openstack/openstack-ansible
Code Issues Proposed changes
openstack-ansible/releasenotes/notes/fix-audit-log-permission-bug-81a772e2e6d0a5b3.yaml
Jesse Pretorius bb69b667f0 Update all SHAs for Newton-1 2016-06-02 
This patch updates all the roles to the latest available SHA's,
updates all the OpenStack Service SHA's and also updates the
appropriate python requirements pins.

Change-Id: Ifc77c02d456500651e8adcaf9338f81601e2c148
2016-06-02 21:05:45 +00:00

11 lines
436 B
YAML
Raw Blame History

---
fixes:
- |
The security role previously set the permissions on all audit log files in
``/var/log/audit`` to ``0400``, but this prevents the audit daemon from
writing to the active log file. This will prevent ``auditd`` from
starting or restarting cleanly.
The task now removes any permissions that are not allowed by the STIG. Any
log files that meet or exceed the STIG requirements will not be modified.
View Git Blame Copy Permalink