diff --git a/oslo_metrics/__main__.py b/oslo_metrics/__main__.py
index c89347f..e445818 100644
--- a/oslo_metrics/__main__.py
+++ b/oslo_metrics/__main__.py
@@ -30,7 +30,7 @@ from oslo_metrics import message_router
 
 oslo_metrics_configs = [
     cfg.StrOpt('metrics_socket_file',
-               default='/var/tmp/metrics_collector.sock',
+               default='/var/tmp/metrics_collector.sock',  # nosec
                help='Unix domain socket file to be used'
                     ' to send rpc related metrics'),
     cfg.IntOpt('prometheus_port', default=3000,
@@ -98,7 +98,7 @@ def main():
     socket_path = cfg.CONF.oslo_metrics.metrics_socket_file
     m = MetricsListener(socket_path)
     try:
-        os.chmod(socket_path, 0o660)
+        os.chmod(socket_path, 0o600)
     except OSError:
         LOG.error("Changing the mode of the file failed.... continuing")
     mt = threading.Thread(target=m.serve)
diff --git a/test-requirements.txt b/test-requirements.txt
index b15df2e..3580880 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4,6 +4,6 @@
 hacking>=3.0.1,<3.1.0 # Apache-2.0
 oslotest>=3.2.0 # Apache-2.0
 # Bandit security code scanner
-bandit>=1.6.0,<1.7.0 # Apache-2.0
+bandit>=1.7.0,<1.8.0 # Apache-2.0
 stestr>=2.0.0 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0