[BUG] Missing Dependency in `ash-linux/el8/STIGbyID/cat2/RHEL-08-030590.sls`

Question

[BUG] Missing Dependency in `ash-linux/el8/STIGbyID/cat2/RHEL-08-030590.sls`

Opened this issue 9 months ago · 0 comments

Describe the bug

If not running the entirety of the ash-linux-formula – specifically triggerable if invoking watchmaker with --exclude-states ash-linux.el8.VendorSTIG.remediate – this state will fail due to file not found for the /etc/audit/rules.d/logins.rules file.

Severity

Breaks the ability to do some partial watchmaker executions

To Reproduce
Steps to reproduce the behavior:

Launch an EL8-based EC2 (etc)
Invoke watchmaker with watchmaker --exclude-states ash-linux.el8.VendorSTIG.remediate
Wait for watchmaker to exit

See error like:

    Log faillock modifications (RHEL-08-030590):
        __id__: Log faillock modifications (RHEL-08-030590)
        __run_num__: 81
        __sls__: ash-linux.el8.STIGbyID.cat2.RHEL-08-030590
        changes: {}
        comment: '/etc/audit/rules.d/logins.rules: file not found'
        duration: 10.043
        name: /etc/audit/rules.d/logins.rules
        result: false
        start_time: '14:02:03.551634'

In the watchmaker logs:

Expected behavior

The state should be successfully executable regardless of exclusions of other states.

Deviance Description

Screenshots

Additional context

Fix Suggestions

Add a step to the formula that ensures that the target file exists before executing attempts to alter it.