HP UX Internet Express Software manual Stunnel, Sample client server configuration

Page 267

21 Stunnel

Stunnel is SSL library that enables users to secure (encrypt) otherwise insecure sessions

Sample client server configuration

Following are the steps for setting up client and server:

1.Create the Stunnel client config file /usr/internet/stunnel/etc/stunnel/ client.conf. Sample client config file is as follows:

cert = /usr/internet/openssl/bin/cacert.pem key = /usr/internet/openssl/bin/privkey.pem

#Use in client mode client = yes

pid = /client-stunnel.pid

#setuid = nobody

#setgid = other

debug = 7

output = /client-stunnel.log socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1

#Authentication stuff

#verify = 1

#foreground = yes

[ telnet ] accept = 8060

connect = servermachine:8050

NOTE:

Where Cert and key path should be same where cert and key get created.

accept should be the server machine name

2.Create Certificate and key on both client and server machines as follows:

cd /usr/internet/openssl/bin

openssl genrsa -des3 -out privkey.pem 2048

openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

3.For starting stunnel on server:

execute: /usr/internet/stunnel/bin/stunnel /usr/internet/stunnel/bin/server.conf

To Check the status type: ps -ef grep stunnel

4.For starting stunnel on client:

execute: /usr/internet/stunnel/bin/stunnel /usr/i nternet/stunnel/bin/client.conf

To Check the status type: ps -ef grep stunnel

Sample client server configuration 267

Page 266 Page 268
Image 267
Page 266 Page 268
Contents Abstract Internet Express for Tru64 Unix VersionPage Contents User Authentication Mail Delivery Administration Mail Access Administration 132 Web Services Administration 155 XML Component Administration 164Network Security Administration 167 Ldap Directory Server Administration 195 Proxy Services Administration 190OpenSLP Administration 207 FTP Server Administration 213Samba File and Print Server Administration 216 Internet Relay Chat Administration 248 InterNetNews Server Administration 225Twiki 266 PostgreSQL Database and MySQL Administration 249Bind Domain Name Server Administration 260 Jabber 265About This Document Intended AudienceDocument Organization User input CommandTypographic Conventions Computer outputReading the Documentation Reading Documentation Using the Administration UtilityReading Documentation Using the Public Web Server Related InformationOn a PC Reading Documentation from the Internet Express CD-ROMReading Reference Pages for Internet Express Components On a Tru64 Unix SystemInternet electronic mail readerscomment@zk3.dec.com Readers CommentsReading the Open Source Software Component Documentation # man -M /usr/news/man active.5Readers Comments Using the Administration Utility Using the Administration UtilityAdministration Utility Menu Options and Tasks Using the Administration Utility Main MenuRegister Online Registering Your Internet Express InstallationNavigating the Administration Utility Using Administration Utility FormsSample Administration Utility Form 8081 Internet Express Accessing Administration ServersInternet Express Accounts and Ports Port Number DescriptionAccessing the Internet Express Login Account Accessing and Managing the Internet MonitorManaging Internet Express in a TruCluster Environment Installing and Removing Components Using Internet Express Services in a ClusterTruCluster Impact on Internet Express Administration Port number from the current Web server Installing and Removing ComponentsKeywords for URL Line Hostname of the local hostPerforming Web-Based System Management Accessing Web-Based System Management ToolsAccessing Web-Based System Management Tools Tuning Kernel Attribute ValuesUsing the Administration Utility Where to Find More Information Internet Express and AlphaServer Products Web SitesOpen Source Software Web Sites GnuPG ExpectFirefox FreeRADIUSMajordomo Automated Internet Mailing Lists Manager IRC ServerJabber Lynx Web BrowserPerl MySQLOpenLDAP OpenSLPSamba File and Print Server PostgreSQL Relational Database Management SystemProcmail Mail Filtering Language Pure-FTP ServerSystem Security Web Sites Microsoft Other Useful Web SitesApplications InterNICEncompass Manage Users Menu User AdministrationOverview of User Accounts User AdministrationOverview of User Accounts Assigning Passwords to User AccountsPurging Obsolete Passwords Specifying User NamesSearching for User Accounts Searching for User AccountsSelecting User Accounts Assigning Users to GroupsShows the Create Named User Account form Creating Captive Accounts for Named UsersCreating a Named User Account Creating Captive Accounts for Generic UsersCreating Generic User Accounts Creating a Noncaptive Account for a Unix System UserCreating a Noncaptive Account for a Unix System User To create a group, see Section Creating GroupsCreating a System User Account Creating GroupsCreating Groups Displaying User Account InformationDisplaying User Account Information Deleting User AccountsChanging Groups for User Accounts Changing Groups for User AccountsUser Administration Changing the Password for an Account Changing the Password for an AccountChanging Mail Services for Users Assigning Regular Delivery Mail Service Assigning POP with Password Mail ServiceChanging Mail Services for Users Assigning Cyrus Imap with Password Mail Service Assigning the Cyrus Imap Mail ServiceManaging the .users.list File Assigning Apop with Password Mail ServiceManaging the iass Account Changing the iass Account Forwarding AddressRemoving the .users.list File Managing the User Self-Administration FeatureListing User Accounts and Passwords Purging Passwords for User AccountsManaging the User Self-Administration Feature Enabling and Disabling the User Self-Administration FeatureManage User Self-Administration Menu Configure Web Server for Self-Administration Form Modifying the Web Server ConfigurationModify Web Server Configuration Enabling and Disabling Login DelaysAdding Groups Managing User Self-Administration GroupsAdding Groups Deleting and Modifying GroupsEnabling and Disabling Groups Customizing the User Self-Administration FeatureUser Administration User Authentication Managing the Ldap Module for System AuthenticationManaging the Ldap Module for System Authentication User Authentication Example 1 Security Matrix Enabled for LdapLdap Caching Daemon Example 2 Ldap Caching Daemon Configuration File Value of searchbase Value of machinedn Value of machinepass Creating BranchesUserbranch ou=accounts,searchbase Extended Ldap Schema for Unix Account InformationIndexing Attributes for the Directory Servers Configuring the Ldap Module for System Authentication Adding Indices for OpenLDAPLdap Database Index Types Modifying the Ldap Module Configuration Configuring the Ldap Module for System AuthenticationDefining Ldap System Parameters Configuring Ldap Password Attributes Configuring Ldap Group Attributes Testing the Ldap Module Configuration Importing and Exporting Users from /etc/passwdEnabling and Disabling the Ldap Module Adding an Ldap User in a C2 Environment Importing Users into the Directory ServerImporting Users from NIS Exporting Users from the Directory ServerAccess Control Ldap Database Utilities Authentication mechanism Remove login names from specified groupRemove login names from all groups File in which to store search results the default isChecking the Ldap Server Configuration Extracting Users from the /etc/passwd FileAdding a User Entry Retrieving a User Entry Deleting a User EntrySynchronizing with a Password File Adding a Group EntryLdapsyncuser -b branch filename Deleting a Group Entry Maintaining Group MembershipLdapgetgroup -b branch -f input-file Setting a Users Password in the Ldap Directory ServerRetrieving a Group Entry Starting the ldapcd DaemonModifying Entries in an Ldap Database Maintaining the Ldap Directory Server Using Ldap CommandsStopping the ldapcd Daemon Adding Entries to an Ldap DatabaseActions Performed by the Ldap Client Authentication Actions PerformedFiles Modified by theLDAP Module for System Authentication Overview of the Ldap ClientEtc/ldapusers.allow Operation of login/suBehavior of the the ldapdc Daemon Debugging ldapdc# su user1 Bogofilter to filter spam Section Bogofilter Spam Filter Mail Delivery AdministrationSendmail Server Administration Mail Delivery AdministrationLdap see Section Configuring Ldap Configuring the System as a Standalone Mail SystemConfiguring the System as a Mail Client Configuring the System as a Mail ServerCreating and Deleting Host Aliases for a Mail Server Sendmail Server Administration Changing the Sendmail Server ConfigurationCreating and Deleting Pseudo Domain Aliases Configuring Mail ProtocolsPSInet see Section Configuring the X.25 Protocol Through Section Configuring the X.25 ProtocolConfiguring the DECnet Phase IV Protocol Configuring the MTS ProtocolConfiguring the DECnet/OSI Protocol Configuring the X.25 Protocol Configuring the Uucp ProtocolAccessing the Configure Masquerading Form Configuring MasqueradingRoot Postmaster News Uucp Mailer-daemon Rdist Nobody Daemon Pop Imap Configuring Your System for MasqueradingExample 4 Sample Virtual Domain Table Configuring Virtual Domains# makemap btree virtusertable virtusertable Enabling Anti-Virus Enabling Procmail as a Local MailerConfiguring Relaying Configuring Anti-SpamExample 5 Sample Access Database for the Sendmail Server Configuring the Access DatabaseConfiguring an Access Database Configuring Checking on Senders Information Configuring LdapShows the Configure Ldap form Configuring Mail Filters MilterSocket inet1066@myhost.com,T=C5mS10sR10sE5m Socket local/var/run/f1.sockSocket inet1099@remotehost.com Socket inet61066@myhost.comSample -p local/var/run/example1.sock Adding a Queue Configuring Queues# sendmail -bt -q queue-name Modifying a Queue GroupDeleting a Queue Group Configuring Queue Performance Queue TimersGeneral Queue Properties Configuring Trusted Layer Security Sendmail TimersSendmail Tunable Parameters Certicate Authority Abbreviation Certificate Authority Certificate DefaultsCertificate Issuer One that issues certificates a CA TLS Certificate ValuesEnabling Support Using the Access Database Side VERIFYbits CIname Sendmail Server AdministrationMarked as permanent Failure marked as temporaryConfiguring Mailbox Access Controlling the Sendmail ServerRelay or Subject Creating a Majordomo Mailing List Majordomo Mailing List AdministrationMajordomo Mailing List Administration Viewing the Sendmail Server LogChanging List Owner or Charter Changing a Majordomo Mailing List ConfigurationChanging Subscription Parameters Changing Administration ParametersChanging Message Content Parameters Changing Digest Parameters Changing Command Access ParametersChanging List Restriction Parameters Changing Moderated List ParametersMailman MailmanDeleting a Majordomo List Changing Address Processing ParametersManaging Mailman Creating the Initial Mailman List Using a ScriptCreate a Mailing List Deleting a Mailing ListMailman Mailing List Administration Menu Training Bogofilter Bogofilter Spam FilterMailman Scripts Mailman Log FilesBogofilter/wordlist.db Using Bogofilter with procmailFiltering with Bogofilter Filter Integration with Other ToolsMutt Integration with Bogofilter Pine Integration with BogofilterMail Transport Agent MTA Integration with Bogofilter Bogofilter Spam Filter Controlling the POP2 Server Mail Access AdministrationPOP Mail Server Administration Controlling the POP3 ServerImap Mail Server Administration Imap Mail Server AdministrationViewing the POP Mail Server Log Setting Up a Unix User Account for UW Imap Setting Up a Unix User Account for Cyrus ImapConverting Imap Mail Folders Usr/dt/bin/mailcv -I -t -f ./bar duke Controlling the Cyrus Imap ServerControlling the UW Imap Server Usr/dt/bin/mailcv -evdt -I -f foldername directoryname userViewing the Imap Server Log Configuring SSL for UW-IMAPIMP Webmail Administration IMP Webmail AdministrationEnabling and Disabling IMP Webmail Accessing the IMP Webmail Administration MenuEnable/Disable IMP Webmail Managing Mail Server SettingsIMP Mail Server Settings Modifying the Mail Server ListAdding a Mail Server IMP Mail Server List Settings Managing Mailbox Settings Modifying a Mail ServerDeleting a Mail Server IMP Mailbox Settings Managing Compose SettingsManaging Message Settings IMP Compose SettingsPreference settings IMP Message Settings Managing Logging SettingsIMP Logging Settings Preference Driver Settings Managing Preference Driver SettingsSetting Description Allow usage of folders Managing Miscellaneous IMP SettingsManaging Horde Settings Miscellaneous IMP SettingsHorde Settings Managing Turba Settings Have access to their addressbook Using IMP Upgrade ToolsIMP Turba Settings Setting Description EnabledUpgrading IMP Databases Upgrading IMP ConfigurationsIMP Database Upgrade Settings Accessing IMP Webmail Additional Webmail DocumentationNew Preference Table Web Services Administration Secure Web Server AdministrationSecure Web Server Administration Internet Express Ports and URLs Accessing the Secure Web ServersServer Changing Configuration ParametersConfiguration Files for Secure Web Servers Web Server ManagementHttpd.conf Srm.conf Access.conf Changing the Password for the Administration Web ServerHt//Dig Search Tool Administration Ht//Dig Search Tool AdministrationCreating the Search Index Ht//Dig Indexing and Search Administration Link to Ht//Dig Search Index Updated Ht//Dig Configuration File Message Searching the Index DocumentationHttp//hostname/htdig/search.html XML Component Administration Directories and Subsets for XML ComponentsDirectories and Subsets for XML Components Managing the Apache Axis Server Apache Axis Server AdministrationApache Cocoon Servlet Administration Apache Axis Server AdministrationManaging the Apache Cocoon Servlet Enabling and Disabling the Cocoon ServletViewing the Cocoon Log Files Network Services Wrapped by Internet Express Network Security AdministrationTCP Wrapper Administration Network Services Wrapped by Internet ExpressModifying Access to a Wrapped Network Service Controlling Access to Other Network ServicesNetwork Service Access Options Testing TCP Security ModificationsFireScreen Administration Menu FireScreen AdministrationFireScreen Administration Installing FireScreenEtc/rc.config file Checking FireScreen Installation PrerequisitesFireScreen Administration Install FireScreen Page with Gateway Screening Enabled Configuring FireScreen Configure FireScreen Menu Setting Command-Line OptionsSet Options Confirmation Adding a Screening Rule Setting the Screening ModeAdd New Screening Rule Form Deleting a Screening Rule Checking Syntax of Screening RulesStarting FireScreen Starting and Stopping FireScreenStopping FireScreen Start/Stop FireScreen Form with Restart Option EnabledViewing FireScreen Status Viewing FireScreen Screening RulesViewing the FireScreen Log Snort Intrusion Detection System Viewing FireScreen StatisticsUsr/internet/docs/snort Snort documentation Snort -vd -l ./log Configuring Snort DecoderConfiguring Snort Preprocessor Option Disable Decode AlertFreeRADIUS Server Administration Running SnortViewing Alert Messages Users File Considerations While Installing FreeRADIUSUnderstanding FreeRADIUS Configuration Files Starting and Stopping the FreeRADIUS ServerConfigure --disable-shared make make install Clients.conf fileRadiusd.conf file Viewing FreeRADIUS Log File Controlling the Dante Socks Server Proxy Services AdministrationDante Socks Server Administration Proxy Services AdministrationSquid Proxy/Caching Server Administration Squid Proxy/Caching Server AdministrationConfiguring the Dante Socks Server Accessing Dante Socks InformationConfiguring the Squid Proxy/Caching Server Reinitializing the Disk CacheManaging the Squid Proxy/Caching Server Rotating Log Files Displaying Access StatisticsControlling the Squid Proxy/Caching Server Ldap Directory Server Administration Understanding the Ldap Directory SchemaUnderstanding the Ldap Directory Schema Using the Ldap Browser Ldap Directory Server AdministrationExample 6 Ldap Standard Object Class Definition for Person Creating or Editing Frequently Used Connections Installing and Running the Ldap BrowserConnecting to an Ldap Server Managing Frequently Used ConnectionsConnecting to an Ldap Server using SSL Using the Main Browsing Window Disconnecting from an Ldap ServerReconnecting to an Ldap Server Viewing a Directory Entry in a Separate Window Controlling Client-Side Schema CheckingOpening a New Main Window Closing a Main WindowCopying a Directory Entry Adding a New Directory EntryModifying a Directory Entry Deleting a Directory EntryModifying Attributes Renaming a Directory EntryMoving a Directory Entry Adding AttributesModifying Entry Templates Deleting AttributesManaging Directory Entry Templates Creating Entry TemplatesViewing the Object Class Schema Viewing the Attribute SchemaSearching the Directory Managing the OpenLDAP Directory Server Managing and Using the OpenLDAP Directory ServerUser Configuration File Configuring the OpenLDAP Directory ServerLdap Directory Server Administration OpenSLP Administration Configuration Files and ExamplesOpenSLP Overview Configuring OpenSLP Using the OpenSLP Configuration and Registration FilesConfiguring Optional Security Configuring OpenSLP Running the ServicesConsiderations for Using SLP APIs Running the Example ConfigurationDocumentation DocumentationOpenSLP Administration Creating or Modifying an Anonymous Pure-FTP User Account FTP Server AdministrationAdministering Pure-FTP Server Administering Pure-FTP ServerUpload /data/ftp /pub yes ftp daemon Enabling or Disabling Anonymous Pure-FTP AccessFTP Server Administration Enabling or Disabling chrootEnabling or Disabling Pure-FTP server Displaying Active Pure-FTP UsersSamba File and Print Server Administration Samba File and Print Server AdministrationOptions for Modifying the smb.conf Configuration File Understanding the smb.conf Configuration FileWorkgroup Understanding the smb.conf Configuration FileAdd the following value Administering the Samba Server Using the Swat Program Configuring the Samba Server Using the Swat ProgramAdministering the Samba Server Using the Swat Program Samba File and Print Server Administration Configure the Samba Server Menu Configuring Global Variables Configuring Share ParametersManage passwords see Section Administering Passwords Viewing the Status of the Server Viewing the Current ConfigurationAdministering Passwords Controlling PrintersSamba File and Print Server Administration 225 InterNetNews Server AdministrationSpecifying INN Configuration Data InterNetNews Server AdministrationINN Daemons Configuring an External Newsfeed Configuring an External NewsfeedDays 12 GB Displaying an External NewsfeedRecommended Spool Space for News Articles Article Retention PeriodAdding an External Newsfeed Typically, a newsfeed has the following flags set Modifying Newsfeed Defaults Modifying an External NewsfeedRemoving an External Newsfeed Updating the Local Active File Managing Client AccessDisplaying Client Access Groups Adding a Client Access GroupAccess Groups Form Fields Removing a Client Access Group Modifying an Existing Client Access GroupClient Authentication Groups Menu Fields Displaying Client Authentication GroupsManaging Client Authentication Groups Adding Client Authentication GroupsUsr/bin/news/auth/passwd Modifying Client Authentication GroupsConfiguring Storage Options Configuring Storage OptionsConfiguring Storage Method Entries Deleting Client Authentication GroupsOptions on the Configure Storage Menu Adding a New Storage Method ClassModifying a Storage Method Class Adding New Cnfs Entries Configuring the Cnfs Storage MethodDeleting a Storage Method Class Displaying Cnfs EntriesModifying Cnfs Entries Managing Article Expiration Managing Article ExpirationDisplaying Article Expiration Definitions Deleting Cnfs EntriesSpecific newsgroup for example, rec.photo Adding an Article Expiration DefinitionManaging Article Expiration Specifying an Article Expiration Definition Modifying an Article Expiration DefinitionManaging Local Newsgroups Managing Local NewsgroupsDeleting an Article Expiration Definition Modifying the Retention Period for Expired ArticlesViewing INN Log Files Creating Local NewsgroupsDeleting Local Newsgroups Controlling the INN Server Controlling the INN ServerControlling the IRC Server Internet Relay Chat AdministrationConfiguring IRC Internet Relay Chat AdministrationStarting and Stopping PostgreSQL Server PostgreSQL Database and MySQL AdministrationInstalling PostgreSQL Installing PostgreSQLViewing the PostgreSQL Log File PostgreSQL Database and MySQL AdministrationAdministering PostgreSQL Accounts Administering PostgreSQL AccountsImportant Files and Directories PostgreSQL Files and Directories Setting up a Crontab Entry for Vacuuming DatabasesUsing Existing PostgreSQL Accounts Running the Postmaster Startup ScriptSetting up a Crontab Entry for Vacuuming Databases PostgreSQL Database and MySQL Administration Setup Vacuum Crontab Form Scaling PostgreSQL #/sbin/init.d/postgres stop#/sbin/init.d/postgres start #/sbin/sysconfig -q ipc #ps -ef grep postmasterScaling PostgreSQL MySQL Directories Administering MySQLDirectories and Files Established by MySQL Installation Starting and Stopping MySQLMySQL Log Files Starting and Stopping the MySQL Server Using a Command LineMySQL Configuration Files Viewing the MySQL Error LogBind Files and Directories Bind Domain Name Server AdministrationBind Overview Important Bind Files and DirectoriesBind Binary File Directories Enabling Bind Running the Bind Startup Script Running the Bind Startup ScriptBind Documentation Enter /sbin/init.d/named start Enter /sbin/rcinet startHttp//ops.ietf.org/dns/dynupd/secure-ddns-howto.html Jabber Controlling the Jabber ServerControlling the Jabber Server Twiki Starting TWikiTwiki Sample client server configuration Sample client server configurationStunnel Sample mail filter Section Mail Filter Example Sendmail Supplemental InformationCreating a Certificate of Authority Background OpenSSL Certificate CreationMail Filter Example Mail Filter ExampleSendmail Supplemental Information Smfiversion Glossary Glossary273 FTPSee also Https 275 See TCP/IPSymbols IndexIndex Decus see Encompass deinstall.sh script Web site, 30 external newsfeed adding277 Index Ldap client, 87 Ldap commands Log file FireScreen viewing, 183 login account279 Index OpenLDAP Project Web site Poppassd server controlling281 Screening mode, 178 screening rule FireScreen 283 TIN
Related manuals
Manual 34 pages 37.15 Kb
Top Page Image Contents