Hello, during a security audit, our customer was wondering about the files in directory /var/lib/heartbeat/crm, for example:
-rw-rw-rw- 1 hacluster root 32 Feb 13 18:59 cib-40.raw.sig -rw------- 1 hacluster root 6716 Feb 13 18:59 cib-41.raw -rw-rw-rw- 1 hacluster root 32 Feb 13 18:59 cib-41.raw.sig -rw------- 1 hacluster root 6716 Feb 13 18:59 cib-42.raw The files contain an XML section of the configs as applied by "crm configure" (.raw) commands and some hash/checksum (.raw.sig). We are running pacemaker with user permissions like this: root 5610 1 0 Feb13 ? 00:11:40 corosync 498 5616 5610 0 Feb13 ? 00:01:54 /usr/libexec/pacemaker/cib root 5617 5610 0 Feb13 ? 00:01:02 /usr/libexec/pacemaker/stonithd root 5618 5610 0 Feb13 ? 00:01:33 /usr/lib64/heartbeat/lrmd 498 5619 5610 0 Feb13 ? 00:00:44 /usr/libexec/pacemaker/attrd 498 5620 5610 0 Feb13 ? 00:00:25 /usr/libexec/pacemaker/pengine 498 5621 5610 0 Feb13 ? 00:01:07 /usr/libexec/pacemaker/crmd (mind: hacluster:x:498:499:heartbeatuser:/var/lib/heartbeat/cores/hacluster:/sbin/nologin ) Our customer is asking, if we can remove the world-writeable bit for the files in /var/lib/heartbeat/crm, and if/how they are used (i.e. what is the long term result if we simply remove them) Can anyone easily answer this? Thanks & Cheers! Mario pacemaker-cli-1.1.7-6.el6.x86_64 pacemaker-1.1.7-6.el6.x86_64 pacemaker-libs-1.1.7-6.el6.x86_64 pacemaker-cluster-libs-1.1.7-6.el6.x86_64 corosynclib-1.4.1-7.el6.x86_64 corosync-1.4.1-7.el6.x86_64 _______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
