The directory /var/log/keystone is world readable and contains log files that are readable which can result in exposure of sensitive information. We need to remove the "other readable/execute" bits from the /var/log/keystone directory [root@rhos log]# ls -la /var/log/keystone total 8 drwxr-xr-x. 2 keystone keystone 4096 Apr 24 21:37 . drwxr-xr-x. 22 root root 4096 Apr 24 21:37 .. -rw-r--r--. 1 keystone keystone 0 Apr 24 21:37 keystone.log At this time this is a security hardening issue.
Created openstack-keystone tracking bugs for this issue Affects: epel-6 [bug 956809]
Created openstack-keystone tracking bugs for this issue Affects: fedora-all [bug 956814]
This issue has been addressed in following products: OpenStack Folsom for RHEL 6 Via RHSA-2013:0806 https://rhn.redhat.com/errata/RHSA-2013-0806.html
openstack-keystone-2012.2.4-3.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
openstack-keystone-2012.2.4-5.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
openstack-keystone-2013.1.2-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.