fe39a30c98
This reverts commit ea9b39d723.
In order to release stable/pike we need this to still be present.
https://review.openstack.org/#/c/502063/ is failing.
Once we release stable/pike we can figure out how to properly remove
this repository.
Change-Id: I50308b1c3001371d4554b6c2640bd5384e870a53
24 lines
888 B
ReStructuredText
24 lines
888 B
ReStructuredText
---
|
|
id: V-38643
|
|
status: exception
|
|
tag: file_perms
|
|
---
|
|
|
|
Searching for world-writable files on a host deployed with openstack-ansible
|
|
can be very time consuming and it can create unnecessary I/O load on hosts.
|
|
Deployers are urged to check for world-writable files on a regular basis in
|
|
directories where those files might be a concern (especially web accessible
|
|
directories).
|
|
|
|
The command provided with the STIG is helpful for finding these types of files:
|
|
|
|
.. code-block:: bash
|
|
|
|
find ${MOUNT_POINT} -xdev -type f -perm -002
|
|
|
|
Running ``find /`` isn't recommended on systems without LVM storage for
|
|
containers since it will eventually search through the filesystems of the LXC
|
|
containers that are deployed by openstack-ansible. The ``-xdev`` option
|
|
prevents ``find`` from wandering into other mounted filesystems and will
|
|
prevent it from searching through containers in logical volumes.
|