Currently, the permissions for OpenSearch logs seem to be weak, allowing anyone to read them. The current permissions on the
logs/ directory is -rw-r-r- (644)
This also applies to security plugin enabled clusters, which generate audit logs. This weak permission structure can cause leakage of sensitive information in the logs.
The permissions should be restricted to only the application user and group, which is -rw-r— (640), also suggested here https://issues.apache.org/jira/browse/LOG4J2-1699
Created a github issue - Restrict logs directory access permissions · Issue #958 · opensearch-project/OpenSearch · GitHub