I have noticed a funny thing. We use Open-SCAP to check that our Linux VMs are following our set hardening standard.
It checks the files access permissions of installed software packages matches the vendor values. On a newly installed Icinga2 conf file, f.ex. zones.conf has 640. But after I run the Icinga Node Wizard to configure the node it changes to 644. Same with other conf files as well.
This causes an alert from Open-SCAP as you might understand.
My question is just, why does the files access permissions changes so it doesnt matches the vendor settings.
It is easily fixed with rpm --setperms ICINGA PACKAGE (for example icinga2-0:2.13.2-1.el8.icinga.x86_64) so its not a major issue, just a annoying one
But the most annoying issue is that after each restart of Icinga on server the /var/lib/icinga2/api/zones-stage has changed its permissions from vendor presets, from 750 to 700.
- Version used (
icinga2 --version) 2.13.2-1
- Operating System and version RHEL 8.5