mandos.conf

MANDOS.CONF(5)                    Mandos Manual                   MANDOS.CONF(5)



NAME
       mandos.conf - Configuration file for the Mandos server

SYNOPSIS
       /etc/mandos/mandos.conf

DESCRIPTION
       The file /etc/mandos/mandos.conf is a simple configuration file for
       mandos(8), and is read by it at startup. The configuration file starts
       with “[DEFAULT]” on a line by itself, followed by any number of
       “option=value” entries, with continuations in the style of RFC 822.
       “option: value” is also accepted. Note that leading whitespace is removed
       from values. Lines beginning with “#” or “;” are ignored and may be used
       to provide comments.

OPTIONS
       interface = NAME
           If this is specified, the server will only announce the service and
           listen to requests on the specified network interface. Default is to
           use all available interfaces.  Note: a failure to bind to the
           specified interface is not considered critical, and the server will
           not exit, but instead continue normally.

       address = ADDRESS
           If this option is used, the server will only listen to the specified
           IPv6 address. If a link-local address is specified, an interface
           should be set, since a link-local address is only valid on a single
           interface. By default, the server will listen to all available
           addresses. If set, this must normally be an IPv6 address; an IPv4
           address can only be specified using IPv4-mapped IPv6 address syntax:
           “::FFFF:192.0.2.3”. (Only if IPv6 usage is disabled (see below) must
           this be an IPv4 address.)

       port = NUMBER
           If this option is used, the server will bind to that port. By
           default, the server will listen to an arbitrary port given by the
           operating system.

       debug = { 1 | yes | true | on | 0 | no | false | off }
           If the server is run in debug mode, it will run in the foreground and
           print a lot of debugging information. The default is to not run in
           debug mode.

       priority = STRING
           GnuTLS priority string for the TLS handshake. The default is
           “SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA :+SIGN-DSA-SHA256”. See
           gnutls_priority_init(3) for the syntax.  Warning: changing this may
           make the TLS handshake fail, making server-client communication
           impossible. Changing this option may also make the network traffic
           decryptable by an attacker.

       servicename = NAME
           Zeroconf service name. The default is “Mandos”. This only needs to be
           changed if for some reason is would be necessary to run more than one
           server on the same host. This would not normally be useful. If there
           are name collisions on the same network, the newer server will
           automatically rename itself to “Mandos #2”, and so on; therefore,
           this option is not needed in that case.

       use_dbus = { 1 | yes | true | on | 0 | no | false | off }
           This option controls whether the server will provide a D-Bus system
           bus interface. The default is to provide such an interface.

       use_ipv6 = { 1 | yes | true | on | 0 | no | false | off }
           This option controls whether the server will use IPv6 sockets and
           addresses. The default is to use IPv6. This option should never
           normally be turned off, even in IPv4-only environments. This is
           because mandos-client(8mandos) will normally use IPv6 link-local
           addresses, and will not be able to find or connect to the server if
           this option is turned off.  Only advanced users should consider
           changing this option.

       restore = { 1 | yes | true | on | 0 | no | false | off }
           This option controls whether the server will restore its state from
           the last time it ran. Default is to restore last state.

       statedir = DIRECTORY
           Directory to save (and restore) state in. Default is
           “/var/lib/mandos”.

       socket = NUMBER
           If this option is used, the server will not create a new network
           socket, but will instead use the supplied file descriptor. By
           default, the server will create a new network socket.

FILES
       The file described here is /etc/mandos/mandos.conf

BUGS
       The [DEFAULT] is necessary because the Python built-in module
       ConfigParser requires it.

       Please report bugs to the Mandos development mailing list:
       <mandos-dev@recompile.se> (subscription required). Note that this list is
       public. The developers can be reached privately at <mandos@recompile.se>
       (OpenPGP key fingerprint 153A 37F1 0BBA 0435 987F 2C4A 7223 2973 CA34
       C2C4 for encrypted mail).

EXAMPLE
       No options are actually required:

           [DEFAULT]


       An example using all the options:

           [DEFAULT]
           # A configuration example
           interface = eth0
           address = fe80::aede:48ff:fe71:f6f2
           port = 1025
           debug = True
           priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA
           servicename = Daena
           use_dbus = False
           use_ipv6 = True
           restore = True
           statedir = /var/lib/mandos


SEE ALSO
       intro(8mandos), gnutls_priority_init(3), mandos(8), mandos-
       clients.conf(5)

       RFC 4291: IP Version 6 Addressing Architecture

           Section 2.2: Text Representation of Addresses

           Section 2.5.5.2: IPv4-Mapped IPv6 Address

           Section 2.5.6, Link-Local IPv6 Unicast Addresses
               The clients use IPv6 link-local addresses, which are immediately
               usable since a link-local addresses is automatically assigned to
               a network interface when it is brought up.

       Zeroconf[1]
           Zeroconf is the network protocol standard used by clients for finding
           the Mandos server on the local network.

COPYRIGHT
       Copyright © 2008-2017 Teddy Hogeborn, Björn Påhlsson

       This manual page is free software: you can redistribute it and/or modify
       it under the terms of the GNU General Public License as published by the
       Free Software Foundation, either version 3 of the License, or (at your
       option) any later version.

       This manual page is distributed in the hope that it will be useful, but
       WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
       Public License for more details.

       You should have received a copy of the GNU General Public License along
       with this program. If not, see http://www.gnu.org/licenses/.


NOTES
        1. Zeroconf
           http://www.zeroconf.org/



Mandos 1.7.15                      2017-02-23                     MANDOS.CONF(5)