Description of problem:
The directory /var/log/gnocchi is world readable and contains log files that are readable, which can result in the exposure of sensitive information. The 'other readable/execute' bits need to be removed from the /var/log/gnocchi directory.
Because no sensitive data was found in the files, this is being raised as a hardening bug, and not a flaw.
Version-Release number of selected component (if applicable):
3.1.1-0.20170218181806.ca27a17.el7ost
How reproducible:
List /var/log directory for openstack-gnocchi:
$ ls -la gnocchi
total 48
drwxr-xr-x. 2 gnocchi root 81 Mar 8 22:41 .
drwxr-xr-x. 25 root root 4096 Mar 12 19:44 ..
-rw-r--r--. 1 gnocchi gnocchi 1242 Mar 8 22:41 app.log
-rw-r--r--. 1 gnocchi gnocchi 1081 Mar 8 22:15 gnocchi-upgrade.log
-rw-r--r--. 1 gnocchi gnocchi 28742 Mar 12 19:45 metricd.log
-rw-r--r--. 1 gnocchi gnocchi 3554 Mar 12 19:45 statsd.log
Actual results:
Directory and files are world readable.
Expected results:
Directory and files should not be world readable.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2018:0312