From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5)
Description of problem:
The redhat-config-securitylevel tool's gui in RHEL3 does not contain a
"other ports" field as is shown in the installation screens and
This can be troublesome for users trying to set up a RHEL3 machine
with apache-ssl since the firewall is on by default and the only way
to allow connections on port 443 through the gui is to make the
ethernet device a "trusted" device, which is advised against in the
However, redhat-config-securitylevel-tui DOES have the "other ports"
option. When options are set here, they do not translate to the gui so
it's hard to tell which tool is actually making any changes. (My guess
/hope is that the last-used tool makes the changes, but the other one
just isn't aware of them.)
I feel that the optimal solution would be to add the "other ports"
field to the gui. This way, users who are knowledgeable enough about
networking and security to want to make their machine secure, but who
don't know how to use iptables will be able to avoid making their
networok card a trusted device.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Run redhat-config-security.
2. Look for a place to enter ports for services other than those shown.
3. Where is it?! IT'S NOT THERE!
4. Curse the people that thought only 5 services were needed on a server.
5. Discover that the text interface has the options you want.
6. Feel confused.
7. Enter a bug in redhat.bugzilla.com
Actual Results: I entered this bug after finding the setting in the tui.
Expected Results: I should have had the option to leave the "trusted
device" checkbox for eth0 unchecked, and enter 443 or checked a HTTPS
checkbox in order to allow incoming traffic on this port.
Older versions of RedHat appear to have had this option and for some
reason it was removed. This simply made me more aggravated.
This is pretty lame that once again the tui tool and gui tool have
different functionality. (c.f. redhat-config-network) Although this
time, the tui tool has more functionality. Given that this bug has
stagnated since 7/16, and it's now 9/13, I suspect there's no hope of
seeing it fixed in U4, but I sincerely hope that RHEL 4 will eliminate
all the version skew between different versions of the redhat-config-*
tools and the old *cfg/*config tools.
This request appears to be a subset of bug 105827, and a good place to
start work on implementing that RFE.
Created attachment 106195 [details]
Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora
Apparently system-config-securitylevel-1.3.12-1 from Fedora already provides
this functionality. Users of RHEL may be able to leverage that, though do note
that the name of the binary differs in the Fedora package. Alternately, you
could build from CVS yourself:
CVSROOT -> :pserver:email@example.com:/usr/local/CVS (no password)
module -> redhat-config-securitylevel