Description of problem: The directory /var/log/openvswitch is world readable and contains log files that are readable, which can result in the exposure of sensitive information. The 'other readable/execute' bits need to be removed from the /var/log/openvswitch directory. Because no sensitive data was found in the files, this is being raised as a hardening bug, and not a flaw. Version-Release number of selected component (if applicable): openvswitch-2.5.0-14.git20160727.el7fdp Steps to reproduce: $ ls -la /var/log/openvswitch total 48 drwxr-xr-x. 2 root root 4096 Mar 12 03:20 . drwxr-xr-x. 31 root root 4096 Mar 5 18:23 .. -rw-r--r--. 1 root root 95 Mar 12 03:20 ovsdb-server.log -rw-r--r--. 1 root root 138 Mar 8 03:39 ovsdb-server.log-20170309.gz -rw-r--r--. 1 root root 139 Mar 9 03:40 ovsdb-server.log-20170310.gz -rw-r--r--. 1 root root 140 Mar 10 03:29 ovsdb-server.log-20170311.gz -rw-r--r--. 1 root root 140 Mar 11 03:14 ovsdb-server.log-20170312.gz -rw-r--r--. 1 root root 95 Mar 12 03:20 ovs-vswitchd.log -rw-r--r--. 1 root root 104 Mar 8 03:39 ovs-vswitchd.log-20170309.gz -rw-r--r--. 1 root root 104 Mar 9 03:40 ovs-vswitchd.log-20170310.gz -rw-r--r--. 1 root root 104 Mar 10 03:29 ovs-vswitchd.log-20170311.gz -rw-r--r--. 1 root root 104 Mar 11 03:14 ovs-vswitchd.log-20170312.gz
This bugzilla has been removed from the release and needs to be reviewed and Triaged for another Target Release.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:2648