Changed mode of /var/log/nova to 0750
If directory is world executable, it means when somebody knows proper filenames (and everybody knows default names) then the directory is "vulnerable". Change-Id: Icdd68f5178debdd2368d3c02c94419be4f2935a8
This commit is contained in:
Martin Magr
@@ -125,7 +125,7 @@ class nova(
|
|||||||
|
|
||||||
file { $logdir:
|
file { $logdir:
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => '0751',
|
mode => '0750',
|
||||||
}
|
}
|
||||||
file { '/etc/nova/nova.conf':
|
file { '/etc/nova/nova.conf':
|
||||||
mode => '0640',
|
mode => '0640',
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ describe 'nova' do
|
|||||||
|
|
||||||
it { should contain_file('/var/log/nova').with(
|
it { should contain_file('/var/log/nova').with(
|
||||||
'ensure' => 'directory',
|
'ensure' => 'directory',
|
||||||
'mode' => '0751',
|
'mode' => '0750',
|
||||||
'owner' => 'nova',
|
'owner' => 'nova',
|
||||||
'group' => 'nova',
|
'group' => 'nova',
|
||||||
'require' => 'Package[nova-common]'
|
'require' => 'Package[nova-common]'
|
||||||
|
|||||||
Reference in New Issue
Block a user