Description of problem: The directory /var/log/zaqar is world readable and contains log files that are readable, which can result in the exposure of sensitive information. The 'other readable/execute' bits need to be removed from the /var/log/zaqar directory. Because no sensitive data was found in the files, this is being raised as a hardening bug, and not a flaw. Version-Release number of selected component (if applicable): openstack-zaqar-3.0.0-3.el7ost Steps to reproduce: $ ls -la /var/log/zaqar total 12 drwxr-xr-x. 2 zaqar root 4096 Feb 16 22:44 . drwxr-xr-x. 31 root root 4096 Mar 5 18:23 .. -rw-r--r--. 1 zaqar zaqar 714 Mar 5 17:57 zaqar.log
Packaging change merged upstream in RDO.
[stack@undercloud-0 ~]$ sudo ls -la /var/log/zaqar total 8 drwxr-x---. 2 zaqar root 23 Aug 16 04:56 . drwxr-xr-x. 31 root root 4096 Aug 16 05:57 .. -rw-r--r--. 1 zaqar zaqar 620 Aug 16 05:00 zaqar.log Fixed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2653