OpenStack Identity - user/group ownership of config files set to keystone - /etc/keystone/ssl/certs/ca.pem

Information

Configuration files contain critical parameters and information required for smooth functioning of the component. If an unprivileged user, either intentionally or accidentally modifies or deletes any of the parameters or the file itself then it would cause severe availability issues causing a denial of service to the other end users. Thus user and group ownership of such critical configuration files must be set to that component owner.

Solution

Set user and group ownership of these config files to keystone

See Also

http://docs.openstack.org/security-guide/identity/checklist.html

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.1

Plugin: Unix

Control ID: 1d5163a6395b75f41ae5aa74a956d5a1536a9a7a688778b2f88fc39942384acf