title>

373

455

<para>

435

517

</listitem>

436

518

</varlistentry>

437

519

438

<term><filename>/var/run/mandos.pid</filename></term>

520

<term><filename>/run/mandos.pid</filename></term>

439

521

440

522

<para>

441

523

The file containing the process id of the

444

526

</listitem>

445

527

</varlistentry>

446

528

529

530

</varlistentry>

531

532

<term><filename

533

class="directory">/var/lib/mandos</filename></term>

534

535

<para>

536

Directory where persistent state will be saved. Change

537

this with the <option>--statedir</option> option. See

538

also the <option>--no-restore</option> option.

539

</para>

540

</listitem>

541

</varlistentry>

542

447

543

448

544

449

545

<para>

473

569

backtrace. This could be considered a feature.

474

570

</para>

475

571

<para>

476

Currently, if a client is disabled due to having timed out, the

477

server does not record this fact onto permanent storage. This

478

has some security implications, see <xref linkend="clients"/>.

479

</para>

480

<para>

481

572

There is no fine-grained control over logging and debug output.

482

573

</para>

483

574

<para>

484

Debug mode is conflated with running in the foreground.

485

</para>

486

<para>

487

The console log messages do not show a time stamp.

488

</para>

489

<para>

490

575

This server does not check the expire time of clients’ OpenPGP

491

576

keys.

492

577

</para>

505

590

506

591

<para>

507

592

Run the server in debug mode, read configuration files from

508

the <filename>~/mandos</filename> directory, and use the

509

Zeroconf service name <quote>Test</quote> to not collide with

510

any other official Mandos server on this host:

593

the <filename class="directory">~/mandos</filename> directory,

594

and use the Zeroconf service name <quote>Test</quote> to not

595

collide with any other official Mandos server on this host:

511

596

</para>

512

597

<para>

513

598

562

647

compromised if they are gone for too long.

563

648

</para>

564

649

<para>

565

If a client is compromised, its downtime should be duly noted

566

by the server which would therefore disable the client. But

567

if the server was ever restarted, it would re-read its client

568

list from its configuration file and again regard all clients

569

therein as enabled, and hence eligible to receive their

570

passwords. Therefore, be careful when restarting servers if

571

it is suspected that a client has, in fact, been compromised

572

by parties who may now be running a fake Mandos client with

573

the keys from the non-encrypted initial <acronym>RAM</acronym>

574

image of the client host. What should be done in that case

575

(if restarting the server program really is necessary) is to

576

stop the server program, edit the configuration file to omit

577

any suspect clients, and restart the server program.

578

</para>

579

<para>

580

650

For more details on client-side security, see

581

651

<citerefentry><refentrytitle>mandos-client</refentrytitle>

582

652

<manvolnum>8mandos</manvolnum></citerefentry>.

587

657

588

658

589

659

<para>

590

591

<refentrytitle>mandos-clients.conf</refentrytitle>

592

593

<refentrytitle>mandos.conf</refentrytitle>

594

595

<refentrytitle>mandos-client</refentrytitle>

596

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

597

598

</citerefentry>

660

<citerefentry><refentrytitle>intro</refentrytitle>

661

<manvolnum>8mandos</manvolnum></citerefentry>,

662

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

663

<manvolnum>5</manvolnum></citerefentry>,

664

<citerefentry><refentrytitle>mandos.conf</refentrytitle>

665

<manvolnum>5</manvolnum></citerefentry>,

666

<citerefentry><refentrytitle>mandos-client</refentrytitle>

667

<manvolnum>8mandos</manvolnum></citerefentry>,

668

669

599

670

</para>

600

671

601

672

Older »