0644 remediation - /etc/mysql/my.cnf
* We have blocked default access to read.
Related-PROD: PROD-25333(PROD-25333)
Change-Id: I958aeca707a0a63541ffa639fa3d8c49d2f1e924
diff --git a/galera/master.sls b/galera/master.sls
index 2081ca0..2b47117 100644
--- a/galera/master.sls
+++ b/galera/master.sls
@@ -190,7 +190,8 @@
file.managed:
- name: {{ master.config }}
- source: salt://galera/files/my.cnf.init
- - mode: 644
+ - mode: 640
+ - group: mysql
- template: jinja
- require:
- service: galera_bootstrap_stop_service
@@ -220,7 +221,8 @@
file.managed:
- name: {{ master.config }}
- source: salt://galera/files/my.cnf
- - mode: 644
+ - mode: 640
+ - group: mysql
- template: jinja
- require_in:
- service: galera_service
diff --git a/galera/slave.sls b/galera/slave.sls
index 5420424..8b6526a 100644
--- a/galera/slave.sls
+++ b/galera/slave.sls
@@ -188,7 +188,8 @@
file.managed:
- name: {{ slave.config }}
- source: salt://galera/files/my.cnf
- - mode: 644
+ - mode: 640
+ - group: mysql
- template: jinja
- require:
- service: galera_bootstrap_stop_service
@@ -219,7 +220,8 @@
file.managed:
- name: {{ slave.config }}
- source: salt://galera/files/my.cnf
- - mode: 644
+ - mode: 640
+ - group: mysql
- template: jinja
- require_in:
- service: galera_service