From 2e341f561374e766e798b4b2e877f171f50beb59 Mon Sep 17 00:00:00 2001 From: Jagatguru Prasad Mishra Date: Tue, 11 Feb 2025 03:46:22 -0500 Subject: [PATCH] Update permission of horizon logs Currently, /var/log/horizon/horizon.log and /var/log/horizon/gunicorn.log have permission 644. To comply with the CIS benchmark requirements, the permissions should be set to 640. This change updates the permissions of /var/log/horizon/horizon.log and /var/log/horizon/gunicorn.log to 640. Test Plan: PASS: Build ISO and deploy AIO-SX. PASS: Verify that permission of /var/log/horizon/horizon.log and /var/log/horizon/gunicorn.log files are set to 640. PASS: AIO-SX: Login to horizon GUI and perform a lock operation on contoller-0. The lock operation should be logged in /var/log/horizon/horizon.log and /var/log/horizon.log. Log file /var/log/horizon/gunicorn.log should contain Info messages like "Starting gunicorn". Story: 2011241 Task: 51366 Change-Id: I5aaae6c480ca25097880a7fa5548e162e5ef1ff8 Signed-off-by: Jagatguru Prasad Mishra --- openstack/python-horizon/files/horizon.init | 3 +++ 1 file changed, 3 insertions(+) diff --git a/openstack/python-horizon/files/horizon.init b/openstack/python-horizon/files/horizon.init index a5f69587..a095d8ca 100755 --- a/openstack/python-horizon/files/horizon.init +++ b/openstack/python-horizon/files/horizon.init @@ -97,6 +97,9 @@ start() # As part of starting horizon we should kill containerized horizon so that it # will pickup branding changes kubectl --kubeconfig=/etc/kubernetes/admin.conf delete pods -n openstack -l application=horizon 1>/dev/null + #restrict log file permissions + chmod 640 /var/log/horizon/horizon.log + chmod 640 /var/log/horizon/gunicorn.log } stop()