EnglishFrenchSpanish

Ubuntu | Fedora | VPN | File sharing


OnWorks favicon

trustmanp - Online in the Cloud

Run trustmanp in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command trustmanp that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


trustman - Manage keys used as trust anchors

SYNOPSIS


trustman [options]

DESCRIPTION


trustman manages keys used by DNSSEC as trust anchors in compliance with RFC5011. It may
be used as a daemon for ongoing key verification or manually for initialization and one-
time key verification.

By default, trustman runs as a daemon to ensure that keys stored locally in configuration
files still match the same keys fetched from the zone where they are defined. In
addition, these checks can be run once manually (-S) and in the foreground (-f).

For each key mismatch check, if key mismatches are detected then trustman performs the
following operations:

- sets an add hold-down timer for new keys;
- sets a remove hold-down timer for missing keys;
- removes revoked keys from the configuration file.

On subsequent runs, the timers are checked. If the timers have expired, keys are added to
or removed from the configuration file, as appropriate.

named.conf and dnsval.conf are the usual configuration files. These files must be
specified in the DNSSEC-Tools configuration file or in command line options.

OPTIONS


trustman takes a number of options, each of which is described in this section. Each
option name may be shortened to the minimum number of unique characters, but some options
also have an alias (as noted.) The single-letter form of each option is denoted in
parentheses, e.g.: -anchor_data_file (-a).

-anchor_data_file file (-a)
A persistent data file for storing new keys waiting to be added.

-config file (-c)
Create a configuration file for trustman from the command line options given. The
existing DNSSEC-Tools configuration file is copied to the specified configuration
file, and new configuration entries are appended corresponding to the command line
options. trustman-specific entries already in the existing configuration file will be
replaced with new entries from the command line. This will allow fewer command line
options to be specified in the future.

-dnsval_conf_file /path/to/dnsval.conf (-k)
A dnsval.conf file to read, and possibly be updated.

-dtconfig config_file (-d)
Name of an alternate DNSSEC-Tools configuration file to be processed. If specified,
this configuration file is used in place of the normal DNSSEC-Tools configuration
file, not in addition to it. Also, it will be handled prior to keyrec files, rollrec
files, and command-line options.

-foreground (-f)
Run in the foreground. trustman will still run in a loop. To run once, use the
-single_run option instead.

-hold_time seconds (-w)
The value of the hold-down timer. This is the number of seconds from the time that a
new key is found. Generally, the default and recommended value of 30 days should be
used.

-mail_contact_addr email_address (-m)
Mail address for the contact person to whom reports should be sent.

-monitor (-M)
Indicates that trustman was run from a monitoring system, and a summary of events will
be printed. Specifying this option automatically turns on the -single_run option and
turns off the -verbose option.

This was developed for use with the Nagios monitoring system, but it can be adapted
for other monitors.

-named_conf_file /path/to/named.conf (-n)
A named.conf file to read, and possibly update.

-nomail
Prevents mail from being sent, even if an SMTP server was specified in the
configuration file. This is useful for only sending notifications via stdout (-p) or
syslog (-L).

-norevoke
This option turns off checks for the REVOKE bit.

-no_error (-N)
Send report even when there are no errors.

-print (-p)
Log messages to stdout.

-resolv_conf_file conffile (-r)
A resolv.conf file to read. /dev/null can be specified to force libval to recursively
answer the query rather than asking other name servers.)

-root_hints_file /path/to/root.hints (-o)
A root.hints file to read.

-single_run (-S)
Do not loop, but run only once.

-sleeptime seconds (-t)
The number of seconds to sleep between checks. Default is 3600 (one hour.)

-smtp_server smtpservername (-s)
The SMTP server that trustman should use to send reports by mail.

-syslog (-L)
Log messages to syslog.

-tmp_dir directory (-T)
Specifies where temporary files should be created. This is used when creating new
versions of the dnsval.conf and named.conf files before they are moved into place.

Files created in this directory will be renamed to their final location. You should
ensure that this directory, the final dnsval.conf location, and the final named.conf
location are on the same disk partition. Most operating systems will only rename
files within a partition and will give an error if told to rename a file from one
partition to another.

-zone zone (-z)
The zone to check. Specifying this option supersedes the default configuration file.

-help (-h)
Display a help message.

-verbose (-v)
Gives verbose output.

-Version (-V)
Displays the version information for trustman and the DNSSEC-Tools package.

CONFIGURATION


In addition to the command line arguments, the dnssec-tools.conf file can be configured
with the following values to remove the need to use some of the command-line options. The
command-line options always override the settings in the dnssec-tools.conf file.

taanchorfile file
This specifies the file where trustman state information will be kept. This is
equivalent to the -anchor_data_file flag.

tacontact contact_email
This is equivalent to the -mail_contact_addr flag for specifying to whom email notices
will be sent.

tadnsvalconffile file
This specifies the dnsval.conf file to read and write. This is equivalent to the
-dnsval_conf_file flag.

tanamedconffile file
This specifies the named.conf file to read and write. This is equivalent to the
-named_conf_file flag.

taresolvconffile file
This specifies the resolv.conf file to use. This is equivalent to the
-resolv_conf_file flag.

taroothintsfile file
This specifies the root.hints file to read. This is equivalent to the
-root_hints_file flag.

tasmtpserver servername
This is equivalent to the -smtp_server flag for specifying the SMTP server to which
email notices will be sent.

tatmpdir directory
This specifies where temporary files should be created. This is used when creating
new versions of the dnsval.conf and named.conf files before they're moved into place.

See the note about renaming in the description of the -tmp_dir option.

EXIT CODES


trustman may exit for the following reasons:

0 - Successful execution. In daemon mode, this may just mean
that the daemon was successfully started. The daemon itself
may exit with some other error.

1 - Invalid options were specified.

2 - No new-key file was specified.

3 - Unable to open the new-key file.

4 - Unable to determine a set of zones to check.

5 - Some form of file-management error was encountered.

COPYRIGHT


Copyright 2006-2014 SPARTA, Inc. All rights reserved. See the COPYING file included with
the DNSSEC-Tools package for details.

Author


Lindy Foster

(Current contact for trustman is Wayne Morrison, [email protected].)

Use trustmanp online using onworks.net services


Free Servers & Workstations


Download Windows & Linux apps


  • 1
    Phaser
    Phaser
    Phaser is a fast, free, and fun open
    source HTML5 game framework that offers
    WebGL and Canvas rendering across
    desktop and mobile web browsers. Games
    can be co...
    Download Phaser
  • 2
    VASSAL Engine
    VASSAL Engine
    VASSAL is a game engine for creating
    electronic versions of traditional board
    and card games. It provides support for
    game piece rendering and interaction,
    and...
    Download VASSAL Engine
  • 3
    OpenPDF - Fork of iText
    OpenPDF - Fork of iText
    OpenPDF is a Java library for creating
    and editing PDF files with a LGPL and
    MPL open source license. OpenPDF is the
    LGPL/MPL open source successor of iText,
    a...
    Download OpenPDF - Fork of iText
  • 4
    SAGA GIS
    SAGA GIS
    SAGA - System for Automated
    Geoscientific Analyses - is a Geographic
    Information System (GIS) software with
    immense capabilities for geodata
    processing and ana...
    Download SAGA GIS
  • 5
    Toolbox for Java/JTOpen
    Toolbox for Java/JTOpen
    The IBM Toolbox for Java / JTOpen is a
    library of Java classes supporting the
    client/server and internet programming
    models to a system running OS/400,
    i5/OS, o...
    Download Toolbox for Java/JTOpen
  • 6
    D3.js
    D3.js
    D3.js (or D3 for Data-Driven Documents)
    is a JavaScript library that allows you
    to produce dynamic, interactive data
    visualizations in web browsers. With D3
    you...
    Download D3.js
  • More »

Linux commands

Ad




ABOUT ONWORKS®

OnWorks is a free online VPS hosting provider that gives cloud services like free workstations, online AntiVirus, free VPN secure proxies, and free personal and business email. Our free VPS can be based on CentOS, Fedora, Ubuntu and Debian. Some of them are customized to be like Windows online or MacOS online.

Site Links
Our Sites

Copyright ©2024 OffiDocs Group OU. All Rights Reserved. OnWorks® is a registered trademark.