Pmlogger is creating world-readable log files in /var/log/pcp/pmlogger
Issue
- pcp component pmlogger is creating world-readable log files in /var/log/pcp/pmlogger.
- Security vulnerability scanners (notable CIS Benchmark assessor tool, and possibly Rapid7), are calling out these files, asserting that they should have
NO
world access, read or otherwise. - Expecting that OS distribution products would comply with CIS standards.
- What is the way to configure pmlogger to change the mode in which it creates said logs; if there is a way, we would be glad to know of it, if there is not a way, would like to see this
corrected
. - cockpit-pcp will not display historic performance metrics from pmlogger
Environment
- Red Hat Enterprise Linux (RHEL) 7, 8 and 9
- pcp
- pmlogger
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.