rewrite of SV-204392

[Amndeep7]

resolves #200

takes a very long time but that's cause on my spun up rhel7 docker container it ended up processing 15k-ish files and creating 45k-ish tests. printing out a lot of debugging output that will be changed later. takes a highly variable amount of time depending on what 'rpm --verify' marks as being an issue. changed the inputs around to match the new interpretation of the control and got rid of the exception that we had in there for /etc/issue.

steps to take before merge:

• Revert the commits where I enabled slow controls (or keep them if we're fine with them being enabled, or use yq to enable them just within the workflows but kept as disabled within the repo)
• Review to confirm that it better meets the control's stated intentions and suggested check text
• Rebase on top of the V3R10 branch or have that branch merged into master (and then potentially rebase this one again idk git hard)

Signed-off-by: Amndeep Singh Mann [email protected]

[Amndeep7]

customresults.json.txt

^ this is a json output from running the new control against a plain old rhel7 docker container

# spin up the image since the container needs to be running to do the magic
docker pull registry.access.redhat.com/rhel7:7.9-1011
docker run -it --rm registry.access.redhat.com/rhel7:7.9-1011

# run inspec (on my wsl box)
time docker run -it --rm -v "$(pwd):/share" -v /var/run/docker.sock:/var/run/docker.sock chef/inspec exec . --target docker://ca407406c83f --reporter=cli json:customresu
lts.json --input-file=kitchen.inputs.yml --chef-license=accept-silent --controls=SV-204392

[Amndeep7]

customresults2.json.txt

^ the above but now skipping for any files specified in the packages that don't actually exist on disk for whatever reason.

[Amndeep7]

lol misleading runtime numbers - the subtests did manage to find actual findings tho. I think they were all file permissions/mode issues, and not the owner or group being wrong but I feel like those might come up in a more established box as opposed to the ones we were spinning up for testing that haven't had users exist in them.

[wdower]

Talked about this PR as a go-back during standup:
Todo:

• Reduce the total number of subtests by doing it per package overall and not per assessment type per file.
• As part of that put the listings of misconfigured files (and presumably the means through which they were misconfigured) in the message body of each subtest.

This a) removes all the positives which we don’t really care about, b) makes it easier to apply the fix text (which fixes it on the package level), and c) hopefully reduces the time-to-test.