Bug 1024500 - Security hardening for /etc/* before Satellite 6 GA
Security hardening for /etc/* before Satellite 6 GA
Status: CLOSED WONTFIX
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Infrastructure (Show other bugs)
6.0.4
Unspecified Unspecified
unspecified Severity high (vote)
: Unspecified
: --
Assigned To: Trevor Jay
Katello QA List
: Security, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-29 15:34 EDT by Mike McCune
Modified: 2014-08-21 09:34 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-08-21 09:34:06 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mike McCune 2013-10-29 15:34:35 EDT
Ned to go through all the files that Satellite 6 installs in:

/etc/*

and ensure they aare not world readable, and have the proper permissions such that the services using them can read them but nothing else can (except root).
Comment 1 Mike McCune 2013-10-29 15:35:09 EDT
Further info:

many of the files we configure contain username/passwords as well as oauth tokens and keys and we don't want non-root users able to read these.
Comment 2 RHEL Product and Program Management 2013-10-29 15:35:30 EDT
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 4 Mike McCune 2014-08-21 09:34:06 EDT
Will utilize formal security review process for this bug and file individual bugs.

Note You need to log in before you can comment on or make changes to this bug.