[BUG] Missing Dependency in ash-linux/el8/STIGbyID/cat2/RHEL-08-030590.sls #481
Description
Describe the bug
If not running the entirety of the ash-linux-formula – specifically triggerable if invoking watchmaker with --exclude-states ash-linux.el8.VendorSTIG.remediate – this state will fail due to file not found for the /etc/audit/rules.d/logins.rules file.
Severity
Breaks the ability to do some partial watchmaker executions
To Reproduce
Steps to reproduce the behavior:
-
Launch an EL8-based EC2 (etc)
-
Invoke watchmaker with
watchmaker --exclude-states ash-linux.el8.VendorSTIG.remediate -
Wait for watchmaker to exit
-
See error like:
Log faillock modifications (RHEL-08-030590): __id__: Log faillock modifications (RHEL-08-030590) __run_num__: 81 __sls__: ash-linux.el8.STIGbyID.cat2.RHEL-08-030590 changes: {} comment: '/etc/audit/rules.d/logins.rules: file not found' duration: 10.043 name: /etc/audit/rules.d/logins.rules result: false start_time: '14:02:03.551634'In the watchmaker logs:
Expected behavior
The state should be successfully executable regardless of exclusions of other states.
Deviance Description
Screenshots
Additional context
Fix Suggestions
Add a step to the formula that ensures that the target file exists before executing attempts to alter it.