/mandos/trunk : revision 84

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-17 22:42:28 UTC
Revision ID: teddy@fukt.bsnet.se-20080817224228-nhor2yuv230if01i

* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
                           not rely on a stylesheet declaration.

* mandos.xml: Removed <?xml-stylesheet>.  New entity "&OVERVIEW;"
              refers to "overview.xml". Changed all single quotes to
              double quotes for consistency.
  (DESCRIPTION): Use the term "TLS" and not "GnuTLS" for the protocol.
                 Refer to the "OVERVIEW" section for reason for IPv6
                 link-local addresses.
  (PURPOSE): Shortened a lot.  Refer to "OVERVIEW" section for details.
  (OVERVIEW): New section.  Include &OVERVIEW; and add a paragraph
              about what the role of this program is.
  (SECURITY/CLIENTS): Refer to the "CHECKING" section for details on
                      checking.
  (SEE ALSO): Changed from an <itemizedlist> to a <variablelist>.
              Added a short text for each entry.  Removed reference to
              plugin-runner(8mandos).  Add reference to RFC 4291 and
              RFC 4346.

* overview.xml: New file, containing a single <para>.  The idea is to
                use this in all the man pages.

* plugins.d/password-request.c: Updated comments about spurious
                                warnings.

files modified:
Makefile

TODO

mandos-keygen

mandos-keygen.xml

mandos.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<command>&COMMANDNAME;</command>

<arg>--interface<arg choice="plain">IF</arg></arg>

<arg>--address<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg>-a<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

</group>

<arg choice="opt">--interface<arg choice="plain">IF</arg></arg>

<arg choice="opt">--address<arg choice="plain">ADDRESS</arg></arg>

<arg choice="opt">--priority<arg choice="plain">PRIORITY</arg></arg>

<arg choice="opt">--servicename<arg choice="plain">NAME</arg></arg>

<arg choice="opt">--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg choice="opt">--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg choice="opt">-a<arg choice="plain">ADDRESS</arg></arg>

<arg choice="opt">--priority<arg choice="plain">PRIORITY</arg></arg>

<arg choice="opt">--servicename<arg choice="plain">NAME</arg></arg>

<arg choice="opt">--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg choice="opt">--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

100

</cmdsynopsis>

101

102

<command>&COMMANDNAME;</command>

157

154

<para>

158

155

Only announce the server and listen to requests on network

159

156

interface <replaceable>IF</replaceable>. Default is to

160

use all available interfaces. <emphasis>Note:</emphasis>

161

a failure to bind to the specified interface is not

162

considered critical, and the server does not exit.

157

use all available interfaces.

163

158

</para>

164

159

</listitem>

165

160

</varlistentry>

237

232

238

233

<para>

239

234

Zeroconf service name. The default is

240

<quote><literal>Mandos</literal></quote>. This only needs

241

to be changed this if it, for some reason, is necessary to

242

run more than one server on the same

243

<emphasis>host</emphasis>, which would not normally be

244

useful. If there are name collisions on the same

245

<emphasis>network</emphasis>, the newer server will

246

automatically rename itself to <quote><literal>Mandos

247

#2</literal></quote>, and so on; therefore, this option is

248

not needed in that case.

235

<quote><literal>Mandos</literal></quote>. You only need

236

to change this if you for some reason want to run more

237

than one server on the same <emphasis>host</emphasis>,

238

which would not normally be useful. If there are name

239

collisions on the same <emphasis>network</emphasis>, the

240

newer server will automatically rename itself to

241

<quote><literal>Mandos #2</literal></quote>, and so on;

242

therefore, this option is not needed in that case.

249

243

</para>

250

244

</listitem>

251

245

</varlistentry>

378

372

</para>

379

373

</refsect1>

380

374

381

382

<title>ENVIRONMENT</title>

383

384

385

386

387

<para>

388

To start the configured checker (see <xref

389

linkend="checking"/>), the server uses

390

<filename>/bin/sh</filename>, which in turn uses

391

<varname>PATH</varname> to search for matching commands if

392

an absolute path is not given. See <citerefentry>

393

394

</citerefentry>

395

</para>

396

</listitem>

397

</varlistentry>

398

</variablelist>

399

</refsect1>

400

401

375

402

376

<title>FILES</title>

403

377

<para>

444

418

</para>

445

419

</listitem>

446

420

</varlistentry>

447

448

449

450

<para>

451

This is used to start the configured checker command for

452

each client. See <citerefentry>

453

<refentrytitle>mandos-clients.conf</refentrytitle>

454

<manvolnum>5</manvolnum></citerefentry> for details.

455

</para>

456

</listitem>

457

</varlistentry>

458

421

</variablelist>

459

422

</refsect1>

460

423

461

424

462

425

463

426

<para>

464

427

This server might, on especially fatal errors, emit a Python

465

428

backtrace. This could be considered a feature.

466

429

</para>

467

<para>

468

Currently, if a client is declared <quote>invalid</quote> due to

469

having timed out, the server does not record this fact onto

470

permanent storage. This has some security implications, see

471

<xref linkend="CLIENTS"/>.

472

</para>

473

<para>

474

There is currently no way of querying the server of the current

475

status of clients, other than analyzing its <systemitem

476

class="service">syslog</systemitem> output.

477

</para>

478

<para>

479

There is no fine-grained control over logging and debug output.

480

</para>

481

<para>

482

Debug mode is conflated with running in the foreground.

483

</para>

484

<para>

485

The console log messages does not show a timestamp.

486

</para>

487

430

</refsect1>

488

489

490

<title>EXAMPLE</title>

431

432

433

<title>EXAMPLES</title>

491

434

492

435

<para>

493

436

Normal invocation needs no options:

526

469

527

470

528

471

<title>SECURITY</title>

529

472

530

473

<title>SERVER</title>

531

474

<para>

532

Running this <command>&COMMANDNAME;</command> server program

533

should not in itself present any security risk to the host

534

computer running it. The program does not need any special

535

privileges to run, and is designed to run as a non-root user.

475

Running this &COMMANDNAME; server program should not in itself

476

present any security risk to the host computer running it.

477

The program does not need any special privileges to run, and

478

is designed to run as a non-root user.

536

479

</para>

537

480

</refsect2>

538

481

539

482

<title>CLIENTS</title>

540

483

<para>

541

484

The server only gives out its stored data to clients which

556

499

compromised if they are gone for too long.

557

500

</para>

558

501

<para>

559

If a client is compromised, its downtime should be duly noted

560

by the server which would therefore declare the client

561

invalid. But if the server was ever restarted, it would

562

re-read its client list from its configuration file and again

563

regard all clients therein as valid, and hence eligible to

564

receive their passwords. Therefore, be careful when

565

restarting servers if it is suspected that a client has, in

566

fact, been compromised by parties who may now be running a

567

fake Mandos client with the keys from the non-encrypted

568

initial RAM image of the client host. What should be done in

569

that case (if restarting the server program really is

570

necessary) is to stop the server program, edit the

571

configuration file to omit any suspect clients, and restart

572

the server program.

573

</para>

574

<para>

575

502

For more details on client-side security, see

576

503

<citerefentry><refentrytitle>password-request</refentrytitle>

577

504

<manvolnum>8mandos</manvolnum></citerefentry>.

Older »