In hubblestack_nova/misc.py , the function check_directory_files_permission has a bug in it on the develop branch:

The "path" parameter is not being used. Relatively, the _execute_shell_command call is always calling "/var/log". I think you may have meant to put the path variable in there?

This function should help to fulfill CIS-4.2.4 in the Ubuntu 16.04 v1.1.0 spec: Ensure permissions on all logfiles are configured.

Good catch. @anuragpaliwal80 can you grab this one? Note that if we just add the path into that command we'll end up with a command injection vulnerability, so we'll need to run that command with python_shell=False on the cmd.run, which is not the default for _execute_shell_command().