Description of problem: The directory /var/log/gnocchi is world readable and contains log files that are readable, which can result in the exposure of sensitive information. The 'other readable/execute' bits need to be removed from the /var/log/gnocchi directory. Because no sensitive data was found in the files, this is being raised as a hardening bug, and not a flaw. Version-Release number of selected component (if applicable): openstack-gnocchi-3.0.4-2.el7ost How reproducible: List /var/log directory for openstack-gnocchi: $ ls -la gnocchi/ total 28 drwxr-xr-x. 2 gnocchi root 81 Mar 8 01:26 . drwxr-xr-x. 26 root root 4096 Mar 12 19:36 .. -rw-r--r--. 1 gnocchi gnocchi 1238 Mar 12 19:38 app.log -rw-r--r--. 1 gnocchi gnocchi 325 Mar 8 00:42 gnocchi-upgrade.log -rw-r--r--. 1 gnocchi gnocchi 10902 Mar 12 19:40 metricd.log -rw-r--r--. 1 gnocchi gnocchi 1474 Mar 12 19:38 statsd.log Actual results: Directory and files are world readable. Expected results: Directory and files should not be world readable.