/mandos/trunk : contents of INSTALL at revision 179

: (revision 179)

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

-*- org -*-

* Prerequisites
  
  Debian 5.0 "lenny" or Ubuntu 8.04 "Hardy Heron".
  
  The following libraries and packages are needed.  (It is possible
  that it might work with older versions of some of these, but these
  versions are confirmed to work.  Newer versions are almost certainly
  OK.)
  
** Documentation
   These are required to build the manual pages for both the server
   and client:
   
   + DocBook 4.5          http://www.docbook.org/
   + DocBook XSL stylesheets 1.71.0
                   http://wiki.docbook.org/topic/DocBookXslStylesheets
  
** Mandos Server
   + GnuTLS 2.4           http://www.gnu.org/software/gnutls/
   + Avahi 0.6.16         http://www.avahi.org/
   + Python 2.4           http://www.python.org/
   + Python-GnuTLS 1.1.5  http://pypi.python.org/pypi/python-gnutls/
   + dbus-python 0.82.4   http://dbus.freedesktop.org/doc/dbus-python/
   + python-ctypes 1.0.0  http://pypi.python.org/pypi/ctypes
   
   Strongly recommended:
   + fping 2.4b2-to-ipv6  http://www.fping.com/
  
** Mandos Client
   + initramfs-tools 0.85i
                  http://packages.qa.debian.org/i/initramfs-tools.html
   + GnuTLS 2.4           http://www.gnu.org/software/gnutls/
   + Avahi 0.6.16         http://www.avahi.org/
   + GnuPG 1.4.9          http://www.gnupg.org/
   + GPGME 1.1.6          http://www.gnupg.org/related_software/gpgme/

* Installing the Mandos server
  
  + Do "make doc".
  
  + On the computer to run as a Mandos server, run the following
    command: "sudo make install-server".
    
    (This creates a configuration without any clients configured; we
    need an actually configured client to do that; see below.)

* Installing the Mandos client.
  
  + Do "make all doc".
  
  + On the computer to run as a Mandos server, run the following
    command: "sudo make install-client".  This will also create an
    OpenPGP key, which will take some time and entropy, so either wait
    patiently or frob your mouse until it's done.
  
  + Run "mandos-keygen --password".  When prompted, enter the
    password/passphrase for the encrypted root file system on this
    client computer.  It will output a section of text, starting with
    a [section header].  Copy and paste this into the
    "/etc/mandos/clients.conf" file *on the server computer*.
  
  + On the server computer, start the server by running the command
    "invoke-rc.d mandos start".

* Further customizations
  
  You may want to tighten or loosen the timeouts in the server
  configuration files; see mandos.conf(5) and mandos-clients.conf(5).
  Is IPsec is not used, it is suggested that a more cryptographically
  secure checker program is used and configured, since without IPsec
  ping packets can be faked.

179 by Teddy Hogeborn * INSTALL: New file.	1	-- org --
	2
	3	* Prerequisites
	4
	5	Debian 5.0 "lenny" or Ubuntu 8.04 "Hardy Heron".
	6
	7	The following libraries and packages are needed. (It is possible
	8	that it might work with older versions of some of these, but these
	9	versions are confirmed to work. Newer versions are almost certainly
	10	OK.)
	11
	12	** Documentation
	13	These are required to build the manual pages for both the server
	14	and client:
	15
	16	+ DocBook 4.5 http://www.docbook.org/
	17	+ DocBook XSL stylesheets 1.71.0
	18	http://wiki.docbook.org/topic/DocBookXslStylesheets
	19
	20	** Mandos Server
	21	+ GnuTLS 2.4 http://www.gnu.org/software/gnutls/
	22	+ Avahi 0.6.16 http://www.avahi.org/
	23	+ Python 2.4 http://www.python.org/
	24	+ Python-GnuTLS 1.1.5 http://pypi.python.org/pypi/python-gnutls/
	25	+ dbus-python 0.82.4 http://dbus.freedesktop.org/doc/dbus-python/
	26	+ python-ctypes 1.0.0 http://pypi.python.org/pypi/ctypes
	27
	28	Strongly recommended:
	29	+ fping 2.4b2-to-ipv6 http://www.fping.com/
	30
	31	** Mandos Client
	32	+ initramfs-tools 0.85i
	33	http://packages.qa.debian.org/i/initramfs-tools.html
	34	+ GnuTLS 2.4 http://www.gnu.org/software/gnutls/
	35	+ Avahi 0.6.16 http://www.avahi.org/
	36	+ GnuPG 1.4.9 http://www.gnupg.org/
	37	+ GPGME 1.1.6 http://www.gnupg.org/related_software/gpgme/
	38
	39	* Installing the Mandos server
	40
	41	+ Do "make doc".
	42
	43	+ On the computer to run as a Mandos server, run the following
	44	command: "sudo make install-server".
	45
	46	(This creates a configuration without any clients configured; we
	47	need an actually configured client to do that; see below.)
	48
	49	* Installing the Mandos client.
	50
	51	+ Do "make all doc".
	52
	53	+ On the computer to run as a Mandos server, run the following
	54	command: "sudo make install-client". This will also create an
	55	OpenPGP key, which will take some time and entropy, so either wait
	56	patiently or frob your mouse until it's done.
	57
	58	+ Run "mandos-keygen --password". When prompted, enter the
	59	password/passphrase for the encrypted root file system on this
	60	client computer. It will output a section of text, starting with
	61	a [section header]. Copy and paste this into the
	62	"/etc/mandos/clients.conf" file on the server computer.
	63
	64	+ On the server computer, start the server by running the command
65	"invoke-rc.d mandos start".
66
67	* Further customizations
68
69	You may want to tighten or loosen the timeouts in the server
70	configuration files; see mandos.conf(5) and mandos-clients.conf(5).
71	Is IPsec is not used, it is suggested that a more cryptographically
72	secure checker program is used and configured, since without IPsec
73	ping packets can be faked.