Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 285001 Details for
Bug 356161
Deployment Guide - Security Level Configuration Tool shows wrong command
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Fixes usage of -selinux & -securitylevel
bug_356161_from_Deployment_Guide-en-US-5.1.0-11.patch (text/plain), 18.25 KB, created by
Daniel Crisman
on 2007-12-12 04:33:39 UTC
(
hide
)
Description:
Fixes usage of -selinux & -securitylevel
Filename:
MIME Type:
Creator:
Daniel Crisman
Created:
2007-12-12 04:33:39 UTC
Size:
18.25 KB
patch
obsolete
>diff -ru Deployment_Guide-en-US-5.1.0-11/Common_Content/Translatable-Entities.ent fix/Common_Content/Translatable-Entities.ent >--- Deployment_Guide-en-US-5.1.0-11/Common_Content/Translatable-Entities.ent 2007-09-07 02:24:54.000000000 -0400 >+++ fix/Common_Content/Translatable-Entities.ent 2007-12-11 23:19:40.000000000 -0500 >@@ -105,6 +105,7 @@ > <!ENTITY RHSAMBATOOL "Samba Server Configuration Tool"> > <!ENTITY RHSECLEVELTOOL "Security Level Configuration Tool"> > <!ENTITY RHSECONDMENU "Actions (on the panel)"> >+<!ENTITY RHSELINUXTOOL "&SEL; Administration Tool"> > <!ENTITY RHSERVICESTOOL "Services Configuration Tool"> > <!ENTITY RHSETUPAGENT "Setup Agent"> > <!ENTITY RHTHIRDMENU "System (on the panel)"> >diff -ru Deployment_Guide-en-US-5.1.0-11/Firewall.xml fix/Firewall.xml >--- Deployment_Guide-en-US-5.1.0-11/Firewall.xml 2007-09-07 02:24:54.000000000 -0400 >+++ fix/Firewall.xml 2007-12-11 23:19:40.000000000 -0500 >@@ -167,7 +167,7 @@ > <title>Basic Firewall Configuration</title> > <indexterm significance="normal"> > <primary>firewall configuration</primary> >- <see><application>Security Level Configuration Tool</application></see> >+ <see><application>&RHSECLEVELTOOL;</application></see> > </indexterm> > <para> > Just as a firewall in a building attempts to prevent a fire from spreading, a computer firewall attempts to prevent malicious software from spreading to your computer. It also helps to prevent unauthorized users from accessing your computer. >@@ -176,29 +176,29 @@ > In a default &PROD; installation, a firewall exists between your computer or network and any untrusted networks, for example the Internet. It determines which services on your computer remote users can access. A properly configured firewall can greatly increase the security of your system. It is recommended that you configure a firewall for any &PROD; system with an Internet connection. > </para> > <section id="s2-basic-firewall-securitylevel"> >- <title><application>Security Level Configuration Tool</application></title> >+ <title><application>&RHSECLEVELTOOL;</application></title> > <indexterm significance="normal"> > <primary>security level</primary> >- <see><application>Security Level Configuration Tool</application></see> >+ <see><application>&RHSECLEVELTOOL;</application></see> > </indexterm> > <indexterm significance="normal"> >- <primary><command>system-config-selinux</command></primary> >- <see><application>Security Level Configuration Tool</application></see> >+ <primary><command>system-config-securitylevel</command></primary> >+ <see><application>&RHSECLEVELTOOL;</application></see> > </indexterm> > <para> > During the <guilabel>Firewall Configuration</guilabel> screen of the &PROD; installation, you were given the option to enable a basic firewall as well as to allow specific devices, incoming services, and ports. > </para> > <para> >- After installation, you can change this preference by using the <application>Security Level Configuration Tool</application>. >+ After installation, you can change this preference by using the <application>&RHSECLEVELTOOL;</application>. > </para> > <para> > To start this application, use the following command: > </para> > <screen> >-[root@myServer ~] # system-config-selinux >+[root@myServer ~] # system-config-securitylevel > </screen> > <figure float="0" id="rh-securitylevel-fig"> >- <title><application>Security Level Configuration Tool</application></title> >+ <title><application>&RHSECLEVELTOOL;</application></title> > <mediaobject> > <imageobject> > <imagedata fileref="images/rh-securitylevel.png" format="PNG" /> >@@ -213,7 +213,7 @@ > <note> > <title>Note</title> > <para> >- The <application>Security Level Configuration Tool</application> only configures a basic firewall. If the system needs more complex rules, refer to <xref linkend="ch-iptables" /> for details on configuring specific <command>iptables</command> rules. >+ The <application>&RHSECLEVELTOOL;</application> only configures a basic firewall. If the system needs more complex rules, refer to <xref linkend="ch-iptables" /> for details on configuring specific <command>iptables</command> rules. > </para> > </note> > </section> >@@ -221,7 +221,7 @@ > <section id="s2-basic-firewall-securitylevel-enable"> > <title>Enabling and Disabling the Firewall</title> > <indexterm significance="normal"> >- <primary><application>Security Level Configuration Tool</application></primary> >+ <primary><application>&RHSECLEVELTOOL;</application></primary> > <secondary>enabling and disabling</secondary> > </indexterm> > <para> >@@ -253,7 +253,7 @@ > <section id="s2-basic-firewall-securitylevel-services"> > <title>Trusted Services</title> > <indexterm significance="normal"> >- <primary><application>Security Level Configuration Tool</application></primary> >+ <primary><application>&RHSECLEVELTOOL;</application></primary> > <secondary>trusted services</secondary> > </indexterm> > <para> >@@ -325,11 +325,11 @@ > <section id="s2-basic-firewall-securitylevel-other"> > <title>Other Ports</title> > <indexterm significance="normal"> >- <primary><application>Security Level Configuration Tool</application></primary> >+ <primary><application>&RHSECLEVELTOOL;</application></primary> > <secondary>setting custom ports</secondary> > </indexterm> > <para> >- The <application>Security Level Configuration Tool</application> includes an <guilabel>Other ports</guilabel> section for specifying custom IP ports as being trusted by <command>iptables</command>. For example, to allow IRC and Internet printing protocol (IPP) to pass through the firewall, add the following to the <guilabel>Other ports</guilabel> section: >+ The <application>&RHSECLEVELTOOL;</application> includes an <guilabel>Other ports</guilabel> section for specifying custom IP ports as being trusted by <command>iptables</command>. For example, to allow IRC and Internet printing protocol (IPP) to pass through the firewall, add the following to the <guilabel>Other ports</guilabel> section: > </para> > <para> > <computeroutput>194:tcp,631:tcp</computeroutput> >@@ -339,14 +339,14 @@ > <section id="s2-basic-firewall-securitylevel-commit"> > <title>Saving the Settings</title> > <indexterm significance="normal"> >- <primary><application>Security Level Configuration Tool</application></primary> >+ <primary><application>&RHSECLEVELTOOL;</application></primary> > <secondary>saving</secondary> > </indexterm> > <para> > Click <guibutton>OK</guibutton> to save the changes and enable or disable the firewall. If <guilabel>Enable firewall</guilabel> was selected, the options selected are translated to <command>iptables</command> commands and written to the <filename>/etc/sysconfig/iptables</filename> file. The <command>iptables</command> service is also started so that the firewall is activated immediately after saving the selected options. If <guilabel>Disable firewall</guilabel> was selected, the <filename>/etc/sysconfig/iptables</filename> file is removed and the <command>iptables</command> service is stopped immediately. > </para> > <para> >- The selected options are also written to the <filename>/etc/sysconfig/system-config-selinux</filename> file so that the settings can be restored the next time the application is started. Do not edit this file by hand. >+ The selected options are also written to the <filename>/etc/sysconfig/system-config-securitylevel</filename> file so that the settings can be restored the next time the application is started. Do not edit this file by hand. > </para> > <para> > Even though the firewall is activated immediately, the <command>iptables</command> service is not configured to start automatically at boot time. Refer to <xref linkend="s2-basic-firewall-activate-iptables" /> for more information. >@@ -356,7 +356,7 @@ > <section id="s2-basic-firewall-activate-iptables"> > <title>Activating the IPTables Service</title> > <indexterm significance="normal"> >- <primary><application>Security Level Configuration Tool</application></primary> >+ <primary><application>&RHSECLEVELTOOL;</application></primary> > <secondary><command>iptables</command> service</secondary> > </indexterm> > <indexterm significance="normal"> >diff -ru Deployment_Guide-en-US-5.1.0-11/IP_Tables.xml fix/IP_Tables.xml >--- Deployment_Guide-en-US-5.1.0-11/IP_Tables.xml 2007-09-07 02:24:54.000000000 -0400 >+++ fix/IP_Tables.xml 2007-12-11 23:19:40.000000000 -0500 >@@ -1106,7 +1106,7 @@ > <itemizedlist> > <listitem lang="en-US,as-IN,bn-IN,gu-IN,hi-IN,kn-IN,ml-IN,mr-IN,or-IN,pa-IN,si-LK,ta-IN,te-IN"> > <para> >- <application>Security Level Configuration Tool</application> (<command>system-config-selinux</command>) — A graphical interface for creating, activating, and saving basic firewall rules. Refer to <xref linkend="s1-basic-firewall" /> for more information. >+ <application>&RHSECLEVELTOOL;</application> (<command>system-config-securitylevel</command>) — A graphical interface for creating, activating, and saving basic firewall rules. Refer to <xref linkend="s1-basic-firewall" /> for more information. > </para> > </listitem> > <listitem> >diff -ru Deployment_Guide-en-US-5.1.0-11/SELinux_Overview.xml fix/SELinux_Overview.xml >--- Deployment_Guide-en-US-5.1.0-11/SELinux_Overview.xml 2007-09-07 02:24:54.000000000 -0400 >+++ fix/SELinux_Overview.xml 2007-12-11 23:19:40.000000000 -0500 >@@ -124,7 +124,7 @@ > <tertiary><filename>/etc/sysconfig/selinux</filename></tertiary> > </indexterm> > <para> >- There are two ways to configure &SEL; under &RHEL;: using the <application>&RHSECLEVELTOOL;</application> (<command>system-config-selinux</command>), or manually editing the configuration file (<filename>/etc/sysconfig/selinux</filename>). >+ There are two ways to configure &SEL; under &RHEL;: using the <application>&RHSELINUXTOOL;</application> (<command>system-config-selinux</command>), or manually editing the configuration file (<filename>/etc/sysconfig/selinux</filename>). > </para> > <para> > The <filename>/etc/sysconfig/selinux</filename> file is the primary configuration file for enabling or disabling &SEL;, as well as for setting which policy to enforce on the system and how to enforce it. >@@ -198,7 +198,7 @@ > </para> > </important> > <para> >- Policy enforcement for these daemons can be turned on or off, using Boolean values controlled by the <application>&RHSECLEVELTOOL;</application> (<command>system-config-selinux</command>). >+ Policy enforcement for these daemons can be turned on or off, using Boolean values controlled by the <application>&RHSELINUXTOOL;</application> (<command>system-config-selinux</command>). > </para> > <para> > Setting a Boolean value for a targeted daemon to <option>0</option> (zero) disables policy transition for the daemon. For example, you can set <option>dhcpd_disable_trans</option> to <option>0</option> to prevent <command>init</command> from transitioning <command>dhcpd</command> from the <property>unconfined_t</property> domain to the domain specified in <filename>dhcpd.te</filename>. >diff -ru Deployment_Guide-en-US-5.1.0-11/Services.xml fix/Services.xml >--- Deployment_Guide-en-US-5.1.0-11/Services.xml 2007-09-07 02:24:54.000000000 -0400 >+++ fix/Services.xml 2007-12-11 23:19:40.000000000 -0500 >@@ -60,7 +60,7 @@ > On the other hand, the benefit of using <command moreinfo="none">iptables</command> is flexibility. For example, if you need a customized solution which provides certain hosts access to certain services, <command moreinfo="none">iptables</command> can provide it for you. Refer to <xref linkend="s1-firewall-ipt" /> and <xref linkend="s1-fireall-ipt-act" /> for more information about <command moreinfo="none">iptables</command>. > </para> > <para> >- Alternatively, if you are looking for a utility to set general access rules for your home machine, and/or if you are new to Linux, try the <application moreinfo="none">&RHSECLEVELTOOL;</application> (<command moreinfo="none">system-config-selinux</command>), which allows you to select the security level for your system, similar to the <guilabel moreinfo="none">Firewall Configuration</guilabel> screen in the installation program. >+ Alternatively, if you are looking for a utility to set general access rules for your home machine, and/or if you are new to Linux, try the <application moreinfo="none">&RHSECLEVELTOOL;</application> (<command moreinfo="none">system-config-securitylevel</command>), which allows you to select the security level for your system, similar to the <guilabel moreinfo="none">Firewall Configuration</guilabel> screen in the installation program. > </para> > <para lang="en-US,as-IN,bn-IN,gu-IN,hi-IN,kn-IN,ml-IN,mr-IN,or-IN,pa-IN,si-LK,ta-IN,te-IN"> > Refer to <xref linkend="ch-fw" /> for more information. >diff -ru Deployment_Guide-en-US-5.1.0-11/Sysconfig.xml fix/Sysconfig.xml >--- Deployment_Guide-en-US-5.1.0-11/Sysconfig.xml 2007-09-07 02:24:54.000000000 -0400 >+++ fix/Sysconfig.xml 2007-12-11 23:19:40.000000000 -0500 >@@ -531,7 +531,7 @@ > The <filename moreinfo="none">/etc/sysconfig/iptables-config</filename> file stores information used by the kernel to set up packet filtering services at boot time or whenever the service is started. > </para> > <para> >- Do not modify this file by hand unless you are familiar with constructing <command moreinfo="none">iptables</command> rules. The easiest way to add rules is to use the <application moreinfo="none">&RHSECLEVELTOOL;</application> (<command moreinfo="none">system-config-selinux</command>) application to create a firewall. These applications automatically edit this file at the end of the process. >+ Do not modify this file by hand unless you are familiar with constructing <command moreinfo="none">iptables</command> rules. The easiest way to add rules is to use the <application moreinfo="none">&RHSECLEVELTOOL;</application> (<command moreinfo="none">system-config-securitylevel</command>) application to create a firewall. These applications automatically edit this file at the end of the process. > </para> > <para> > Rules can also be created manually using the <command moreinfo="none">/sbin/iptables</command> command. Once created, add the rule(s) to the <filename moreinfo="none">/etc/sysconfig/iptables</filename> file by typing the following command: >@@ -867,13 +867,24 @@ > </section> > > <section id="s2-sysconfig-sec-level"> >+ <title><filename moreinfo="none">/etc/sysconfig/system-config-securitylevel</filename></title> >+ <indexterm significance="normal"> >+ <primary><filename moreinfo="none">sysconfig</filename> directory</primary> >+ <secondary><filename moreinfo="none">/etc/sysconfig/system-config-securitylevel</filename></secondary> >+ </indexterm> >+ <para lang="en-US,as-IN,bn-IN,gu-IN,hi-IN,kn-IN,ml-IN,mr-IN,or-IN,pa-IN,si-LK,ta-IN,te-IN"> >+ The <filename moreinfo="none">/etc/sysconfig/system-config-securitylevel</filename> file contains all options chosen by the user the last time the <application moreinfo="none">&RHSECLEVELTOOL;</application> (<command moreinfo="none">system-config-securitylevel</command>) was run. Users should not modify this file by hand. For more information about the <application moreinfo="none">&RHSECLEVELTOOL;</application>, refer to <xref linkend="s1-basic-firewall" />. >+ </para> >+ </section> >+ >+ <section id="s2-sysconfig-selinuxtool"> > <title><filename moreinfo="none">/etc/sysconfig/system-config-selinux</filename></title> > <indexterm significance="normal"> > <primary><filename moreinfo="none">sysconfig</filename> directory</primary> > <secondary><filename moreinfo="none">/etc/sysconfig/system-config-selinux</filename></secondary> > </indexterm> > <para lang="en-US,as-IN,bn-IN,gu-IN,hi-IN,kn-IN,ml-IN,mr-IN,or-IN,pa-IN,si-LK,ta-IN,te-IN"> >- The <filename moreinfo="none">/etc/sysconfig/system-config-selinux</filename> file contains all options chosen by the user the last time the <application moreinfo="none">&RHSECLEVELTOOL;</application> (<command moreinfo="none">system-config-selinux</command>) was run. Users should not modify this file by hand. For more information about the <application moreinfo="none">&RHSECLEVELTOOL;</application>, refer to <xref linkend="s1-basic-firewall" />. >+ The <filename moreinfo="none">/etc/sysconfig/system-config-selinux</filename> file contains all options chosen by the user the last time the <application moreinfo="none">&RHSELINUXTOOL;</application> (<command moreinfo="none">system-config-selinux</command>) was run. Users should not modify this file by hand. For more information about the <application moreinfo="none">&RHSELINUXTOOL;</application> and &SEL; in general, refer to <xref linkend="ch-selinux" />. > </para> > </section> > >diff -ru Deployment_Guide-en-US-5.1.0-11/Wstation.xml fix/Wstation.xml >--- Deployment_Guide-en-US-5.1.0-11/Wstation.xml 2007-09-07 02:24:54.000000000 -0400 >+++ fix/Wstation.xml 2007-12-11 23:19:40.000000000 -0500 >@@ -1460,7 +1460,7 @@ > Firewalls prevent network packets from accessing the system's network interface. If a request is made to a port that is blocked by a firewall, the request is ignored. If a service is listening on one of these blocked ports, it does not receive the packets and is effectively disabled. For this reason, care should be taken when configuring a firewall to block access to ports not in use, while not blocking access to ports used by configured services. > </para> > <para> >- For most users, the best tool for configuring a simple firewall is the graphical firewall configuration tool which ships with &RHEL;: the <application>Security Level Configuration Tool</application> (<command>system-config-selinux</command>). This tool creates broad <command>iptables</command> rules for a general-purpose firewall using a control panel interface. >+ For most users, the best tool for configuring a simple firewall is the graphical firewall configuration tool which ships with &RHEL;: the <application>&RHSECLEVELTOOL;</application> (<command>system-config-securitylevel</command>). This tool creates broad <command>iptables</command> rules for a general-purpose firewall using a control panel interface. > </para> > <para lang="en-US,as-IN,bn-IN,gu-IN,hi-IN,kn-IN,ml-IN,mr-IN,or-IN,pa-IN,si-LK,ta-IN,te-IN"> > Refer to <xref linkend="s1-basic-firewall" /> for more information about using this application and its available options.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=285001">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 356161
: 285001