Rechercher une page de manuel
trustman
Langue: en
Version: 2009-03-06 (fedora - 04/07/09)
Section: 1 (Commandes utilisateur)
NAME
trustman - Manage keys used as trust anchorsSYNOPSIS
trustman [options]DESCRIPTION
trustman manages keys used by DNSSEC as trust anchors in compliance with RFC5011. It may be used as a daemon for ongoing key verification or manually for initialization and one-time key verification.By default, trustman runs as a daemon to ensure that keys stored locally in configuration files still match the same keys fetched from the zone where they are defined. (named.conf and dnsval.conf are the usual configuration files.) These checks can be run once manually (-S) and in the foreground (-f).
For each key mismatch check, if key mismatches are detected then trustman performs the following operations:
- sets an add hold-down timer for new keys; - sets a remove hold-down timer for missing keys; - removes revoked keys from the configuration file.
On subsequent runs, the timers are checked. If the timers have expired, keys are added or removed from the configuration file, as appropriate.
OPTIONS
trustman takes a number of options, each of which is described in this section. Each option name may be shortened to the minimum number of unique characters, but some options also have an alias (as noted.) The single-letter form of each option is denoted in parentheses, e.g.: --anchor_data_file (-a).- --anchor_data_file file (-a)
- A persistent data file for storing new keys waiting to be added.
- --config file (-c)
- Create a configure file for trustman from the command line options given. This option can be used to create a configuration file which can be appended to the dnssec-tools.conf file. It will allow less command line options to be specified in the future.
- --dnsval_conf_file /path/to/dnsval.conf (-k)
- A dnsval.conf file to read and possibly update.
- --named_conf_file /path/to/named.conf (-n)
- A named.conf file to read and possibly update.
- --tmp_dir directory (-T)
- Specifies where temporary files should be created. This is used when creating new versions of the dnsval.conf and named.conf files before they're moved into place. Most operating systems require the /tmp directory to be on the same partition as the dnsval.conf/named.conf files since renames across partitions will fail.
- --zone zone (-z)
- The zone to check. Specifying this option supersedes the default configuration file.
- --mail_contact_addr email_address (-m)
- Mail address for the contact person to whom reports should be sent.
- --smtp_server smtpservername (-s)
- SMTP server that trustman should use to send reports by mail.
- --nomail
- Prevents mail from being sent; this is useful for only sending notifications via stdout (-p) or syslog (-L) even if an SMTP server was specified in the configuration file.
- --no_error (-N)
- Send report even when there are no errors.
- --print (-p)
- Log messages to stdout.
- --hold_time seconds (-w)
- The value of the hold-down timer. This is specified in seconds from the time that a new key is found. Generally the default and recommended value of 30 days should be used.
- --resolv_conf_file conffile (-r)
- A resolv.conf file to read. /dev/null can be specified to force libval to recursively answer the query rather than asking other name servers.)
- --single_run (-S)
- Run only once.
- --foreground (-f)
- Run in the foreground. trustman will still run in a loop. To run once, use the -S option instead.
- --syslog (-L)
- Log messages to syslog.
- --sleeptime seconds (-t)
- The number of seconds to sleep between checks. Default is 3600 (one hour.)
- --test_revoke
- Use this option to test the REVOKE bit. No known implementation of the REVOKE bit exists to date.
- --help (-h)
- Display a help message.
- --verbose (-v)
- Verbose output.
- --Version (-V)
- Displays the version information for trustman and the DNSSEC-Tools package.
CONFIGURATION
In addition to the command line arguments, the dnssec-tools.conf file can also be configured with the following tokens to remove the need to use some of the command-line options. The command-line options always override the settings in the dnssec-tools.conf file.- tasmtpserver servername
- This is equivalent to the --smtp_server flag for specifying where to send email notices through.
- tacontact contact_email
- This is equivalent to the --mail_contact_addr flag for specifying where to send email notices to.
- taanchorfile file
- This specifies the file where trustman state information to be kept. This is equivalent to the --anchor_data_file flag.
- taresolvconffile file
- This specifies the resolv.conf file to use. This is equivalent to the --resolv_conf_file flag.
- tanamedconffile file
- This specifies the named.conf file to read and write. This is equivalent to the --named_conf_file flag.
- tadnsvalconffile file
- This specifies the dnsval.conf file to read and write. This is equivalent to the --dnsval_conf_file flag.
- tatmpfile directory
- This specifies where temporary files should be created. This is used when creating new versions of the dnsval.conf and named.conf files before they're moved into place. Most operating systems require the /tmp directory to be on the same partition as the dnsval.conf/named.conf files since renames across partitions will fail.
COPYRIGHT
Copyright 2006-2009 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.Author
Lindy Foster, lfoster@users.sourceforge.netSEE ALSO
Net::DNS::SEC::Tools::conf.pm(3), Net::DNS::SEC::Tools::defaults.pm(3),dnssec-tools.conf(5)
POD ERRORS
Hey! The above document had some coding errors, which are explained below:- Around line 1610:
- =over should be: '=over' or '=over positive_number'
- Around line 1712:
- =back doesn't take any parameters, but you said =back #unindent
- Around line 1761:
- You forgot a '=back' before '=head1'
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre