OpenStack Networking - user/group ownership of config files set to root/neutron - /etc/neutron/rootwrap.conf

Information

Configuration files contain critical parameters and information required for smooth functioning of the component. If an unprivileged user, either intentionally or accidentally modifies or deletes any of the parameters or the file itself then it would cause severe availability issues causing a denial of service to the other end users. Thus user ownership of such critical configuration files must be set to root and group ownership must be set to nova.

Solution

Set user and group ownership of these config files to root and neutron respectively

See Also

http://docs.openstack.org/security-guide/networking/checklist.html

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.1

Plugin: Unix

Control ID: 02966ec346dae3bbcc21bc94e57ab6efb10a1e35abb62e585513c13666e155ca