Description of problem:
The directory /var/log/gnocchi is world readable and contains log files that are readable, which can result in the exposure of sensitive information. The 'other readable/execute' bits need to be removed from the /var/log/gnocchi directory.
Because no sensitive data was found in the files, this is being raised as a hardening bug, and not a flaw.
Version-Release number of selected component (if applicable):
openstack-gnocchi-3.0.4-2.el7ost
How reproducible:
List /var/log directory for openstack-gnocchi:
$ ls -la gnocchi/
total 28
drwxr-xr-x. 2 gnocchi root 81 Mar 8 01:26 .
drwxr-xr-x. 26 root root 4096 Mar 12 19:36 ..
-rw-r--r--. 1 gnocchi gnocchi 1238 Mar 12 19:38 app.log
-rw-r--r--. 1 gnocchi gnocchi 325 Mar 8 00:42 gnocchi-upgrade.log
-rw-r--r--. 1 gnocchi gnocchi 10902 Mar 12 19:40 metricd.log
-rw-r--r--. 1 gnocchi gnocchi 1474 Mar 12 19:38 statsd.log
Actual results:
Directory and files are world readable.
Expected results:
Directory and files should not be world readable.