From d3469f04936865b104c282fc02f90e7797389477 Mon Sep 17 00:00:00 2001 From: Manuel Canales Esparcia Date: Sat, 14 May 2005 16:30:29 +0000 Subject: [PATCH] Tagged stunnel.xml git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4209 af4574ff-66df-0310-9fd7-8a98e5e911e0 --- postlfs/security/stunnel.xml | 381 +++++++++++++++++++---------------- 1 file changed, 206 insertions(+), 175 deletions(-) diff --git a/postlfs/security/stunnel.xml b/postlfs/security/stunnel.xml index 2fec527dd8..e3d76302b3 100644 --- a/postlfs/security/stunnel.xml +++ b/postlfs/security/stunnel.xml @@ -14,237 +14,268 @@ ]> - -$LastChangedBy$ -$Date$ - - -Stunnel-&stunnel-version; - -Stunnel + - -Introduction to <application>Stunnel</application> + + $LastChangedBy$ + $Date$ + -The Stunnel package contains a program that -allows you to encrypt arbitrary TCP connections inside -SSL (Secure Sockets Layer) so you can easily communicate -with clients over secure channels. Stunnel can be -used to add SSL functionality to commonly used Inetd -daemons like POP-2, POP-3, and -IMAP servers, to standalone daemons like -NNTP, SMTP and HTTP, -and in tunneling PPP over network sockets without changes -to the server package source code. + Stunnel-&stunnel-version; -Package information - -Download (HTTP): - -Download (FTP): - -Download MD5 sum: -&stunnel-md5sum; -Download size: -&stunnel-size; -Estimated disk space required: -&stunnel-buildsize; -Estimated build time: -&stunnel-time; - + + Stunnel + -Additional downloads - -Required patch: - - - + + Introduction to Stunnel -<application>Stunnel</application> dependencies -Required - - + The Stunnel package contains a program + that allows you to encrypt arbitrary TCP connections inside SSL (Secure + Sockets Layer) so you can easily communicate with clients over secure + channels. Stunnel can be used to add SSL + functionality to commonly used Inetd daemons + like POP-2, POP-3, and IMAP servers, to standalone daemons like NNTP, + SMTP and HTTP, and in tunneling PPP over network sockets without changes + to the server package source code. -Optional - - - + Package Information + + + Download (HTTP): + + + Download (FTP): + + + Download MD5 sum: &stunnel-md5sum; + + + Download size: &stunnel-size; + + + Estimated disk space required: &stunnel-buildsize; + + + Estimated build time: &stunnel-time; + + - + Additional Downloads + + + Required patch: + + - -Installation of <application>Stunnel</application> + Stunnel Dependencies -The stunnel daemon will be run in a -chroot jail by an unprivileged user. Create the new user, -group and chroot home directory structure using the -following commands as the root user: + Required + -groupadd stunnel && + Optional + + + + + + Installation of Stunnel + + The stunnel daemon will be run in a + chroot jail by an unprivileged user. Create the + new user, group and chroot home directory structure + using the following commands as the root user: + +groupadd stunnel && useradd -c "Stunnel Daemon" -d /var/lib/stunnel \ -g stunnel -s /bin/false stunnel && -install -d -m 700 -o stunnel -g stunnel /var/lib/stunnel/run +install -d -m 700 -o stunnel -g stunnel /var/lib/stunnel/run -A signed SSL Certificate and a Private Key is -necessary to run the stunnel daemon. If you own, or have -already created a signed SSL Certificate you wish to use, -copy it to /etc/stunnel/stunnel.pem before starting the -build, otherwise you will be prompted to create one during the installation -process. The .pem file must be formatted as shown -below: + + A signed SSL Certificate and a Private Key is necessary to run + the stunnel daemon. If you own, or have already + created a signed SSL Certificate you wish to use, copy it to + /etc/stunnel/stunnel.pem before starting the build, + otherwise you will be prompted to create one during the installation + process. The .pem file must be formatted as shown + below: ------BEGIN RSA PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- [many encrypted lines of unencrypted key] -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- [many encrypted lines of certificate] ------END CERTIFICATE----- +-----END CERTIFICATE----- -Install Stunnel by running the following -commands: + -patch -Np1 -i ../stunnel-&stunnel-version;-1_minute_sleep_fix.patch && + Install Stunnel by running the following + commands: + +patch -Np1 -i ../stunnel-&stunnel-version;-1_minute_sleep_fix.patch && ./configure --prefix=/usr --sysconfdir=/etc \ --localstatedir=/var/lib && -make +make -Now, as the root user: + Now, as the root user: -make install +make install - + - -Command explanations + + Command Explanations ---sysconfdir=/etc: This parameter forces the -configuration directory to /etc instead -of /usr/etc. + --sysconfdir=/etc: This parameter forces + the configuration directory to /etc + instead of /usr/etc. ---localstatedir=/var/lib: This parameter -causes the installation process to create -/var/lib/stunnel instead of -/usr/var/stunnel. + --localstatedir=/var/lib: This parameter + causes the installation process to create + /var/lib/stunnel instead of + /usr/var/stunnel. -make install: This command installs the package and, -if you did not copy an stunnel.pem file to the -/etc/stunnel directory, prompts you for -the necessary information to create one. Ensure you reply to the + make install: This command installs the package + and, if you did not copy an stunnel.pem file to the + /etc/stunnel directory, prompts you + for the necessary information to create one. Ensure you reply to the -Common Name (FQDN of your server) [localhost]: +Common Name (FQDN of your server) [localhost]: -prompt with the name or IP address you will be using -to access the service. + prompt with the name or IP address you will be using + to access the service. - + - -Configuring <application>Stunnel</application> + + Configuring Stunnel -Config files -/etc/stunnel/stunnel.conf - -/etc/stunnel/stunnel.conf - - + + Config Files -Configuration Information + /etc/stunnel/stunnel.conf -Create a basic /etc/stunnel/stunnel.conf -configuration file using the following commands: + + /etc/stunnel/stunnel.conf + -cat >/etc/stunnel/stunnel.conf << "EOF" -# File: /etc/stunnel/stunnel.conf + + + + Configuration Information + + Create a basic /etc/stunnel/stunnel.conf + configuration file using the following commands: + +cat >/etc/stunnel/stunnel.conf << "EOF" +# File: /etc/stunnel/stunnel.conf pid = /run/stunnel.pid chroot = /var/lib/stunnel client = no setuid = stunnel -setgid = stunnel +setgid = stunnel -EOF +EOF -Next, you need to add the service you wish to encrypt to the -configuration file. The format is as follows: + Next, you need to add the service you wish to encrypt to the + configuration file. The format is as follows: -[[service]] +[[service]] accept = [hostname:portnumber] -connect = [hostname:portnumber] +connect = [hostname:portnumber] -If you use Stunnel to encrypt a daemon -started from [x]inetd, you may need to disable that daemon -in the /etc/[x]inetd.conf file and enable a corresponding -[service]_stunnel service. You may have to add an -appropriate entry in /etc/services as well. + If you use Stunnel to encrypt a daemon + started from [x]inetd, you may need to disable that + daemon in the /etc/[x]inetd.conf file and enable a + corresponding [service]_stunnel service. You + may have to add an appropriate entry in /etc/services + as well. -For a full explanation of the commands and syntax used in the -configuration file, run man stunnel. To see a -BLFS example of an actual setup of an -stunnel encrypted service, read the - in the Samba -instructions. + For a full explanation of the commands and syntax used in the + configuration file, run man stunnel. To see a + BLFS example of an actual setup of an stunnel encrypted + service, read the in the + Samba instructions. -To automatically start the stunnel -daemon when the system is rebooted, install the -/etc/rc.d/init.d/stunnel bootscript from the - package. - -stunnel + -make install-stunnel - + + Boot Script - + To automatically start the stunnel daemon + when the system is rebooted, install the + /etc/rc.d/init.d/stunnel bootscript from the + package. - -Contents - -Installed Programs -Installed Library -Installed Directories - -stunnel and stunnel3 -libstunnel.so -/etc/stunnel, /var/lib/stunnel and /usr/share/doc/stunnel - - + + stunnel + - -Short Descriptions - +make install-stunnel - -stunnel - is a program designed to work as an SSL -encryption wrapper between remote clients and local -([x]inetd-startable) or remote servers. - -stunnel - - + - -stunnel3 -is a Perl wrapper script to use -stunnel 3.x syntax with stunnel ->=4.05. - -stunnel3 - - + - -libstunnel.so - contains the API functions required by -Stunnel. - -libstunnel.so - - - + + Contents - + + Installed Programs + Installed Library + Installed Directories + + + stunnel and stunnel3 + libstunnel.so + /etc/stunnel, /var/lib/stunnel, and /usr/share/doc/stunnel + + + + + Short Descriptions + + + + stunnel + + is a program designed to work as an SSL + encryption wrapper between remote clients and local + ([x]inetd-startable) or remote servers. + + stunnel + + + + + + stunnel3 + + is a Perl wrapper script to use + stunnel 3.x syntax with stunnel + >=4.05. + + stunnel3 + + + + + + libstunnel.so + + contains the API functions required by + Stunnel. + + libstunnel.so + + + + + + + -