Name

mandos-monitor — Text-based GUI to control the Mandos server.

Synopsis

mandos-monitor

DESCRIPTION

mandos-monitor is an interactive program to monitor and control the operations of the Mandos server (see mandos(8)).

PURPOSE

The purpose of this is to enable remote and unattended rebooting of client host computer with an encrypted root file system. See the section called “OVERVIEW” for details.

OVERVIEW

This is part of the Mandos system for allowing computers to have encrypted root file systems and at the same time be capable of remote and/or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key; each client has one unique to it. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system, whereupon the computers can continue booting normally.

This program is used to monitor and control the Mandos server. In particular, it can be used to approve Mandos clients which have been configured to require approval. It also shows all significant events reported by the Mandos server.

KEYS

This program is used to monitor and control the Mandos server. In particular, it can be used to approve Mandos clients which have been configured to require approval. It also shows all significant events reported by the Mandos server.

Table 1. Global Keys

KeysFunction
q, QQuit
Ctrl-LRedraw screen
?, F1Show help
l, DToggle log window
TABSwitch window
w, iToggle log window line wrap
Up, Ctrl-P, kMove up a line
Down, Ctrl-N, jMove down a line
PageUp, Meta-V, bMove up a page
PageDown, Ctrl-V, SPACE, fMove down a page

Table 2. Client List Keys

KeysFunction
+Enable client
-Disable client
aApprove client
dDeny client
R, _, Ctrl-KRemove client
sStart checker for client
SStop checker for client
CForce a successful check for this client.

BUGS

This program can currently only be used to monitor and control a Mandos server with the default D-Bus service name of Mandos.

EXAMPLE

This program takes no options:

mandos-monitor

SECURITY

This program must be permitted to access the Mandos server via the D-Bus interface. This normally requires the root user, but could be configured otherwise by reconfiguring the D-Bus server.

SEE ALSO

intro(8mandos), mandos(8), mandos-ctl(8)