sticky+rwx on /tmp & /dev/shm look ok. /usr/src/debug/tmp
here (I'm not sure)
This mentions /usr/local/apache/logs/modsec_audit proper permissions of 1733
(web-research: SecAuditLogDirMode 1733 [again, Idk] no-read is
tricky!)
Partial answer (I'm just learning this too! Use these as clues to research):
Code:
rpm --qf '%{filemodes:octal}\n' -qf /etc/mime.types
rpm -qlif /etc/mime.types
rpm -Vf /etc/mime.types
So, 1: one no 2: one yes: see rpm -setperms (web-search each file to get ideas on 'risks')
3: see --qf above (or you can look at a 'live' CentOS7 at linuxzoo.net!)
(ignore the 100 in 100644: see `man 2 stat` about S_IFREG 0100000 regular file)
Any ideas what may have happened to the system you are using (where did it come from)?
Look into this web-search: rpm verify repair file mode
Best wishes... let us know (esp. more specific than like 'risks?')