Description of problem: The directory /var/log/ironic-inspector is world readable and contains log files that are readable, which can result in the exposure of sensitive information. The 'other readable/execute' bits need to be removed from the /var/log/ironic directory. Because no sensitive data was found in the files, this is being raised as a hardening bug, and not a flaw. Version-Release number of selected component (if applicable): openstack-ironic-inspector-5.0.1-0.20170214181727.babc2b6.el7ost
RDO master patch: https://review.rdoproject.org/r/#/c/5786/
Fix merged in RDO: https://review.rdoproject.org/r/#/c/5792/
verified: Environment: openstack-ironic-inspector-5.0.0-2.el7ost.noarch [root@undercloud-0 ~]# ls -la /var/log/ironic-inspector/ -d drwxr-x---. 3 ironic-inspector ironic-inspector 4096 Mar 20 03:40 /var/log/ironic-inspector/
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1245