V-38699: Public directories exception

Implements: blueprint security-hardening Change-Id: I0e22443cf34244598dbe9fc1074680692823465e
2015-10-13 09:11:19 -05:00 · 2015-10-13 09:11:19 -05:00 · c7b8af29d4
commit c7b8af29d4
parent 241f6cd074
1 changed files with 16 additions and 0 deletions
--- a/doc/source/developer-notes/V-38699.rst
+++ b/doc/source/developer-notes/V-38699.rst
@ -0,0 +1,16 @@
+**Exception**
+
+The STIG requires administrators to search for directories meeting all of the
+following criteria:
+
+* World writable
+* Owned by a normal user (UID > 499)
+
+It requires that those directories are owned by root to prevent users from
+removing and replacing files. This ``find`` command isn't run within the
+Ansible tasks in openstack-ansible-security because it can be a very
+time-consuming task and it can slow down disk I/O while it runs.
+
+Deployers are strongly urged to review the permissions and ownerships of
+critical directories on their systems regularly to verify that they meet
+the requirements of this STIG.