OpenStack Heat Charm

heat charm causes non DISA-STIG compliance

Bug #1997097 reported by Jeff Hillman on 2022-11-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Heat Charm	New	Undecided	Unassigned

Bug Description

ubuntu 20.04.5
juju 2.9.37
charm latest/stable rev CH:485
heat 14.2.0
Ussuri

When running `sudo usg fix disa_stig` against an ubuntu 20.04.5 machine, it becomes DISA-STIG compliant.

running `juju add-machine <user>@<ip>` and then `juju deploy heat --to 0` causes DISA-STIG to no longer be compliant

Specifically, running a diff against the compliant results `sudo usg audit disa_stig` and then against the newly deployed heat charm causes the following diff:

```
- <rule-result idref="permissions_local_var_log" time="2022-11-16T15:38:14" severity="medium" weight="1.000000">
- <result>pass</result>
+ <rule-result idref="permissions_local_var_log" time="2022-11-18T00:10:52" severity="medium" weight="1.000000">
+ <result>fail</result>
```

heat charm is breaking the permissions_local_var_log DISA-STIG compliance.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.