- ``-X`` - As of Kea 3.0, disables security restrictions. The server will
still check for violations but will emit warning logs when they are found
rather than fail with an error. Please see
- :ref:`sec-kea-runtime-security-risk-checking` for details.
+ :ref:`sec-kea-runtime-security-policy-checking` for details.
The CA is started by running its binary and specifying the configuration
file it should use. For example:
- ``-X`` - As of Kea 3.0, disables security restrictions. The server will
still check for violations but will emit warning logs when they are found
rather than fail with an error. Please see
- :ref:`sec-kea-runtime-security-risk-checking` for details.
+ :ref:`sec-kea-runtime-security-policy-checking` for details.
Upon startup, the module loads its configuration and begins listening
for NCRs based on that configuration.
- ``-X`` - As of Kea 3.0, disables security restrictions. The server will
still check for violations but will emit warning logs when they are found
rather than fail with an error. Please see
- :ref:`sec-kea-runtime-security-risk-checking` for details.
+ :ref:`sec-kea-runtime-security-policy-checking` for details.
On startup, the server detects available network interfaces and
attempts to open UDP sockets on all interfaces listed in the
- ``-X`` - As of Kea 3.0, disables security restrictions. The server will
still check for violations but will emit warning logs when they are found
rather than fail with an error. Please see
- :ref:`sec-kea-runtime-security-risk-checking` for details.
+ :ref:`sec-kea-runtime-security-policy-checking` for details.
On startup, the server detects available network interfaces and
attempts to open UDP sockets on all interfaces listed in the
The three primary Kea daemons (:iscman:`kea-dhcp4`, :iscman:`kea-dhcp6` and :iscman:`kea-dhcp-ddns`) all support a control
channel, which is implemented as a UNIX socket. The control channel, which opens a UNIX socket, is disabled by default.
-.. _sec-kea-runtime-security-risk-checking:
+.. _sec-kea-runtime-security-policy-checking:
-Kea Runtime Security Risk Checking
-==================================
+Kea Runtime Security Policy Checking
+====================================
-Runtime security risk checking was initially added to Kea daemons :iscman:`kea-dhcp4`,
+Runtime security policy checking was initially added to Kea daemons :iscman:`kea-dhcp4`,
:iscman:`kea-dhcp6`, :iscman:`kea-dhcp-ddns`, :iscman:`kea-ctrl-agent`. in Kea 2.7.9
release. In Kea 3.0 additional checks were added. By default, when a daemon detects
-a security risk it emits an error log and exits. The following checks are performed:
+a security policy violation it emits an error log and exits. The following checks are
+performed:
- Use of unsupported file paths or permissions as detailed in :ref:`sec-summary-of-path-restrictions`
projects / thirdparty / kea.git / commitdiff
