For this lab, we're using a CentOS 8 VM that's been set to run in FIPS-compliant mode (see the steps for that in Chapter 5, Encryption Technologies):
- On a CentOS 8 VM, install stunnel:
sudo dnf install stunnel
- On the server, within the /etc/stunnel directory, create a new stunnel.conf file with the following contents:
cert=/etc/stunnel/stunnel.pem
fips=yes
[hear from client]
accept=30000
connect=127.0.0.1:6514
- On the server, while still within the /etc/stunnel directory, create the stunnel.pem certificate file:
sudo openssl req -new -x509 -days 3650 -nodes -out stunnel.pem -keyout stunnel.pem
- On the server, open port 30000 on the firewall, and close port 514:
sudo firewall-cmd --permanent --add-port=30000/tcp
sudo firewall-cmd --permanent --remove-port=514/tcp
sudo firewall-cmd --reload
Port 6514, which you see in the stunnel.conf file, is strictly for internal communication between rsyslog and stunnel. So, for that, we don't need to open a firewall port. We're configuring stunnel to listen on port 30000 on behalf of rsyslog, so we no longer need to have port 514 open on the firewall.
- Enable and start the stunnel daemon by doing this:
sudo systemctl enable --now stunnel
- In the /etc/rsyslog.conf file, look for this line at the top of the file:
input(type="imtcp" port="514")
Change it to the following:
input(type="imtcp" port="6514")
- After saving the file, restart rsyslog:
sudo systemctl restart rsyslog
- The server is now ready to receive log files from remote clients via an encrypted connection.
Next, we'll configure a CentOS 8 VM to send its logs to this server.