putting config file in a folder properly protected by permissions set is the best way to do that. I always wonder why some people want to use stunnel without leaving any trace on their (?) server machine: many of those are just trying to open backdoors on systems...
"security reasons"...hmm...just bad excuse.
Anyway, is next question "how to hide stunnel from running in ps or netstat sys command" ?
Pierre
Le 14/06/2012 19:32, Steve Marvin a écrit :
On Thu, 14 Jun 2012 22:22:30 +0500, Ivanko B wrote:
How to bypass reading any config file so that all needed options were fed from command line ? (security reasons)
I run stunnel from a program that uses it and what I do is:
generate the .pem files (cert and key) generate the .conf file start stunnel monitor the log file until I see that all of my services have been bound then I scrub the files I generated above.Not perfect, but it works. I guess it would be nice if stunnel had either a way to pass in the data by arguments or an /scrubconfig option to do what I do from outside.
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users