1024500 – Security hardening for /etc/* before Satellite 6 GA

Bug 1024500 - Security hardening for /etc/* before Satellite 6 GA

Summary: Security hardening for /etc/* before Satellite 6 GA

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Infrastructure
Sub Component:
Version:	6.0.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Trevor Jay
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-10-29 19:34 UTC by Mike McCune
Modified:	2014-08-21 13:34 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-08-21 13:34:06 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Mike McCune 2013-10-29 19:34:35 UTC

Ned to go through all the files that Satellite 6 installs in:

/etc/*

and ensure they aare not world readable, and have the proper permissions such that the services using them can read them but nothing else can (except root).

Comment 1 Mike McCune 2013-10-29 19:35:09 UTC

Further info:

many of the files we configure contain username/passwords as well as oauth tokens and keys and we don't want non-root users able to read these.

Comment 2 RHEL Program Management 2013-10-29 19:35:30 UTC

Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 4 Mike McCune 2014-08-21 13:34:06 UTC

Will utilize formal security review process for this bug and file individual bugs.

Note You need to log in before you can comment on or make changes to this bug.