fe39a30c98
This reverts commit ea9b39d723.
In order to release stable/pike we need this to still be present.
https://review.openstack.org/#/c/502063/ is failing.
Once we release stable/pike we can figure out how to properly remove
this repository.
Change-Id: I50308b1c3001371d4554b6c2640bd5384e870a53
888 B
---id: V-38643 status: exception tag: file_perms ---
Searching for world-writable files on a host deployed with openstack-ansible can be very time consuming and it can create unnecessary I/O load on hosts. Deployers are urged to check for world-writable files on a regular basis in directories where those files might be a concern (especially web accessible directories).
The command provided with the STIG is helpful for finding these types of files:
find ${MOUNT_POINT} -xdev -type f -perm -002Running find / isn't recommended on systems without LVM
storage for containers since it will eventually search through the
filesystems of the LXC containers that are deployed by
openstack-ansible. The -xdev option prevents
find from wandering into other mounted filesystems and will
prevent it from searching through containers in logical volumes.