/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-10-04 13:44:40 UTC
  • Revision ID: teddy@recompile.se-20151004134440-ep3xxhb037n01114
Bug fix: Add local route also when host is unreachable.

* plugins.d/mandos-client.c (start_mandos_communication): Bug fix:
                    Check for EHOSTUNREACH in addition to ENETUNREACH.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-ctl">
5
 
<!ENTITY TIMESTAMP "2010-09-21">
 
5
<!ENTITY TIMESTAMP "2015-07-20">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2010</year>
 
35
      <year>2011</year>
 
36
      <year>2012</year>
 
37
      <year>2013</year>
 
38
      <year>2014</year>
 
39
      <year>2015</year>
35
40
      <holder>Teddy Hogeborn</holder>
36
41
      <holder>Björn Påhlsson</holder>
37
42
    </copyright>
94
99
      </group>
95
100
      <sbr/>
96
101
      <group>
 
102
        <arg choice="plain"><option>--extended-timeout
 
103
        <replaceable>TIME</replaceable></option></arg>
 
104
      </group>
 
105
      <sbr/>
 
106
      <group>
 
107
        <arg choice="plain"><option>--interval
 
108
        <replaceable>TIME</replaceable></option></arg>
 
109
        <arg choice="plain"><option>-i
 
110
        <replaceable>TIME</replaceable></option></arg>
 
111
      </group>
 
112
      <sbr/>
 
113
      <group>
 
114
        <arg choice="plain"><option>--approve-by-default</option
 
115
        ></arg>
 
116
        <sbr/>
 
117
        <arg choice="plain"><option>--deny-by-default</option></arg>
 
118
      </group>
 
119
      <sbr/>
 
120
      <group>
 
121
        <arg choice="plain"><option>--approval-delay
 
122
        <replaceable>TIME</replaceable></option></arg>
 
123
      </group>
 
124
      <sbr/>
 
125
      <group>
 
126
        <arg choice="plain"><option>--approval-duration
 
127
        <replaceable>TIME</replaceable></option></arg>
 
128
      </group>
 
129
      <sbr/>
 
130
      <group>
97
131
        <arg choice="plain"><option>--interval
98
132
        <replaceable>TIME</replaceable></option></arg>
99
133
        <arg choice="plain"><option>-i
164
198
        <arg choice="plain"><option>-v</option></arg>
165
199
      </group>
166
200
    </cmdsynopsis>
 
201
    <cmdsynopsis>
 
202
      <command>&COMMANDNAME;</command>
 
203
      <arg choice="plain"><option>--check</option></arg>
 
204
    </cmdsynopsis>
167
205
  </refsynopsisdiv>
168
206
  
169
207
  <refsect1 id="description">
273
311
          <para>
274
312
            Set the <varname>checker</varname> option of the specified
275
313
            client(s); see <citerefentry><refentrytitle
276
 
            >mandos-client.conf</refentrytitle><manvolnum>5</manvolnum
277
 
            ></citerefentry>.
 
314
            >mandos-clients.conf</refentrytitle><manvolnum
 
315
            >5</manvolnum></citerefentry>.
278
316
          </para>
279
317
        </listitem>
280
318
      </varlistentry>
288
326
          <para>
289
327
            Set the <varname>timeout</varname> option of the specified
290
328
            client(s); see <citerefentry><refentrytitle
291
 
            >mandos-client.conf</refentrytitle><manvolnum>5</manvolnum
292
 
            ></citerefentry>.
 
329
            >mandos-clients.conf</refentrytitle><manvolnum
 
330
            >5</manvolnum></citerefentry>.
 
331
          </para>
 
332
        </listitem>
 
333
      </varlistentry>
 
334
 
 
335
      <varlistentry>
 
336
        <term><option>--extended-timeout
 
337
        <replaceable>TIME</replaceable></option></term>
 
338
        <listitem>
 
339
          <para>
 
340
            Set the <varname>extended_timeout</varname> option of the
 
341
            specified client(s); see <citerefentry><refentrytitle
 
342
            >mandos-clients.conf</refentrytitle><manvolnum
 
343
            >5</manvolnum></citerefentry>.
293
344
          </para>
294
345
        </listitem>
295
346
      </varlistentry>
301
352
        <replaceable>TIME</replaceable></option></term>
302
353
        <listitem>
303
354
          <para>
304
 
            Set the <varname>interval</varname> option of the specified
305
 
            client(s); see <citerefentry><refentrytitle
306
 
            >mandos-client.conf</refentrytitle><manvolnum>5</manvolnum
307
 
            ></citerefentry>.
 
355
            Set the <varname>interval</varname> option of the
 
356
            specified client(s); see <citerefentry><refentrytitle
 
357
            >mandos-clients.conf</refentrytitle><manvolnum
 
358
            >5</manvolnum></citerefentry>.
 
359
          </para>
 
360
        </listitem>
 
361
      </varlistentry>
 
362
      
 
363
      <varlistentry>
 
364
        <term><option>--approve-by-default</option></term>
 
365
        <term><option>--deny-by-default</option></term>
 
366
        <listitem>
 
367
          <para>
 
368
            Set the <varname>approved_by_default</varname> option of
 
369
            the specified client(s) to <literal>True</literal> or
 
370
            <literal>False</literal>, respectively; see
 
371
            <citerefentry><refentrytitle
 
372
            >mandos-clients.conf</refentrytitle><manvolnum
 
373
            >5</manvolnum></citerefentry>.
 
374
          </para>
 
375
        </listitem>
 
376
      </varlistentry>
 
377
      
 
378
      <varlistentry>
 
379
        <term><option>--approval-delay
 
380
        <replaceable>TIME</replaceable></option></term>
 
381
        <listitem>
 
382
          <para>
 
383
            Set the <varname>approval_delay</varname> option of the
 
384
            specified client(s); see <citerefentry><refentrytitle
 
385
            >mandos-clients.conf</refentrytitle><manvolnum
 
386
            >5</manvolnum></citerefentry>.
 
387
          </para>
 
388
        </listitem>
 
389
      </varlistentry>
 
390
      
 
391
      <varlistentry>
 
392
        <term><option>--approval-duration
 
393
        <replaceable>TIME</replaceable></option></term>
 
394
        <listitem>
 
395
          <para>
 
396
            Set the <varname>approval_duration</varname> option of the
 
397
            specified client(s); see <citerefentry><refentrytitle
 
398
            >mandos-clients.conf</refentrytitle><manvolnum
 
399
            >5</manvolnum></citerefentry>.
308
400
          </para>
309
401
        </listitem>
310
402
      </varlistentry>
318
410
          <para>
319
411
            Set the <varname>host</varname> option of the specified
320
412
            client(s); see <citerefentry><refentrytitle
321
 
            >mandos-client.conf</refentrytitle><manvolnum>5</manvolnum
322
 
            ></citerefentry>.
 
413
            >mandos-clients.conf</refentrytitle><manvolnum
 
414
            >5</manvolnum></citerefentry>.
323
415
          </para>
324
416
        </listitem>
325
417
      </varlistentry>
333
425
          <para>
334
426
            Set the <varname>secfile</varname> option of the specified
335
427
            client(s); see <citerefentry><refentrytitle
336
 
            >mandos-client.conf</refentrytitle><manvolnum>5</manvolnum
337
 
            ></citerefentry>.
 
428
            >mandos-clients.conf</refentrytitle><manvolnum
 
429
            >5</manvolnum></citerefentry>.
338
430
          </para>
339
431
        </listitem>
340
432
      </varlistentry>
391
483
        </listitem>
392
484
      </varlistentry>
393
485
      
 
486
      <varlistentry>
 
487
        <term><option>--check</option></term>
 
488
        <listitem>
 
489
          <para>
 
490
            Run self-tests.  This includes any unit tests, etc.
 
491
          </para>
 
492
        </listitem>
 
493
      </varlistentry>
 
494
      
394
495
    </variablelist>
395
496
  </refsect1>
396
497
  
422
523
    <title>EXAMPLE</title>
423
524
    <informalexample>
424
525
      <para>
425
 
        List all clients with some of their settings:
 
526
        To list all clients:
426
527
      </para>
427
528
      <para>
428
529
        <userinput>&COMMANDNAME;</userinput>
429
530
      </para>
430
531
    </informalexample>
431
 
    <informalexample>
432
 
      <para>
433
 
        Show all settings for the clients named <quote>foo</quote> and
434
 
        <quote>bar</quote>:
435
 
      </para>
436
 
      <para>
437
 
 
438
 
<!-- do not wrap this line -->
439
 
<userinput>&COMMANDNAME; --verbose foo bar</userinput>
440
 
 
 
532
    
 
533
    <informalexample>
 
534
      <para>
 
535
        To list <emphasis>all</emphasis> settings for the clients
 
536
        named <quote>foo1.example.org</quote> and <quote
 
537
        >foo2.example.org</quote>:
 
538
      </para>
 
539
      <para>
 
540
 
 
541
<!-- do not wrap this line -->
 
542
<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>
 
543
 
 
544
      </para>
 
545
    </informalexample>
 
546
    
 
547
    <informalexample>
 
548
      <para>
 
549
        To enable all clients:
 
550
      </para>
 
551
      <para>
 
552
        <userinput>&COMMANDNAME; --enable --all</userinput>
 
553
      </para>
 
554
    </informalexample>
 
555
    
 
556
    <informalexample>
 
557
      <para>
 
558
        To change timeout and interval value for the clients
 
559
        named <quote>foo1.example.org</quote> and <quote
 
560
        >foo2.example.org</quote>:
 
561
      </para>
 
562
      <para>
 
563
 
 
564
<!-- do not wrap this line -->
 
565
<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>
 
566
 
 
567
      </para>
 
568
    </informalexample>
 
569
    
 
570
    <informalexample>
 
571
      <para>
 
572
        To approve all clients currently waiting for it:
 
573
      </para>
 
574
      <para>
 
575
        <userinput>&COMMANDNAME; --approve --all</userinput>
441
576
      </para>
442
577
    </informalexample>
443
578
  </refsect1>
454
589
  <refsect1 id="see_also">
455
590
    <title>SEE ALSO</title>
456
591
    <para>
 
592
      <citerefentry><refentrytitle>intro</refentrytitle>
 
593
      <manvolnum>8mandos</manvolnum></citerefentry>,
457
594
      <citerefentry><refentrytitle>mandos</refentrytitle>
458
595
      <manvolnum>8</manvolnum></citerefentry>,
459
596
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>