Bug 128046 - No "other ports" field exists in redhat-config-securitylevel gui.
No "other ports" field exists in redhat-config-securitylevel gui.
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: redhat-config-securitylevel (Show other bugs)
3.0
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Chris Lumens
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-16 14:24 EDT by Andrew Haninger
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-29 11:19:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora (22.39 KB, image/png)
2004-11-04 17:04 EST, Daniel L. Rall
no flags Details

  None (edit)
Description Andrew Haninger 2004-07-16 14:24:00 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5)
Gecko/20031007 Firebird/0.7

Description of problem:
The redhat-config-securitylevel tool's gui in RHEL3 does not contain a
"other ports" field as is shown in the installation screens and
documentation.

This can be troublesome for users trying to set up a RHEL3 machine
with apache-ssl since the firewall is on by default and the only way
to allow connections on port 443 through the gui is to make the
ethernet device a "trusted" device, which is advised against in the
documentation.

However, redhat-config-securitylevel-tui DOES have the "other ports"
option. When options are set here, they do not translate to the gui so
it's hard to tell which tool is actually making any changes. (My guess
/hope is that the last-used tool makes the changes, but the other one
just isn't aware of them.)

I feel that the optimal solution would be to add the "other ports"
field to the gui. This way, users who are knowledgeable enough about
networking and security to want to make their machine secure, but who
don't know how to use iptables will be able to avoid making their
networok card a trusted device.

Version-Release number of selected component (if applicable):
redhat-config-securitylevel-1.2.9-1

How reproducible:
Always

Steps to Reproduce:
1. Run redhat-config-security.
2. Look for a place to enter ports for services other than those shown.
3. Where is it?! IT'S NOT THERE!
4. Curse the people that thought only 5 services were needed on a server.
5. Discover that the text interface has the options you want.
6. Feel confused.
7. Enter a bug in redhat.bugzilla.com

Actual Results:  I entered this bug after finding the setting in the tui.

Expected Results:  I should have had the option to leave the "trusted
device" checkbox for eth0 unchecked, and enter 443 or checked a HTTPS
checkbox in order to allow incoming traffic on this port.

Additional info:

Older versions of RedHat appear to have had this option and for some
reason it was removed. This simply made me more aggravated.
Comment 1 Jonathan Reed 2004-09-13 09:30:40 EDT
This is pretty lame that once again the tui tool and gui tool have
different functionality.  (c.f. redhat-config-network)  Although this
time, the tui tool has more functionality.  Given that this bug has
stagnated since 7/16, and it's now 9/13, I suspect there's no hope of
seeing it fixed in U4, but I sincerely hope that RHEL 4 will eliminate
all the version skew between different versions of the redhat-config-*
tools and the old *cfg/*config tools.
Comment 2 Daniel L. Rall 2004-11-04 16:46:43 EST
This request appears to be a subset of bug 105827, and a good place to
start work on implementing that RFE.
Comment 3 Daniel L. Rall 2004-11-04 17:04:10 EST
Created attachment 106195 [details]
Screen shot of system-config-securitylevel-1.3.12-1 GUI from Fedora

Apparently system-config-securitylevel-1.3.12-1 from Fedora already provides
this functionality.  Users of RHEL may be able to leverage that, though do note
that the name of the binary differs in the Fedora package.   Alternately, you
could build from CVS yourself:

CVSROOT -> :pserver:anonymous@rhlinux.redhat.com:/usr/local/CVS  (no password)
module	-> redhat-config-securitylevel

Note You need to log in before you can comment on or make changes to this bug.