Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 3 product line. The current stable release is 3.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 128046

Summary: No "other ports" field exists in redhat-config-securitylevel gui.
Product: Red Hat Enterprise Linux 3 Reporter: Andrew Haninger <ahaning>
Component: redhat-config-securitylevelAssignee: Chris Lumens <clumens>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: dlr, jdreed
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-03-29 16:19:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora none

Description Andrew Haninger 2004-07-16 18:24:00 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5)
Gecko/20031007 Firebird/0.7

Description of problem:
The redhat-config-securitylevel tool's gui in RHEL3 does not contain a
"other ports" field as is shown in the installation screens and
documentation.

This can be troublesome for users trying to set up a RHEL3 machine
with apache-ssl since the firewall is on by default and the only way
to allow connections on port 443 through the gui is to make the
ethernet device a "trusted" device, which is advised against in the
documentation.

However, redhat-config-securitylevel-tui DOES have the "other ports"
option. When options are set here, they do not translate to the gui so
it's hard to tell which tool is actually making any changes. (My guess
/hope is that the last-used tool makes the changes, but the other one
just isn't aware of them.)

I feel that the optimal solution would be to add the "other ports"
field to the gui. This way, users who are knowledgeable enough about
networking and security to want to make their machine secure, but who
don't know how to use iptables will be able to avoid making their
networok card a trusted device.

Version-Release number of selected component (if applicable):
redhat-config-securitylevel-1.2.9-1

How reproducible:
Always

Steps to Reproduce:
1. Run redhat-config-security.
2. Look for a place to enter ports for services other than those shown.
3. Where is it?! IT'S NOT THERE!
4. Curse the people that thought only 5 services were needed on a server.
5. Discover that the text interface has the options you want.
6. Feel confused.
7. Enter a bug in redhat.bugzilla.com

Actual Results:  I entered this bug after finding the setting in the tui.

Expected Results:  I should have had the option to leave the "trusted
device" checkbox for eth0 unchecked, and enter 443 or checked a HTTPS
checkbox in order to allow incoming traffic on this port.

Additional info:

Older versions of RedHat appear to have had this option and for some
reason it was removed. This simply made me more aggravated.
Comment 1 Jonathan Reed 2004-09-13 13:30:40 UTC 
This is pretty lame that once again the tui tool and gui tool have
different functionality.  (c.f. redhat-config-network)  Although this
time, the tui tool has more functionality.  Given that this bug has
stagnated since 7/16, and it's now 9/13, I suspect there's no hope of
seeing it fixed in U4, but I sincerely hope that RHEL 4 will eliminate
all the version skew between different versions of the redhat-config-*
tools and the old *cfg/*config tools.
Comment 2 Daniel L. Rall 2004-11-04 21:46:43 UTC 
This request appears to be a subset of bug 105827, and a good place to
start work on implementing that RFE.
Comment 3 Daniel L. Rall 2004-11-04 22:04:10 UTC 
Created attachment 106195 [details]
Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora

Apparently system-config-securitylevel-1.3.12-1 from Fedora already provides
this functionality.  Users of RHEL may be able to leverage that, though do note
that the name of the binary differs in the Fedora package.   Alternately, you
could build from CVS yourself:

CVSROOT -> :pserver:anonymous.com:/usr/local/CVS  (no password)
module	-> redhat-config-securitylevel