Description of problem:
The directory /var/log/ceilometer is world readable and contains log files that are readable, which can result in the exposure of sensitive information. The 'other readable/execute' bits need to be removed from the /var/log/ceilometer directory.
Because no sensitive data was found in the files, this is being raised as a hardening bug, and not a flaw.
Version-Release number of selected component (if applicable):
openstack-ceilometer-2014.2.3-10.el7ost
How reproducible:
List /var/log directory for openstack-ceilometer:
$ ls -la ceilometer/
total 640
drwxr-xr-x. 2 ceilometer root 4096 Mar 6 21:28 .
drwxr-xr-x. 25 root root 4096 Mar 12 18:42 ..
-rw-r--r--. 1 ceilometer ceilometer 47358 Mar 12 18:42 agent-notification.log
-rw-r--r--. 1 ceilometer ceilometer 31499 Mar 12 18:47 alarm-evaluator.log
-rw-r--r--. 1 ceilometer ceilometer 7653 Mar 12 18:42 alarm-notifier.log
-rw-r--r--. 1 ceilometer ceilometer 83116 Mar 12 18:42 api.log
-rw-r--r--. 1 ceilometer ceilometer 248 Mar 5 23:53 ceilometer-dbsync.log
-rw-r--r--. 1 ceilometer ceilometer 274307 Mar 12 18:42 central.log
-rw-r--r--. 1 ceilometer ceilometer 14315 Mar 12 18:42 collector.log
-rw-r--r--. 1 ceilometer ceilometer 163202 Mar 12 18:42 compute.log
Actual results:
Directory and files are world readable.
Expected results:
Directory and files should not be world readable.