/mandos/trunk : revision 90

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-19 13:25:14 UTC
Revision ID: teddy@fukt.bsnet.se-20080819132514-wawrvgmfjovg9poj

* Makefile (DOCBOOKTOMAN): Added "--xinclude".

* mandos-options.xml: New file; moved mandos(8) option descriptions
                      here.

* mandos.conf.xml: Add XInclude namespace.
  (OPTIONS): New separate section with options from old "DESCRIPTION"
             section.  Changed all options to include a synopsis and
             include its paragraph from "mandos-options.xml".
  (FILES): Moved to before "EXAMPLES".
  (BUGS): New section.
  (EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).  Unindented
              example text.

* mandos.xml: Removed OVERVIEW entity.  Add XInclude namespace.
  (OPTIONS): Moved all descriptive paragraphs to "mandos-options.xml"
             and just <xi:include/> them from here.
  (OVERVIEW): Changed to do <xi:include/>.

* overview.xml: Added DOCTYPE; reportedly needed for XInclude to work.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

INSTALL

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.config

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.config

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/sv.po

debian/rules

default-mandos

init.d-mandos

legalnotice.xml

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-10-03">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<title>&COMMANDNAME;</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

<firstname>Björn</firstname>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<refname><command>&COMMANDNAME;</command></refname>

Gives encrypted passwords to authenticated Mandos clients

Sends encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

<arg choice="plain"><option>--address

<replaceable>ADDRESS</replaceable></option></arg>

<arg choice="plain"><option>-a

<replaceable>ADDRESS</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--port

<arg choice="plain"><option>-p

</group>

<sbr/>

<arg><option>--priority

<replaceable>PRIORITY</replaceable></option></arg>

<sbr/>

<arg><option>--servicename

<sbr/>

<arg><option>--configdir

<replaceable>DIRECTORY</replaceable></option></arg>

<sbr/>

<arg><option>--debug</option></arg>

<arg>--interface<arg choice="plain">IF</arg></arg>

<arg>--address<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg>-a<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

</group>

</cmdsynopsis>

100

101

<command>&COMMANDNAME;</command>

<arg choice="plain"><option>--version</option></arg>

102

<arg choice="plain">--version</arg>

103

</cmdsynopsis>

104

100

105

<command>&COMMANDNAME;</command>

101

<arg choice="plain"><option>--check</option></arg>

106

<arg choice="plain">--check</arg>

102

107

</cmdsynopsis>

103

108

</refsynopsisdiv>

104

109

105

110

106

111

<title>DESCRIPTION</title>

107

112

<para>

116

121

Any authenticated client is then given the stored pre-encrypted

117

122

password for that specific client.

118

123

</para>

124

119

125

</refsect1>

120

126

121

127

122

128

<title>PURPOSE</title>

129

123

130

<para>

124

131

The purpose of this is to enable <emphasis>remote and unattended

125

132

rebooting</emphasis> of client host computer with an

126

133

<emphasis>encrypted root file system</emphasis>. See <xref

127

134

linkend="overview"/> for details.

128

135

</para>

136

129

137

</refsect1>

130

138

131

139

132

140

<title>OPTIONS</title>

141

133

142

134

143

135

136

144

137

145

138

146

<para>

139

147

Show a help message and exit

140

148

</para>

141

149

</listitem>

142

150

</varlistentry>

143

151

144

152

145

<term><option>--interface</option>

146

147

148

153

<term><literal>-i</literal>, <literal>--interface <replaceable>

154

IF</replaceable></literal></term>

149

155

150

156

<xi:include href="mandos-options.xml" xpointer="interface"/>

151

157

</listitem>

152

158

</varlistentry>

153

159

154

160

155

<term><option>--address

156

<replaceable>ADDRESS</replaceable></option></term>

157

<term><option>-a

158

<replaceable>ADDRESS</replaceable></option></term>

161

<term><literal>-a</literal>, <literal>--address <replaceable>

162

ADDRESS</replaceable></literal></term>

159

163

160

164

<xi:include href="mandos-options.xml" xpointer="address"/>

161

165

</listitem>

162

166

</varlistentry>

163

167

164

168

165

<term><option>--port

166

167

<term><option>-p

168

169

170

PORT</replaceable></literal></term>

169

171

170

172

<xi:include href="mandos-options.xml" xpointer="port"/>

171

173

</listitem>

172

174

</varlistentry>

173

175

174

176

175

<term><option>--check</option></term>

177

<term><literal>--check</literal></term>

176

178

177

179

<para>

178

180

Run the server’s self-tests. This includes any unit

180

182

</para>

181

183

</listitem>

182

184

</varlistentry>

183

185

184

186

185

<term><option>--debug</option></term>

187

<term><literal>--debug</literal></term>

186

188

187

189

<xi:include href="mandos-options.xml" xpointer="debug"/>

188

190

</listitem>

189

191

</varlistentry>

190

192

191

193

192

<term><option>--priority <replaceable>

193

PRIORITY</replaceable></option></term>

194

<term><literal>--priority <replaceable>

195

PRIORITY</replaceable></literal></term>

194

196

195

197

<xi:include href="mandos-options.xml" xpointer="priority"/>

196

198

</listitem>

197

199

</varlistentry>

198

200

199

201

200

<term><option>--servicename

201

202

<term><literal>--servicename <replaceable>NAME</replaceable>

203

</literal></term>

202

204

203

205

<xi:include href="mandos-options.xml"

204

206

xpointer="servicename"/>

205

207

</listitem>

206

208

</varlistentry>

207

209

208

210

209

<term><option>--configdir

210

<replaceable>DIRECTORY</replaceable></option></term>

211

<term><literal>--configdir <replaceable>DIR</replaceable>

212

</literal></term>

211

213

212

214

<para>

213

215

Directory to search for configuration files. Default is

219

221

</para>

220

222

</listitem>

221

223

</varlistentry>

222

224

223

225

224

<term><option>--version</option></term>

226

<term><literal>--version</literal></term>

225

227

226

228

<para>

227

229

Prints the program version and exit.

230

232

</varlistentry>

231

233

</variablelist>

232

234

</refsect1>

233

235

234

236

235

237

<title>OVERVIEW</title>

236

238

<xi:include href="overview.xml"/>

237

239

<para>

238

240

This program is the server part. It is a normal server program

239

241

and will run in a normal system environment, not in an initial

240

<acronym>RAM</acronym> disk environment.

242

RAM disk environment.

241

243

</para>

242

244

</refsect1>

243

245

244

246

245

247

<title>NETWORK PROTOCOL</title>

246

248

<para>

272

274

273

275

</row>

274

276

<row>

275

277

276

278

277

279

</row>

278

280

<row>

298

300

</row>

299

301

</tbody></tgroup></table>

300

302

</refsect1>

301

303

302

304

303

305

<title>CHECKING</title>

304

306

<para>

308

310

longer eligible to receive the encrypted password. The timeout,

309

311

checker program, and interval between checks can be configured

310

312

both globally and per client; see <citerefentry>

313

<refentrytitle>mandos.conf</refentrytitle>

314

311

315

<refentrytitle>mandos-clients.conf</refentrytitle>

312

316

<manvolnum>5</manvolnum></citerefentry>.

313

317

</para>

314

318

</refsect1>

315

319

316

320

317

321

<title>LOGGING</title>

318

322

<para>

319

The server will send log message with various severity levels to

320

<filename>/dev/log</filename>. With the

323

The server will send log messaged with various severity levels

324

to <filename>/dev/log</filename>. With the

321

325

<option>--debug</option> option, it will log even more messages,

322

326

and also show them on the console.

323

327

</para>

324

328

</refsect1>

325

329

326

330

327

331

<title>EXIT STATUS</title>

328

332

<para>

330

334

critical error is encountered.

331

335

</para>

332

336

</refsect1>

333

337

334

338

335

339

<title>ENVIRONMENT</title>

336

340

337

341

338

342

339

343

340

344

<para>

341

345

To start the configured checker (see <xref

344

348

<varname>PATH</varname> to search for matching commands if

345

349

an absolute path is not given. See <citerefentry>

346

350

347

</citerefentry>.

351

</citerefentry>

348

352

</para>

349

353

</listitem>

350

354

</varlistentry>

351

355

</variablelist>

352

356

</refsect1>

353

354

357

358

355

359

<title>FILES</title>

356

360

<para>

357

361

Use the <option>--configdir</option> option to change where

380

384

</listitem>

381

385

</varlistentry>

382

386

383

<term><filename>/var/run/mandos.pid</filename></term>

387

<term><filename>/var/run/mandos/mandos.pid</filename></term>

384

388

385

389

<para>

386

390

The file containing the process id of

421

425

Currently, if a client is declared <quote>invalid</quote> due to

422

426

having timed out, the server does not record this fact onto

423

427

permanent storage. This has some security implications, see

424

<xref linkend="clients"/>.

428

<xref linkend="CLIENTS"/>.

425

429

</para>

426

430

<para>

427

431

There is currently no way of querying the server of the current

435

439

Debug mode is conflated with running in the foreground.

436

440

</para>

437

441

<para>

438

The console log messages does not show a time stamp.

439

</para>

440

<para>

441

This server does not check the expire time of clients’ OpenPGP

442

keys.

442

The console log messages does not show a timestamp.

443

</para>

444

</refsect1>

445

450

Normal invocation needs no options:

451

</para>

452

<para>

453

<userinput>&COMMANDNAME;</userinput>

453

<userinput>mandos</userinput>

454

</para>

455

</informalexample>

456

463

<para>

464

465

466

<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>

466

<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>

467

468

</para>

469

</informalexample>

475

<para>

476

477

478

<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

478

<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

479

480

</para>

481

</informalexample>

482

</refsect1>

483

484

485

<title>SECURITY</title>

486

486

487

<title>SERVER</title>

488

<para>

489

Running this <command>&COMMANDNAME;</command> server program

490

should not in itself present any security risk to the host

491

computer running it. The program switches to a non-root user

492

soon after startup.

491

computer running it. The program does not need any special

492

privileges to run, and is designed to run as a non-root user.

493

</para>

494

</refsect2>

495

495

496

<title>CLIENTS</title>

497

<para>

498

The server only gives out its stored data to clients which

505

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

506

<manvolnum>5</manvolnum></citerefentry>)

507

<emphasis>must</emphasis> be made non-readable by anyone

508

except the user starting the server (usually root).

508

except the user running the server.

509

</para>

510

<para>

511

As detailed in <xref linkend="checking"/>, the status of all

522

restarting servers if it is suspected that a client has, in

523

fact, been compromised by parties who may now be running a

524

fake Mandos client with the keys from the non-encrypted

525

initial <acronym>RAM</acronym> image of the client host. What

526

should be done in that case (if restarting the server program

527

really is necessary) is to stop the server program, edit the

525

initial RAM image of the client host. What should be done in

526

that case (if restarting the server program really is

527

necessary) is to stop the server program, edit the

528

configuration file to omit any suspect clients, and restart

529

the server program.

530

</para>

531

<para>

532

For more details on client-side security, see

533

<citerefentry><refentrytitle>mandos-client</refentrytitle>

533

<citerefentry><refentrytitle>password-request</refentrytitle>

534

<manvolnum>8mandos</manvolnum></citerefentry>.

535

</para>

536

</refsect2>

537

</refsect1>

538

539

540

541

<para>

542

543

<refentrytitle>mandos-clients.conf</refentrytitle>

544

545

<refentrytitle>mandos.conf</refentrytitle>

546

547

<refentrytitle>mandos-client</refentrytitle>

548

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

549

550

</citerefentry>

551

</para>

552

541

553

542

554

543

<term>

544

545

<refentrytitle>password-request</refentrytitle>

546

<manvolnum>8mandos</manvolnum>

547

</citerefentry>

548

</term>

549

550

<para>

551

This is the actual program which talks to this server.

552

Note that it is normally not invoked directly, and is only

553

run in the initial RAM disk environment, and not on a

554

fully started system.

555

</para>

556

</listitem>

557

</varlistentry>

558

559

<term>

555

560

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

556

561

</term>

557

562

574

579

</varlistentry>

575

580

576

581

<term>

577

<ulink url="http://www.gnu.org/software/gnutls/"

578

>GnuTLS</ulink>

582

<ulink

583

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

579

584

</term>

580

585

581

586

<para>

587

592

</varlistentry>

588

593

589

594

<term>

590

RFC 4291: <citetitle>IP Version 6 Addressing

591

Architecture</citetitle>

595

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

596

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

597

Unicast Addresses</citation>

592

598

</term>

593

599

594

595

596

<term>Section 2.2: <citetitle>Text Representation of

597

Addresses</citetitle></term>

598

599

</varlistentry>

600

601

<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6

602

Address</citetitle></term>

603

604

</varlistentry>

605

606

<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast

607

Addresses</citetitle></term>

608

609

<para>

610

The clients use IPv6 link-local addresses, which are

611

immediately usable since a link-local addresses is

612

automatically assigned to a network interfaces when it

613

is brought up.

614

</para>

615

</listitem>

616

</varlistentry>

617

</variablelist>

600

<para>

601

The clients use IPv6 link-local addresses, which are

602

immediately usable since a link-local addresses is

603

automatically assigned to a network interfaces when it is

604

brought up.

605

</para>

618

606

</listitem>

619

607

</varlistentry>

620

608

621

609

<term>

622

RFC 4346: <citetitle>The Transport Layer Security (TLS)

623

Protocol Version 1.1</citetitle>

610

<citation>RFC 4346: <citetitle>The Transport Layer Security

611

(TLS) Protocol Version 1.1</citetitle></citation>

624

612

</term>

625

613

626

614

<para>

630

618

</varlistentry>

631

619

632

620

<term>

633

RFC 4880: <citetitle>OpenPGP Message Format</citetitle>

621

<citation>RFC 4880: <citetitle>OpenPGP Message

622

Format</citetitle></citation>

634

623

</term>

635

624

636

625

<para>

640

629

</varlistentry>

641

630

642

631

<term>

643

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

644

Security</citetitle>

632

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

633

Transport Layer Security</citetitle></citation>

645

634

</term>

646

635

647

636

<para>

653

642

</variablelist>

654

643

</refsect1>

655

644

</refentry>

656

657

658

659

660

Older »