/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2014-03-01 09:47:01 UTC
  • Revision ID: teddy@recompile.se-20140301094701-j0vpnc0fyil6tpdn
* plugin-runner.c (main): Declare "bad_prefixes" and "bad_suffixes"
                          correctly.  Also fix resulting issues with
                          casting to non-const and suppress the
                          warnings thereof.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2014-06-22">
 
5
<!ENTITY TIMESTAMP "2014-03-01">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
261
261
          <para>
262
262
            <replaceable>NAME</replaceable> can be the string
263
263
            <quote><literal>none</literal></quote>; this will make
264
 
            <command>&COMMANDNAME;</command> only bring up interfaces
265
 
            specified <emphasis>before</emphasis> this string.  This
266
 
            is not recommended, and only meant for advanced users.
 
264
            <command>&COMMANDNAME;</command> not bring up
 
265
            <emphasis>any</emphasis> interfaces specified
 
266
            <emphasis>after</emphasis> this string.  This is not
 
267
            recommended, and only meant for advanced users.
267
268
          </para>
268
269
        </listitem>
269
270
      </varlistentry>
748
749
    <para>
749
750
      It will also help if the checker program on the server is
750
751
      configured to request something from the client which can not be
751
 
      spoofed by someone else on the network, like SSH server key
752
 
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
753
 
      echo (<quote>ping</quote>) replies.
 
752
      spoofed by someone else on the network, unlike unencrypted
 
753
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
754
754
    </para>
755
755
    <para>
756
756
      <emphasis>Note</emphasis>: This makes it completely insecure to