openstack/ansible-hardening
Code Issues Proposed changes

Merge "V-38699: Public directories exception"

Browse Source
This commit is contained in:
Jenkins 2015-10-27 13:17:02 +00:00 committed by Gerrit Code Review
commit d449322762
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/source/developer-notes/V-38699.rst Normal file
View File

@ -0,0 +1,16 @@
**Exception**
The STIG requires administrators to search for directories meeting all of the
following criteria:
* World writable
* Owned by a normal user (UID > 499)
It requires that those directories are owned by root to prevent users from
removing and replacing files. This ``find`` command isn't run within the
Ansible tasks in openstack-ansible-security because it can be a very
time-consuming task and it can slow down disk I/O while it runs.
Deployers are strongly urged to review the permissions and ownerships of
critical directories on their systems regularly to verify that they meet
the requirements of this STIG.