Bug 1431465 - openstack-gnocchi: /var/log/gnocchi is world readable
Summary: openstack-gnocchi: /var/log/gnocchi is world readable
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-gnocchi
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: async
: 10.0 (Newton)
Assignee: Pradeep Kilambi
QA Contact: Sasha Smolyak
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-12 23:43 UTC by Summer Long
Modified: 2019-01-15 23:42 UTC (History)
9 users (show)

Fixed In Version: openstack-gnocchi-3.0.6-2.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1431464
: 1431466 (view as bug list)
Environment:
Last Closed: 2017-08-14 17:00:43 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
RDO 5804 0 None None None 2017-03-15 14:28:11 UTC

Description Summer Long 2017-03-12 23:43:09 UTC 
Description of problem:
The directory /var/log/gnocchi is world readable and contains log files that are readable, which can result in the exposure of sensitive information. The 'other readable/execute' bits need to be removed from the /var/log/gnocchi directory.

Because no sensitive data was found in the files, this is being raised as a hardening bug, and not a flaw.

Version-Release number of selected component (if applicable):
openstack-gnocchi-3.0.4-2.el7ost

How reproducible:
List /var/log directory for openstack-gnocchi:
$  ls -la gnocchi/
total 28
drwxr-xr-x.  2 gnocchi root       81 Mar  8 01:26 .
drwxr-xr-x. 26 root    root     4096 Mar 12 19:36 ..
-rw-r--r--.  1 gnocchi gnocchi  1238 Mar 12 19:38 app.log
-rw-r--r--.  1 gnocchi gnocchi   325 Mar  8 00:42 gnocchi-upgrade.log
-rw-r--r--.  1 gnocchi gnocchi 10902 Mar 12 19:40 metricd.log
-rw-r--r--.  1 gnocchi gnocchi  1474 Mar 12 19:38 statsd.log

Actual results:
Directory and files are world readable.

Expected results:
Directory and files should not be world readable.
Note You need to log in before you can comment on or make changes to this bug.