The directory /var/log/nova is world readable and contains log files that are readable which can result in exposure of sensitive information. We need to remove the "other readable/execute" bits from the /var/log/nova directory [root@rhos log]# ls -la /var/log/nova/ total 204 drwxr-xr-x. 2 nova root 4096 Apr 24 21:37 . drwxr-xr-x. 22 root root 4096 Apr 24 21:37 .. -rw-r--r--. 1 nova nova 10372 Apr 24 21:37 api.log -rw-r--r--. 1 nova nova 24275 Apr 24 22:03 cert.log -rw-r--r--. 1 nova nova 24380 Apr 24 22:03 compute.log -rw-r--r--. 1 nova nova 24282 Apr 24 22:03 consoleauth.log -rw-r--r--. 1 nova nova 24278 Apr 24 22:03 console.log -rw-r--r--. 1 nova nova 188 Apr 24 21:37 metadata-api.log -rw-r--r--. 1 nova nova 24123 Apr 24 22:03 network.log -rw-r--r--. 1 nova nova 200 Apr 24 21:37 objectstore.log -rw-r--r--. 1 nova nova 24280 Apr 24 22:03 scheduler.log -rw-r--r--. 1 nova nova 244 Apr 24 21:37 volume.log -rw-r--r--. 1 nova nova 311 Apr 24 21:37 xvpvncproxy.log At this time this is a security hardening issue.
Created openstack-nova tracking bugs for this issue Affects: epel-6 [bug 956808]
Created openstack-nova tracking bugs for this issue Affects: fedora-all [bug 956813]