/mandos/trunk : revision 90

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-19 13:25:14 UTC
Revision ID: teddy@fukt.bsnet.se-20080819132514-wawrvgmfjovg9poj

* Makefile (DOCBOOKTOMAN): Added "--xinclude".

* mandos-options.xml: New file; moved mandos(8) option descriptions
                      here.

* mandos.conf.xml: Add XInclude namespace.
  (OPTIONS): New separate section with options from old "DESCRIPTION"
             section.  Changed all options to include a synopsis and
             include its paragraph from "mandos-options.xml".
  (FILES): Moved to before "EXAMPLES".
  (BUGS): New section.
  (EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).  Unindented
              example text.

* mandos.xml: Removed OVERVIEW entity.  Add XInclude namespace.
  (OPTIONS): Moved all descriptive paragraphs to "mandos-options.xml"
             and just <xi:include/> them from here.
  (OVERVIEW): Changed to do <xi:include/>.

* overview.xml: Added DOCTYPE; reportedly needed for XInclude to work.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

default-mandos

init.d-mandos

legalnotice.xml

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2009-01-04">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<title>&COMMANDNAME;</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

<firstname>Björn</firstname>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<refname><command>&COMMANDNAME;</command></refname>

Gives encrypted passwords to authenticated Mandos clients

Sends encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

<arg choice="plain"><option>--address

<replaceable>ADDRESS</replaceable></option></arg>

<arg choice="plain"><option>-a

<replaceable>ADDRESS</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--port

<arg choice="plain"><option>-p

</group>

<sbr/>

<arg><option>--priority

<replaceable>PRIORITY</replaceable></option></arg>

<sbr/>

<arg><option>--servicename

<sbr/>

<arg><option>--configdir

<replaceable>DIRECTORY</replaceable></option></arg>

<sbr/>

<arg><option>--debug</option></arg>

<arg>--interface<arg choice="plain">IF</arg></arg>

<arg>--address<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg>-a<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

</group>

</cmdsynopsis>

100

101

<command>&COMMANDNAME;</command>

<arg choice="plain"><option>--version</option></arg>

102

<arg choice="plain">--version</arg>

103

</cmdsynopsis>

100

104

101

105

<command>&COMMANDNAME;</command>

102

<arg choice="plain"><option>--check</option></arg>

106

<arg choice="plain">--check</arg>

103

107

</cmdsynopsis>

104

108

</refsynopsisdiv>

105

109

106

110

107

111

<title>DESCRIPTION</title>

108

112

<para>

117

121

Any authenticated client is then given the stored pre-encrypted

118

122

password for that specific client.

119

123

</para>

124

120

125

</refsect1>

121

126

122

127

123

128

<title>PURPOSE</title>

129

124

130

<para>

125

131

The purpose of this is to enable <emphasis>remote and unattended

126

132

rebooting</emphasis> of client host computer with an

127

133

<emphasis>encrypted root file system</emphasis>. See <xref

128

134

linkend="overview"/> for details.

129

135

</para>

136

130

137

</refsect1>

131

138

132

139

133

140

<title>OPTIONS</title>

141

134

142

135

143

136

137

144

138

145

139

146

<para>

140

147

Show a help message and exit

141

148

</para>

142

149

</listitem>

143

150

</varlistentry>

144

151

145

152

146

<term><option>--interface</option>

147

148

149

153

<term><literal>-i</literal>, <literal>--interface <replaceable>

154

IF</replaceable></literal></term>

150

155

151

156

<xi:include href="mandos-options.xml" xpointer="interface"/>

152

157

</listitem>

153

158

</varlistentry>

154

159

155

160

156

<term><option>--address

157

<replaceable>ADDRESS</replaceable></option></term>

158

<term><option>-a

159

<replaceable>ADDRESS</replaceable></option></term>

161

<term><literal>-a</literal>, <literal>--address <replaceable>

162

ADDRESS</replaceable></literal></term>

160

163

161

164

<xi:include href="mandos-options.xml" xpointer="address"/>

162

165

</listitem>

163

166

</varlistentry>

164

167

165

168

166

<term><option>--port

167

168

<term><option>-p

169

169

170

PORT</replaceable></literal></term>

170

171

171

172

<xi:include href="mandos-options.xml" xpointer="port"/>

172

173

</listitem>

173

174

</varlistentry>

174

175

176

176

<term><option>--check</option></term>

177

<term><literal>--check</literal></term>

177

178

178

179

<para>

179

180

Run the server’s self-tests. This includes any unit

181

182

</para>

182

183

</listitem>

183

184

</varlistentry>

184

185

186

186

<term><option>--debug</option></term>

187

<term><literal>--debug</literal></term>

187

188

188

189

<xi:include href="mandos-options.xml" xpointer="debug"/>

189

190

</listitem>

190

191

</varlistentry>

191

192

193

193

<term><option>--priority <replaceable>

194

PRIORITY</replaceable></option></term>

194

<term><literal>--priority <replaceable>

195

PRIORITY</replaceable></literal></term>

195

196

196

197

<xi:include href="mandos-options.xml" xpointer="priority"/>

197

198

</listitem>

198

199

</varlistentry>

199

200

201

201

<term><option>--servicename

202

202

<term><literal>--servicename <replaceable>NAME</replaceable>

203

</literal></term>

203

204

204

205

<xi:include href="mandos-options.xml"

205

206

xpointer="servicename"/>

206

207

</listitem>

207

208

</varlistentry>

208

209

210

210

<term><option>--configdir

211

<replaceable>DIRECTORY</replaceable></option></term>

211

<term><literal>--configdir <replaceable>DIR</replaceable>

212

</literal></term>

212

213

213

214

<para>

214

215

Directory to search for configuration files. Default is

220

221

</para>

221

222

</listitem>

222

223

</varlistentry>

223

224

225

225

<term><option>--version</option></term>

226

<term><literal>--version</literal></term>

226

227

227

228

<para>

228

229

Prints the program version and exit.

231

232

</varlistentry>

232

233

</variablelist>

233

234

</refsect1>

234

235

236

236

237

<title>OVERVIEW</title>

237

238

<xi:include href="overview.xml"/>

238

239

<para>

239

240

This program is the server part. It is a normal server program

240

241

and will run in a normal system environment, not in an initial

241

<acronym>RAM</acronym> disk environment.

242

RAM disk environment.

242

243

</para>

243

244

</refsect1>

244

245

246

246

247

<title>NETWORK PROTOCOL</title>

247

248

<para>

273

274

274

275

</row>

275

276

<row>

276

277

277

278

278

279

</row>

279

280

<row>

299

300

</row>

300

301

</tbody></tgroup></table>

301

302

</refsect1>

302

303

304

304

305

<title>CHECKING</title>

305

306

<para>

309

310

longer eligible to receive the encrypted password. The timeout,

310

311

checker program, and interval between checks can be configured

311

312

both globally and per client; see <citerefentry>

313

<refentrytitle>mandos.conf</refentrytitle>

314

312

315

<refentrytitle>mandos-clients.conf</refentrytitle>

313

316

<manvolnum>5</manvolnum></citerefentry>.

314

317

</para>

315

318

</refsect1>

316

319

317

320

318

321

<title>LOGGING</title>

319

322

<para>

320

The server will send log message with various severity levels to

321

<filename>/dev/log</filename>. With the

323

The server will send log messaged with various severity levels

324

to <filename>/dev/log</filename>. With the

322

325

<option>--debug</option> option, it will log even more messages,

323

326

and also show them on the console.

324

327

</para>

325

328

</refsect1>

326

329

327

330

328

331

<title>EXIT STATUS</title>

329

332

<para>

331

334

critical error is encountered.

332

335

</para>

333

336

</refsect1>

334

337

335

338

336

339

<title>ENVIRONMENT</title>

337

340

338

341

339

342

340

343

341

344

<para>

342

345

To start the configured checker (see <xref

345

348

<varname>PATH</varname> to search for matching commands if

346

349

an absolute path is not given. See <citerefentry>

347

350

348

</citerefentry>.

351

</citerefentry>

349

352

</para>

350

353

</listitem>

351

354

</varlistentry>

352

355

</variablelist>

353

356

</refsect1>

354

355

357

358

356

359

<title>FILES</title>

357

360

<para>

358

361

Use the <option>--configdir</option> option to change where

381

384

</listitem>

382

385

</varlistentry>

383

386

384

<term><filename>/var/run/mandos.pid</filename></term>

387

<term><filename>/var/run/mandos/mandos.pid</filename></term>

385

388

386

389

<para>

387

390

The file containing the process id of

422

425

Currently, if a client is declared <quote>invalid</quote> due to

423

426

having timed out, the server does not record this fact onto

424

427

permanent storage. This has some security implications, see

425

<xref linkend="clients"/>.

428

<xref linkend="CLIENTS"/>.

426

429

</para>

427

430

<para>

428

431

There is currently no way of querying the server of the current

436

439

Debug mode is conflated with running in the foreground.

437

440

</para>

438

441

<para>

439

The console log messages does not show a time stamp.

440

</para>

441

<para>

442

This server does not check the expire time of clients’ OpenPGP

443

keys.

442

The console log messages does not show a timestamp.

444

443

</para>

445

444

</refsect1>

446

445

451

450

Normal invocation needs no options:

452

451

</para>

453

452

<para>

454

<userinput>&COMMANDNAME;</userinput>

453

<userinput>mandos</userinput>

455

454

</para>

456

455

</informalexample>

457

456

464

463

<para>

465

464

466

465

467

<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>

466

<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>

468

467

469

468

</para>

470

469

</informalexample>

476

475

<para>

477

476

478

477

479

<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

478

<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

480

479

481

480

</para>

482

481

</informalexample>

483

482

</refsect1>

484

483

485

484

486

485

<title>SECURITY</title>

487

486

488

487

<title>SERVER</title>

489

488

<para>

490

489

Running this <command>&COMMANDNAME;</command> server program

491

490

should not in itself present any security risk to the host

492

computer running it. The program switches to a non-root user

493

soon after startup.

491

computer running it. The program does not need any special

492

privileges to run, and is designed to run as a non-root user.

494

493

</para>

495

494

</refsect2>

496

495

497

496

<title>CLIENTS</title>

498

497

<para>

499

498

The server only gives out its stored data to clients which

506

505

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

507

506

<manvolnum>5</manvolnum></citerefentry>)

508

507

<emphasis>must</emphasis> be made non-readable by anyone

509

except the user starting the server (usually root).

508

except the user running the server.

510

509

</para>

511

510

<para>

512

511

As detailed in <xref linkend="checking"/>, the status of all

523

522

restarting servers if it is suspected that a client has, in

524

523

fact, been compromised by parties who may now be running a

525

524

fake Mandos client with the keys from the non-encrypted

526

initial <acronym>RAM</acronym> image of the client host. What

527

should be done in that case (if restarting the server program

528

really is necessary) is to stop the server program, edit the

525

initial RAM image of the client host. What should be done in

526

that case (if restarting the server program really is

527

necessary) is to stop the server program, edit the

529

528

configuration file to omit any suspect clients, and restart

530

529

the server program.

531

530

</para>

532

531

<para>

533

532

For more details on client-side security, see

534

<citerefentry><refentrytitle>mandos-client</refentrytitle>

533

<citerefentry><refentrytitle>password-request</refentrytitle>

535

534

<manvolnum>8mandos</manvolnum></citerefentry>.

536

535

</para>

537

536

</refsect2>

538

537

</refsect1>

539

538

540

539

541

540

542

<para>

543

544

<refentrytitle>mandos-clients.conf</refentrytitle>

545

546

<refentrytitle>mandos.conf</refentrytitle>

547

548

<refentrytitle>mandos-client</refentrytitle>

549

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

550

551

</citerefentry>

552

</para>

553

541

554

542

555

543

<term>

544

545

<refentrytitle>password-request</refentrytitle>

546

<manvolnum>8mandos</manvolnum>

547

</citerefentry>

548

</term>

549

550

<para>

551

This is the actual program which talks to this server.

552

Note that it is normally not invoked directly, and is only

553

run in the initial RAM disk environment, and not on a

554

fully started system.

555

</para>

556

</listitem>

557

</varlistentry>

558

559

<term>

556

560

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

557

561

</term>

558

562

575

579

</varlistentry>

576

580

577

581

<term>

578

<ulink url="http://www.gnu.org/software/gnutls/"

579

>GnuTLS</ulink>

582

<ulink

583

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

580

584

</term>

581

585

582

586

<para>

588

592

</varlistentry>

589

593

590

594

<term>

591

RFC 4291: <citetitle>IP Version 6 Addressing

592

Architecture</citetitle>

595

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

596

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

597

Unicast Addresses</citation>

593

598

</term>

594

599

595

596

597

<term>Section 2.2: <citetitle>Text Representation of

598

Addresses</citetitle></term>

599

600

</varlistentry>

601

602

<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6

603

Address</citetitle></term>

604

605

</varlistentry>

606

607

<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast

608

Addresses</citetitle></term>

609

610

<para>

611

The clients use IPv6 link-local addresses, which are

612

immediately usable since a link-local addresses is

613

automatically assigned to a network interfaces when it

614

is brought up.

615

</para>

616

</listitem>

617

</varlistentry>

618

</variablelist>

600

<para>

601

The clients use IPv6 link-local addresses, which are

602

immediately usable since a link-local addresses is

603

automatically assigned to a network interfaces when it is

604

brought up.

605

</para>

619

606

</listitem>

620

607

</varlistentry>

621

608

622

609

<term>

623

RFC 4346: <citetitle>The Transport Layer Security (TLS)

624

Protocol Version 1.1</citetitle>

610

<citation>RFC 4346: <citetitle>The Transport Layer Security

611

(TLS) Protocol Version 1.1</citetitle></citation>

625

612

</term>

626

613

627

614

<para>

631

618

</varlistentry>

632

619

633

620

<term>

634

RFC 4880: <citetitle>OpenPGP Message Format</citetitle>

621

<citation>RFC 4880: <citetitle>OpenPGP Message

622

Format</citetitle></citation>

635

623

</term>

636

624

637

625

<para>

641

629

</varlistentry>

642

630

643

631

<term>

644

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

645

Security</citetitle>

632

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

633

Transport Layer Security</citetitle></citation>

646

634

</term>

647

635

648

636

<para>

654

642

</variablelist>

655

643

</refsect1>

656

644

</refentry>

657

658

659

660

661

Older »