RHEL-08-010740 PATCH Task fails if home directory is set to /dev/null

[SeanathanVT]

Describe the Issue On el8 baselines, the tss user’s home directory appears to be set to /dev/null. This causes the Task to fail as /dev/null is a not a directory.

Expected Behavior Task should gracefully handle a situation where a user’s "home directory” is not actually a directory.

Actual Behavior Execution of the RHEL-08-010740 PATCH logic fails if a local user’s home directory (as defined in /etc/passwd) is not actually a directory due to the Task’s inclusion of “state: directory”. I acknowledge the intent behind this (why would a home directory not be a home directory?), but in the case of the tss user on el8 baselines, the home directory is not actually a directory.

Control(s) Affected RHEL-08-010740

Environment (please complete the following information):

• branch being used: the latest release (STIG V1R12 April release)
• Ansible Version: 8.3.0
• Host Python Version: 3.11.5
• Ansible Server Python Version: 3.11.5
• Additional Details: N/A

Additional Notes

• https://access.redhat.com/solutions/6625061
• https://access.redhat.com/solutions/6996195

Possible Solution Either remove the “state: directory” definition or add a conditional that excludes an item if its path is /dev/null (ex. item.dir != '/dev/null') or filter based on shell (ex. item.shell != '/sbin/nologin'). Not sure how you guys would prefer to handle this situation, so I don’t want to assume the proper resolution. Also unsure how likely this is to surface with a non-directory defined as a home directory that isn’t /dev/null.