Describe the bug
If not running the entirety of the ash-linux-formula – specifically triggerable if invoking watchmaker with --exclude-states ash-linux.el8.VendorSTIG.remediate – this state will fail due to file not found for the /etc/audit/rules.d/logins.rules file.
Severity
Breaks the ability to do some partial watchmaker executions
To Reproduce
Steps to reproduce the behavior:
-
Launch an EL8-based EC2 (etc)
-
Invoke watchmaker with watchmaker --exclude-states ash-linux.el8.VendorSTIG.remediate
-
Wait for watchmaker to exit
-
See error like:
Log faillock modifications (RHEL-08-030590):
__id__: Log faillock modifications (RHEL-08-030590)
__run_num__: 81
__sls__: ash-linux.el8.STIGbyID.cat2.RHEL-08-030590
changes: {}
comment: '/etc/audit/rules.d/logins.rules: file not found'
duration: 10.043
name: /etc/audit/rules.d/logins.rules
result: false
start_time: '14:02:03.551634'
In the watchmaker logs:
Expected behavior
The state should be successfully executable regardless of exclusions of other states.
Deviance Description
Screenshots
Additional context
Fix Suggestions
Add a step to the formula that ensures that the target file exists before executing attempts to alter it.
Describe the bug
If not running the entirety of the ash-linux-formula – specifically triggerable if invoking watchmaker with
--exclude-states ash-linux.el8.VendorSTIG.remediate– this state will fail due tofile not foundfor the/etc/audit/rules.d/logins.rulesfile.Severity
Breaks the ability to do some partial watchmaker executions
To Reproduce
Steps to reproduce the behavior:
Launch an EL8-based EC2 (etc)
Invoke watchmaker with
watchmaker --exclude-states ash-linux.el8.VendorSTIG.remediateWait for watchmaker to exit
See error like:
In the watchmaker logs:
Expected behavior
The state should be successfully executable regardless of exclusions of other states.
Deviance Description
Screenshots
Additional context
Fix Suggestions
Add a step to the formula that ensures that the target file exists before executing attempts to alter it.