Hi Eric. >>container hardening?What are your resources controls and are they >>appropriate? (e.g. chroot. docker. hyervisor.) >>check outCheckout, posture and drift are characteristics of an operational >>system. Using the operators manual, a driver should be able to examine(checkout) each major element of a vehicle so they can communicate their concerns/findings/issues from an absolute (posture) / or relative (drift) perspective. On Wednesday, May 29, 2019, 4:41:59 p.m. EDT, Eric Eberhard <[email protected]> wrote: <!--#yiv9769437719 _filtered #yiv9769437719 {font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;} _filtered #yiv9769437719 {font-family:Wingdings;panose-1:5 0 0 0 0 0 0 0 0 0;} _filtered #yiv9769437719 {font-family:"Cambria Math";panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv9769437719 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}#yiv9769437719 #yiv9769437719 p.yiv9769437719MsoNormal, #yiv9769437719 li.yiv9769437719MsoNormal, #yiv9769437719 div.yiv9769437719MsoNormal {margin:0in;margin-bottom:.0001pt;font-size:12.0pt;font-family:"Times New Roman", serif;}#yiv9769437719 a:link, #yiv9769437719 span.yiv9769437719MsoHyperlink {color:#0563C1;text-decoration:underline;}#yiv9769437719 a:visited, #yiv9769437719 span.yiv9769437719MsoHyperlinkFollowed {color:#954F72;text-decoration:underline;}#yiv9769437719 span.yiv9769437719EmailStyle17 {font-family:"Calibri", sans-serif;color:#1F497D;}#yiv9769437719 .yiv9769437719MsoChpDefault {font-size:10.0pt;} _filtered #yiv9769437719 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv9769437719 div.yiv9769437719WordSection1 {}--> We use it solely on 100s of our customer’s Unix computers. My suggestion (that not everyone agrees with) is to run it under inetd. Unix does not function without inetd (or related like xinetd). You don’t have to start or manage a server. It is dead reliable and when processes die it cleans it up and so forth. You connect to localhost on some port, have a configuration that directs it to the right place, off to the races.
I am not sure what you mean by container hardening. When connecting to localhost it never touches the network – the TCP/IP goes directly to the TCP/IP stack on the local machine. I am really sure I don’t know what check out is J If you give me more info I can probably be of more use. Eric From: stunnel-users [mailto:[email protected]] On Behalf Of Brent Kimberley Sent: Wednesday, May 29, 2019 11:53 AM To: [email protected] Subject: [stunnel-users] RE stunnel process owner Hi Dan. >>Wondering what user people are running the stunnel process under on a unix >>server? Any suggestions re container hardening & check-out (a la SCAP)?
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
