Verify that home directories exist [+Docs]

This patch adds tasks which verify that the home directory for each
interactive user actually exists on the filesystem. Users with
missing home directories are printed in the Ansible output.

Docs are included.

Implements: blueprint security-rhel7-stig
Change-Id: Ia561bfe1352ef9bdc5be9de4cb23e1bf15a4cbbc

doc/metadata/rhel7/RHEL-07-020640.rst

@@ -1,7 +1,10 @@
 ---
 id: RHEL-07-020640
-status: not implemented
-tag: misc
+status: implemented
+tag: auth
 ---
 
-This STIG requirement is not yet implemented.
+Each interactive user on the system is checked to verify that their assigned
+home directory exists on the filesystem. If a home directory is missing, the
+name of the user and their assigned home directory is printed in the Ansible
+console output.

tasks/rhel7stig/auth.yml

@@ -14,7 +14,8 @@
 # limitations under the License.
 
 - name: Get a list of users on the system to use throughout the auth tasks
-  action: get_users
+  get_users:
+    min_uid: 1000
   register: user_list
   check_mode: no
   tags:
@@ -196,3 +197,31 @@
     - auth
     - medium
     - RHEL-07-020630
+
+- name: Check each user to see if its home directory exists on the filesystem
+  stat:
+    path: "{{ item['dir'] }}"
+  when:
+    - item['dir'] != ''
+  with_items: "{{ user_list.users }}"
+  register: home_directory_checks
+  tags:
+    - auth
+    - medium
+    - RHEL-07-020640
+
+- name: RHEL-07-020640 - All local interactive user home directories defined in the /etc/passwd file must exist.
+  debug:
+    msg: |
+      These users have a home directory assigned, but the directory does not exist:
+      {% for check in home_directory_checks.results %}
+      {% if not check.stat.exists %}
+      {{ check.item.name }} ({{ check.item.dir }} does not exist)
+      {% endif %}
+      {% endfor %}
+  when:
+    - home_directory_checks.results | selectattr('stat.exists', 'sameas', false) | list | length > 0
+  tags:
+    - auth
+    - medium
+    - RHEL-07-020640