Bug 1024500

Summary: Security hardening for /etc/* before Satellite 6 GA
Product: Red Hat Satellite Reporter: Mike McCune <mmccune>
Component: InfrastructureAssignee: Trevor Jay <tjay>
Status: CLOSED WONTFIX QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0.4CC: bbuckingham, gmollett, kseifried
Target Milestone: UnspecifiedKeywords: Security, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-21 13:34:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike McCune 2013-10-29 19:34:35 UTC 
Ned to go through all the files that Satellite 6 installs in:

/etc/*

and ensure they aare not world readable, and have the proper permissions such that the services using them can read them but nothing else can (except root).
Comment 1 Mike McCune 2013-10-29 19:35:09 UTC 
Further info:

many of the files we configure contain username/passwords as well as oauth tokens and keys and we don't want non-root users able to read these.
Comment 2 RHEL Program Management 2013-10-29 19:35:30 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 4 Mike McCune 2014-08-21 13:34:06 UTC 
Will utilize formal security review process for this bug and file individual bugs.