February 2020
Intermediate to advanced
666 pages
15h 45m
English
Content preview from Mastering Linux Security and Hardening - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Creating an encrypted connection to the log server
We'll use the stunnel package to create our encrypted connection. It's easy, except that the procedures for Ubuntu and CentOS are different. The differences are as follows:
- With CentOS 8, FIPS modules are available free of charge, as I showed you in Chapter 5, Encryption Technologies. They're not available for CentOS 7, and they're only available for Ubuntu if you're willing to purchase a support contract. So, for now, the only way we can take advantage of FIPS mode in stunnel is to set it up on CentOS 8.
- On CentOS, stunnel runs as a systemd service. On Ubuntu, for some bizarre reason, it's still set up to run with an old-fashioned init script. So, we have to deal with two different methods ...