Check for promiscuous interfaces [+Docs]

This patch adds tasks to check for interfaces that are in promiscuous
mode. If any are found, a warning is printed.

Documentation is included.

Implements: blueprint security-rhel7-stig
Change-Id: Ia5344a298ddd34d98b00d1a3b14e40883fc4e69f

doc/metadata/rhel7/RHEL-07-040470.rst

@@ -1,7 +1,9 @@
 ---
 id: RHEL-07-040470
-status: not implemented
+status: verification only
 tag: misc
 ---
 
-This STIG requirement is not yet implemented.
+All interfaces are examined to ensure they are not in promiscuous mode. A
+warning message is printed in the Ansible output if any promiscuous interfaces
+are found.

tasks/rhel7stig/misc.yml

@@ -195,3 +195,24 @@
     - low
     - misc
     - RHEL-07-040320
+
+- name: Check for interfaces in promiscuous mode
+  shell: "ip link | grep -i promisc"
+  register: promiscuous_interface_check
+  changed_when: False
+  failed_when: False
+  check_mode: no
+  tags:
+    - always
+
+- name: RHEL-07-040470 - Network interfaces must not be in promiscuous mode.
+  debug:
+    msg: >
+      One or more network interfaces were found to be in promiscuous mode.
+      Review all interfaces and disable promiscuous mode.
+  when:
+    - promiscuous_interface_check.rc == 0
+  tags:
+    - medium
+    - misc
+    - RHEL-07-040470