129106 – Mistake in documentation concerning Securing NIS

Bug 129106 - Mistake in documentation concerning Securing NIS

Summary: Mistake in documentation concerning Securing NIS

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	rhel-sg
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Brian Forte
QA Contact:	John Ha
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-08-04 03:37 UTC by Joshua
Modified:	2014-08-04 22:15 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-10-19 19:21:37 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Joshua 2004-08-04 03:37:49 UTC

Description of problem:
The documentation that shows how to create a secure NIS server is 
incorrect.  The documentation does not make the NIS server use static 
ports.  I have found a fix to the problem and it is quite easy to 
make the change to the documentation.  In the section titled "5.3.4. 
Assign Static Ports and Use IPTables Rules" it says to change 
the /etc/sysconfig/network file in order to allow static ports for 
NIS.  The documentation at this moment says that the two lines 
YPSERV_ARGS="-p 834"
YPXFRD_ARGS="-p 835"
should be added to the file to create the static ports.  I tried to 
get it working under this change and could not.  But I found that the 
simple change of editing those new lines to be            
YPSERV_ARGS="--port 834"
YPXFRD_ARGS="--port 835"
will create the desired effect.  Just to let you know.

Version-Release number of selected component (if applicable):
rhel-sg(EN)-3-HTML-RHI (2003-07-25T17:12)
 

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Johnray Fuller 2004-08-24 21:48:02 UTC

reassigning to mainatiner.

J

Comment 2 Michael Hideo 2006-08-03 03:19:09 UTC

hi David, please check the relevance of this in regards to where we are with
documenting security?

cheers
Mike

Comment 3 David O'Brien 2006-08-04 00:46:26 UTC

emailed twoerner for validation.

David

Comment 4 David O'Brien 2006-08-22 03:01:31 UTC

The following comment from twoerner:

From the ypserv man page:
  -p --port port
         ypserv will bind itself to this port.  This makes it possible to
         have a router filter packets to the NIS ports, so that access to
         the NIS server from hosts on the Internet can be restricted.

 From the rpc.ypxfrd man page:
  -p port
         rpc.ypxfrd  will bind itself to this port, which makes it possi-
         ble to have a router filter packets to the NIS ports.  This  can
         restrict the access to the NIS server from hosts on the Inter-
         net.


So I do not think that it is a good idea to change YPXFRD_ARGS to 
"--port 835", because rpc.ypxfrd does not accept --port as an option.

I'm not changing the doc for the present. I'll try to get someone to actually
test this and validate what works and what doesn't.

Comment 5 Michael Hideo 2007-06-06 04:42:31 UTC

Adding 'cc ecs-dev-list for tracking

Comment 6 RHEL Program Management 2007-10-19 19:21:37 UTC

This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.