Enhancement #2548

Default remote access from public networks

Added by Davide Principi over 7 years ago. Updated over 7 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-httpd-admin
Target version:v6.5-beta3
Resolution: NEEDINFO:No

Description

Set the httpd-admin ValidFrom prop default value to 0.0.0.0/0.0.0.0 (any network), to simplify the installation procedure on servers hosted on remote networks.

Associated revisions

Revision cac12e15
Added by Davide Principi over 7 years ago

Changed default ValidFrom to "any network". Refs #2548

New value is "0.0.0.0/0.0.0.0". A TODO remainder for the admin should be added to fix this.

Revision 95836e1f
Added by Davide Principi over 7 years ago

sshd default access policy changed to "public". Refs #2548

History

#1 Updated by Davide Principi over 7 years ago

  • Target version set to v6.5-beta3

#2 Updated by Davide Principi over 7 years ago

  • Subject changed from Default server-manager ValidFrom 0.0.0.0 to Default remote access from public networks
  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

Remote (i.e. cloud) installations would benefit from an "open" default policy

Set default

  config setprop httpd-admin ValidFrom 0.0.0.0/0.0.0.0
  config setprop sshd access public

#3 Updated by Davide Principi over 7 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#4 Updated by Davide Principi over 7 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Test case

On a fresh installation

  • sshd policy must be "public"
        # grep ^sshd /etc/hosts.allow 
    sshd    :    ALL
    
  • httpd-admin must be accessible from any network:
        # grep -F '0.0.0.0/0.0.0.0' /etc/httpd/admin-conf/httpd.conf 
           Allow from 127.0.0.1 192.168.x.y/255.255.255.0 0.0.0.0/0.0.0.0
    

#5 Updated by Davide Principi over 7 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-openssh-1.0.3-2.0git95836e1f.ns6.noarch.rpm
nethserver-httpd-admin-1.1.0-12.0gitcac12e15.ns6.noarch.rpm

#6 Updated by Giacomo Sanchietti over 7 years ago

  • Assignee set to Giacomo Sanchietti

#7 Updated by Giacomo Sanchietti over 7 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

SSH and http-admin default access is now public:

[root@localhost ~]# cat /etc/e-smith/db/configuration/defaults/httpd-admin/access
public

[root@localhost ~]# cat /etc/e-smith/db/configuration/defaults/sshd/access
public

[root@localhost ~]# grep -F '0.0.0.0/0.0.0.0' /etc/httpd/admin-conf/httpd.conf 
       Allow from 127.0.0.1 192.168.5.0/255.255.255.0 0.0.0.0/0.0.0.0

[root@localhost ~]# grep ^sshd /etc/hosts.allow 
sshd    :    ALL

[root@localhost ~]# grep 22 /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

[root@localhost ~]# grep 980 /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 980 -j ACCEPT

[root@localhost ~]# netstat -lanp | grep httpd-admin
tcp        0      0 :::980                      :::*                        LISTEN      7133/httpd-admin

[root@localhost ~]# netstat -lanp | grep sshd
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      7216/sshd  

Marking as VERIFIED.

#8 Updated by Davide Principi over 7 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

Released in nethserver/6.5/base repository.

Also available in: Atom PDF