From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 Description of problem: The redhat-config-securitylevel tool's gui in RHEL3 does not contain a "other ports" field as is shown in the installation screens and documentation. This can be troublesome for users trying to set up a RHEL3 machine with apache-ssl since the firewall is on by default and the only way to allow connections on port 443 through the gui is to make the ethernet device a "trusted" device, which is advised against in the documentation. However, redhat-config-securitylevel-tui DOES have the "other ports" option. When options are set here, they do not translate to the gui so it's hard to tell which tool is actually making any changes. (My guess /hope is that the last-used tool makes the changes, but the other one just isn't aware of them.) I feel that the optimal solution would be to add the "other ports" field to the gui. This way, users who are knowledgeable enough about networking and security to want to make their machine secure, but who don't know how to use iptables will be able to avoid making their networok card a trusted device. Version-Release number of selected component (if applicable): redhat-config-securitylevel-1.2.9-1 How reproducible: Always Steps to Reproduce: 1. Run redhat-config-security. 2. Look for a place to enter ports for services other than those shown. 3. Where is it?! IT'S NOT THERE! 4. Curse the people that thought only 5 services were needed on a server. 5. Discover that the text interface has the options you want. 6. Feel confused. 7. Enter a bug in redhat.bugzilla.com Actual Results: I entered this bug after finding the setting in the tui. Expected Results: I should have had the option to leave the "trusted device" checkbox for eth0 unchecked, and enter 443 or checked a HTTPS checkbox in order to allow incoming traffic on this port. Additional info: Older versions of RedHat appear to have had this option and for some reason it was removed. This simply made me more aggravated.
This is pretty lame that once again the tui tool and gui tool have different functionality. (c.f. redhat-config-network) Although this time, the tui tool has more functionality. Given that this bug has stagnated since 7/16, and it's now 9/13, I suspect there's no hope of seeing it fixed in U4, but I sincerely hope that RHEL 4 will eliminate all the version skew between different versions of the redhat-config-* tools and the old *cfg/*config tools.
This request appears to be a subset of bug 105827, and a good place to start work on implementing that RFE.
Created attachment 106195 [details] Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora Apparently system-config-securitylevel-1.3.12-1 from Fedora already provides this functionality. Users of RHEL may be able to leverage that, though do note that the name of the binary differs in the Fedora package. Alternately, you could build from CVS yourself: CVSROOT -> :pserver:anonymous.com:/usr/local/CVS (no password) module -> redhat-config-securitylevel