rabbitmq charm causes non DISA-STIG compliance
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack RabbitMQ Server Charm |
New
|
Undecided
|
Unassigned |
Bug Description
ubuntu 20.04.5
juju 2.9.37
charm latest/stable rev CH:123
rabbitmq-server 3.8.2
ussuri
When running `sudo usg fix disa_stig` against an ubuntu 20.04.5 machine, it becomes DISA-STIG compliant.
running `juju add-machine <user>@<ip>` and then `juju deploy rabbitmq-server --to 0` causes DISA-STIG to no longer be compliant
Specifically, running a diff against the compliant results `sudo usg audit disa_stig` and then against the newly deployed rabbitmq-server charm causes the following diff:
```
- <rule-result idref="
000000">
- <result>
+ <rule-result idref="
000000">
+ <result>
<check system="http://
</check>
</rule-result>
```
rabbitmq-server charm is breaking the file_groupowner
it looks like the charm is installing the lockfile-progs package, which is causing /usr/mail-* files to have a group ownership of mail instead of root.