Reviewed: https://review.openstack.org/320131 Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=490d2f4bd8078c8550e0ce13ee282948c49e6945 Submitter: Jenkins Branch: master commit 490d2f4bd8078c8550e0ce13ee282948c49e6945 Author: Major Hayden <major at mhtx.net> Date: Mon May 23 16:02:36 2016 -0500 Fix auditd log permission bug The tasks for handling auditd log permissions incorrectly set all log files in /var/log/audit to 0400, which prevents auditd from writing to the active log file. This prevents auditd from starting and restarting. The task now removes any permissions explicitly disallowed by V-38498. Any files meeting/exceeding the STIG requirements will not be modified. Closes-bug: 1584942 Change-Id: I1bb2b91ae8a78b1f0304bd4ce0f9a774d65245bd ** Changed in: openstack-ansible Status: In Progress => Fix Released -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1584942 Title: Security role sets incorrect permissions on auditd logs Status in openstack-ansible: Fix Released Bug description: The security role sets the permissions on all audit logs to 0400, but this is incorrect. The active log that is being written to should be set to 0600 and the rotated ones should be 0400. This causes auditd to fail on startup. To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1584942/+subscriptions