1117050 – [RFE] Harden the httpd instance front ending ipa-server

Bug 1117050 - [RFE] Harden the httpd instance front ending ipa-server

Summary: [RFE] Harden the httpd instance front ending ipa-server

Keywords:
Status:	ASSIGNED
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	unspecified
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	beta
Target Release:	---
Assignee:	Florence Blanc-Renaud
QA Contact:	ipa-qe
Docs Contact:
URL:
Whiteboard:
Duplicates (3):	1122800 1122801 1122804 (view as bug list)
Depends On:	1122800 1122801 1122804
Blocks:	1203710 1399979
TreeView+	depends on / blocked

Reported:	2014-07-07 21:29 UTC by Coty Sutherland
Modified:	2023-08-14 11:14 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Story
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	FREEIPA-7208	None	None	None	2021-11-01 12:38:21 UTC
Red Hat Issue Tracker	RHELPLAN-13993	None	None	None	2021-11-01 12:38:18 UTC
Red Hat Knowledge Base (Article)	3216281	None	None	None	2018-09-03 11:20:50 UTC

Description Coty Sutherland 2014-07-07 21:29:11 UTC

Description of problem:
The customer needs to harden the httpd instance front ending ipa-server. He specifically wants to add -FollowSymLinks to his configuration.

Version-Release number of selected component (if applicable):
RHEL 6.5 ipa-server packages

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 2 Petr Viktorin 2014-07-09 08:18:05 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4431

Comment 3 Martin Kosek 2014-07-29 14:33:04 UTC

During ticket triage, we decided to link this Bugzilla to upstream ticket that is focused on hardening IPA httpd configuration. It is currently planned to be revisited during FreeIPA 4.2 release which as a next upstream feature release.

Moving to RHEL-7.x product as this would the main platform for delivering the fix. Also adding other related Bugzillas requesting hardening IPA httpd to Depends On field.

Comment 6 Petr Vobornik 2017-04-04 08:23:53 UTC

IPA doesn't have capabilities of seamlessly updating httpd.conf - mainly because IPA doesn't own the configuration file. 

We would like to approach this RFE in more systematic manner - have completely separated httpd configuration only for IPA where IPA have better control. This is out of scope of 7.4.

For 7.4 IPA team will provide a guidance how to change httpd.conf to comply with DISA STIG V-13732

Comment 10 Dmitri Pal 2019-03-13 20:35:53 UTC

*** Bug 1122800 has been marked as a duplicate of this bug. ***

Comment 11 Dmitri Pal 2019-03-13 20:38:07 UTC

*** Bug 1122801 has been marked as a duplicate of this bug. ***

Comment 12 Dmitri Pal 2019-03-13 20:40:40 UTC

*** Bug 1122804 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.