Mandos

From FUKTwiki

Mandos is a system for allowing servers with encrypted root file systems to reboot unattended and/or remotely. See the latest README file for more information, including an FAQ list.

Mandos is Free Software, licensed using the GNU General Public License v3 or later.

(The Halls of Mandos is, in the fictional world of J. R. R. Tolkien, where the spirits of dead elves would go to be judged and possibly reincarnated. Similarly, the Mandos system allows “dead” servers to request reincarnation, which can be either denied or granted by the Mandos server.)

Contents 1 Current Status 2 Documentation 2.1 Architectural Overview 2.1.1 Keys and Communication 2.1.2 Plugin System 2.2 The Manual Pages 2.2.1 Server 2.2.2 Client 2.3 Support/Contact 3 Download 3.1 Debian unstable/squeeze and Ubuntu 3.2 Debian stable/lenny/5.0 3.3 Development Source Code 3.3.1 Instructions for Compiling and Installing From Source 3.3.1.1 Step 1 3.3.1.2 Step 2 3.3.1.3 Step 3

[edit] Current Status

Mandos is feature-complete; that is, it solves the problem it was created to solve. Version 1.0.13 was recently included in the Ubuntu Karmic release of October 2009, and the latest versions of Mandos are regularly uploaded to Debian unstable. Current work is focused on a 1.1 release, which is currently planned to include a finalized D-Bus API to the server (much work on this is already done) and two programs to control the server in real time using the D-Bus API: a command line tool (mostly done) and a text-based full screen program (currently being written).

For future plans, see the TODO file.

[edit] Documentation

See the README file and the manual pages below.

[edit] Architectural Overview

[edit] Keys and Communication

[edit] Plugin System

[edit] The Manual Pages

See the README file for a more general discussion and FAQ.

[edit] Server

• mandos(8) ­- The network server program
  • mandos.conf(5) - Server configuration file
  • mandos-clients.conf(5) - Another server configuration file

[edit] Client

• plugin-runner(8mandos) - The plugin runner
  • mandos-client(8mandos) - The network client plugin
  • password-prompt(8mandos) - Console interactive plugin
  • usplash(8mandos) - Asks for password interactively via Usplash.
  • splashy(8mandos) - Asks for password interactively via Splashy.
  • askpass-fifo(8mandos) - Provides compatibility with the “askpass” program from the cryptsetup package.
• mandos-keygen(8) - Command line utility

[edit] Support/Contact

There is a mailing list “mandos-dev”. Subscribe or read its archives at http://mail.fukt.bsnet.se/cgi-bin/mailman/listinfo/mandos-dev

The current maintainers can be reached at mandos@fukt.bsnet.se.

[edit] Download

[edit] Debian unstable/squeeze and Ubuntu

Mandos is available directly in Debian squeeze and unstable and in the Ubuntu "universe" component, so to get Mandos installed in those distributions you use whatever method you normally use to select and install software packages for that distribution. There is no need to download anything from here.

[edit] Debian stable/lenny/5.0

Add these two lines to your /etc/apt/sources.list file:

deb http://ftp.fukt.bsnet.se/pub/mandos/debian lenny-backports main
deb-src http://ftp.fukt.bsnet.se/pub/mandos/debian lenny-backports main

The packages there will be cryptographically signed by one of the individual developers, and the package lists will be signed by an OpenPGP key with the fingerprint “9C17 1E3D 2DC2 BE81 1D90 E965 E265 3B06 66CD 1C47”.

To add this key to the APT key list, and avoid warnings from aptitude and others, do this:

su -c "gpg --keyserver keys.gnupg.net                    \
   --recv-key 9C171E3D2DC2BE811D90E965E2653B0666CD1C47;  \
   gpg --export 9C171E3D2DC2BE811D90E965E2653B0666CD1C47 \
   | apt-key add -; gpg --batch --delete-key             \
       9C171E3D2DC2BE811D90E965E2653B0666CD1C47"

[edit] Development Source Code

• Source code browser: http://bzr.fukt.bsnet.se/loggerhead/mandos/trunk/files
• Bazaar repository:
  • FTP: ftp://anonymous@ftp.fukt.bsnet.se/pub/mandos/trunk
  • HTTP: http://ftp.fukt.bsnet.se/pub/mandos/trunk
• Other files: ftp://ftp.fukt.bsnet.se/pub/mandos

Known bugs and planned features are kept in the TODO file.

[edit] Instructions for Compiling and Installing From Source

[edit] Step 1

Check out the source code from the repository (requires the Bazaar (bzr) version control system, package name “bzr”.):

bzr get ftp://anonymous@ftp.fukt.bsnet.se/pub/mandos/trunk mandos

[edit] Step 2

Build the Debian package (requires the bzr-builddeb Bazaar plugin package, package name “bzr-builddeb”):

cd mandos
bzr builddeb --builder='debuild -i -us -uc -b'

The .deb files should now be built and can be found in the parent directory.

[edit] Step 3

After installing a package, follow the instructions in the file “/usr/share/doc/package-name/README.Debian”.