Merge "Check for two nameservers [+Docs]"

2016-12-02 19:50:41 +00:00
parent fa655e3be2 f9a3a1606e
commit 811c8bb50f
2 changed files with 28 additions and 2 deletions
--- a/doc/metadata/rhel7/RHEL-07-040320.rst
+++ b/doc/metadata/rhel7/RHEL-07-040320.rst
@@ -1,7 +1,8 @@
 ---
 id: RHEL-07-040320
-status: not implemented
+status: implemented
 tag: misc
 ---

-This STIG requirement is not yet implemented.
+If a server has fewer than two nameservers configured in ``/etc/resolv.conf``,
+a warning is printed in the Ansible output.
--- a/tasks/rhel7stig/misc.yml
+++ b/tasks/rhel7stig/misc.yml
@@ -170,3 +170,28 @@
    - medium
    - misc
    - RHEL-07-040250
+
+# Linting checks need to be skipped because this command doesn't create any
+# files.
+- name: Count nameserver entries in /etc/resolv.conf
+  command: grep nameserver /etc/resolv.conf
+  register: nameserver_check
+  check_mode: no
+  changed_when: False
+  failed_when: False
+  tags:
+    - always
+    - skip_ansible_lint
+
+- name: RHEL-07-040320 - For systems using DNS resolution, at least two name servers must be configured.
+  debug:
+    msg: |
+      Two or more nameservers must be configured in /etc/resolv.conf.
+      Nameservers found: {{ nameserver_check.stdout_lines | length }}
+  when:
+    - nameserver_check is defined
+    - nameserver_check.stdout_lines | length < 2
+  tags:
+    - low
+    - misc
+    - RHEL-07-040320