Bug 129106 - Mistake in documentation concerning Securing NIS
Mistake in documentation concerning Securing NIS
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: rhel-sg (Show other bugs)
3.0
All Linux
medium Severity low
: ---
: ---
Assigned To: Brian Forte
John Ha
: Documentation
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-03 23:37 EDT by Joshua
Modified: 2014-08-04 18:15 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-19 15:21:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Joshua 2004-08-03 23:37:49 EDT
Description of problem:
The documentation that shows how to create a secure NIS server is 
incorrect.  The documentation does not make the NIS server use static 
ports.  I have found a fix to the problem and it is quite easy to 
make the change to the documentation.  In the section titled "5.3.4. 
Assign Static Ports and Use IPTables Rules" it says to change 
the /etc/sysconfig/network file in order to allow static ports for 
NIS.  The documentation at this moment says that the two lines 
YPSERV_ARGS="-p 834"
YPXFRD_ARGS="-p 835"
should be added to the file to create the static ports.  I tried to 
get it working under this change and could not.  But I found that the 
simple change of editing those new lines to be            
YPSERV_ARGS="--port 834"
YPXFRD_ARGS="--port 835"
will create the desired effect.  Just to let you know.

Version-Release number of selected component (if applicable):
rhel-sg(EN)-3-HTML-RHI (2003-07-25T17:12)
 

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Johnray Fuller 2004-08-24 17:48:02 EDT
reassigning to mainatiner.

J
Comment 2 Michael Hideo 2006-08-02 23:19:09 EDT
hi David, please check the relevance of this in regards to where we are with
documenting security?

cheers
Mike
Comment 3 David O'Brien 2006-08-03 20:46:26 EDT
emailed twoerner@redhat.com for validation.

David
Comment 4 David O'Brien 2006-08-21 23:01:31 EDT
The following comment from twoerner@redhat.com:

From the ypserv man page:
  -p --port port
         ypserv will bind itself to this port.  This makes it possible to
         have a router filter packets to the NIS ports, so that access to
         the NIS server from hosts on the Internet can be restricted.

 From the rpc.ypxfrd man page:
  -p port
         rpc.ypxfrd  will bind itself to this port, which makes it possi-
         ble to have a router filter packets to the NIS ports.  This  can
         restrict the access to the NIS server from hosts on the Inter-
         net.


So I do not think that it is a good idea to change YPXFRD_ARGS to 
"--port 835", because rpc.ypxfrd does not accept --port as an option.

I'm not changing the doc for the present. I'll try to get someone to actually
test this and validate what works and what doesn't.
Comment 5 Michael Hideo 2007-06-06 00:42:31 EDT
Adding 'cc ecs-dev-list@redhat.com for tracking
Comment 6 RHEL Product and Program Management 2007-10-19 15:21:37 EDT
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.