SYNOPSIS
- mandos-monitor
DESCRIPTION
mandos-monitor
PURPOSE
The purpose of this is to enable remote and unattended rebooting of client host computer with an encrypted root file system. See the section called "OVERVIEW" for details.
OVERVIEW
This is part of the Mandos system for allowing computers to have encrypted root file systems and at the same time be capable of remote and/or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key; each client has one unique to it. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system, whereupon the computers can continue booting normally.
This program is used to monitor and control the Mandos server. In particular, it can be used to approve Mandos clients which have been configured to require approval. It also shows all significant events reported by the Mandos server.
KEYS
This program is used to monitor and control the Mandos server. In particular, it can be used to approve Mandos clients which have been configured to require approval. It also shows all significant events reported by the Mandos server.
Table 1. Global Keys
Keys |
Function
|
q, Q |
Quit
|
Ctrl-L |
Redraw screen
|
?, F1 |
Show help
|
l, D |
Toggle log window
|
TAB |
Switch window
|
w, i |
Toggle log window line wrap
|
v |
Toggle verbose logging
|
Up, Ctrl-P, k |
Move up a line
|
Down, Ctrl-N, j |
Move down a line
|
PageUp, Meta-V, b |
Move up a page
|
PageDown, Ctrl-V, SPACE, f |
Move down a page
|
Table 2. Client List Keys
Keys |
Function
|
+ |
Enable client
|
- |
Disable client
|
a |
Approve client
|
d |
Deny client
|
R, _, Ctrl-K |
Remove client
|
s |
Start checker for client
|
S |
Stop checker for client
|
C |
Force a successful check for this client.
|
BUGS
This program can currently only be used to monitor and control a Mandos server with the default D-Bus bus name of "se.recompile.Mandos".
Please report bugs to the Mandos development mailing list: <[email protected]> (subscription required). Note that this list is public. The developers can be reached privately at <[email protected]> (OpenPGP key fingerprint 153A 37F1 0BBA 0435 987F 2C4A 7223 2973 CA34 C2C4 for encrypted mail).
EXAMPLE
This program takes no options:
mandos-monitor
SECURITY
This program must be permitted to access the Mandos server via the D-Bus interface. This normally requires the root user, but could be configured otherwise by reconfiguring the D-Bus server.
COPYRIGHT
Copyright © 2010-2016 Teddy Hogeborn, Björn Påhlsson
This manual page is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This manual page is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see m[blue]http://www.gnu.org/licenses/m[].