Description of problem: The directory /var/log/gnocchi is world readable and contains log files that are readable, which can result in the exposure of sensitive information. The 'other readable/execute' bits need to be removed from the /var/log/gnocchi directory. Because no sensitive data was found in the files, this is being raised as a hardening bug, and not a flaw. Version-Release number of selected component (if applicable): 3.1.1-0.20170218181806.ca27a17.el7ost How reproducible: List /var/log directory for openstack-gnocchi: $ ls -la gnocchi total 48 drwxr-xr-x. 2 gnocchi root 81 Mar 8 22:41 . drwxr-xr-x. 25 root root 4096 Mar 12 19:44 .. -rw-r--r--. 1 gnocchi gnocchi 1242 Mar 8 22:41 app.log -rw-r--r--. 1 gnocchi gnocchi 1081 Mar 8 22:15 gnocchi-upgrade.log -rw-r--r--. 1 gnocchi gnocchi 28742 Mar 12 19:45 metricd.log -rw-r--r--. 1 gnocchi gnocchi 3554 Mar 12 19:45 statsd.log Actual results: Directory and files are world readable. Expected results: Directory and files should not be world readable.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0312