RHEL STIG does not detect whether xinetd/tftp/other nonessential plugins are installed before attempting to audit their configurations.

[Fall3nSp0rk]

Describe the bug
On servers that do not have Trivial File Transfer Protocol (TFTP) installed, Powerstig does not attempt to determine if Xinetd (the hosting daemon for tftp), or tftp is installed before attempting to audit the configuration of same. This results in an error that forces DSC config apply to stop.

To Reproduce
Resources used: 1 windows server 2016 server running desired state configuration(DSC Controller), one server running red hat enterprise linux 7 (client machine)

1. Create a .mof file on the DSC controller using the following code:

CD C:\DSC
configuration RHEL7Baseline
{
    param
    (
        [parameter()]
        [string]
        $NodeName = '<name-of-rhel-7-server>'
    )

    Import-DscResource -ModuleName PowerStig

    Node $NodeName
	{
	RHEL BaseLine
            {
                OsVersion = '7'
                StigVersion = '3.2'
                SkipRule = 'V-204447'
        }
    }
}

RHEL7Baseline -OutputPath C:\DSC\RHEL7Baseline\

2. Open resulting .mof file and save it in UTF-8 format, overwriting the original.
3. On the DSC Controller, execute the following in Powershell:

$Node = "<name-of-rhel-7-server"
$Credential = Get-Credential -UserName "root" -Message "Enter Password:"

#Ignore SSL certificate validation
$opt = New-CimSessionOption -UseSsl -SkipCACheck -SkipCNCheck -SkipRevocationCheck

#Options for a trusted SSL certificate
#$opt = New-CimSessionOption -UseSsl

$sessParams = @{
    Credential = $credential
    ComputerName = $Node
    Port = 5986
    Authentication = 'basic'
    SessionOption = $opt
    OperationTimeoutSec = 90
}

$Sess = New-CimSession @sessParams
Start-DscConfiguration -CimSession $Sess -Path "C:\DSC\RHEL7Baseline"  -Wait -Verbose -Force

4. Receive error message saying that v-204623 failed to apply.

2021/06/21 16:00:04: ERROR: null(0): EventId=1 Priority=ERROR Job D231E46F-E8FE-469E-B268-A1D41EC4BD82 :
DSC Engine Error :
         Error Message Failed to apply the configuration.  These resources produced errors: [nxFileLine][V-204623][medium][SRG-OS-000480-GPOS-00227]::[RHEL]BaseLine
        Error Code : 1

Expected behavior
powerstig should detect whether tftp, or its dependency, xinetd, is installed using commands:

rpm -q tftp
rpm -q tftp-server
rpm -q xinetd

If these modules are not found, configuration should be skipped.

Logs

/etc/ssh/sshd_config ^#\s*Compression.*$|^Compression\s*(?!delayed\b)\w*$ False
2021/06/21 16:00:03: INFO: Scripts/nxFileLine.pyc(140):
/etc/ssh/sshd_config ^#\s*X11Forwarding.*$|^X11Forwarding\s*(?!no\b)\w*$ False
2021/06/21 16:00:03: ERROR: Scripts/nxFileLine.pyc(112):
Error: /etc/xinetd.d/tftp not found!

2021/06/21 16:00:03: ERROR: Scripts/nxFileLine.pyc(94):
Error: /etc/xinetd.d/tftp not found!

2021/06/21 16:00:03: ERROR: null(0): EventId=1 Priority=ERROR Job D231E46F-E8FE-469E-B268-A1D41EC4BD82 :
This event indicates that failure happens when LCM is processing the configuration. ErrorId is 1. ErrorDetail is The SendConfigurationApply function did not succeed.. ResourceId is [nxFileLine][V-204623][medium][SRG-OS-000480-GPOS-00227]::[RHEL]BaseLine and SourceInfo is C:\Program Files\WindowsPowerShell\Modules\PowerSTIG\4.8.0\DSCResources\Resources\linux.nxFileLine.ps1::41::9::nxFileLine. ErrorMessage is A general error occurred, not covered by a more specific error code.. The related ResourceID is [nxFileLine][V-204623][medium][SRG-OS-000480-GPOS-00227]::[RHEL]BaseLine..
2021/06/21 16:00:03: INFO: Scripts/nxFileLine.pyc(140):
/etc/ssh/sshd_config #\s*X11UseLocalhost\s*yes False
2021/06/21 16:00:04: INFO: Scripts/nxScript.pyc(303):
stdout:
2021/06/21 16:00:04: INFO: Scripts/nxScript.pyc(306):
stderr:
2021/06/21 16:00:04: INFO: Scripts/nxScript.pyc(303):
stdout:
2021/06/21 16:00:04: INFO: Scripts/nxScript.pyc(306):
stderr:
2021/06/21 16:00:04: ERROR: null(0): EventId=1 Priority=ERROR Job D231E46F-E8FE-469E-B268-A1D41EC4BD82 :
DSC Engine Error :
         Error Message Failed to apply the configuration.  These resources produced errors: [nxFileLine][V-204623][medium][SRG-OS-000480-GPOS-00227]::[RHEL]BaseLine
        Error Code : 1
2021/06/21 16:00:04: WARNING: null(0): EventId=2 Priority=WARNING Job D231E46F-E8FE-469E-B268-A1D41EC4BD82 :
Displaying messages from built-in DSC resources:
         WMI channel 1
         ResourceID:
         Message : [azupitxrhtest1]:                            [] Consistency check completed.
2021/06/21 16:00:04: WARNING: null(0): EventId=2 Priority=WARNING Job D231E46F-E8FE-469E-B268-A1D41EC4BD82 : PerformRequiredConfigurationChecks DSC operation completed in 2.4851 seconds.

[erjenkin]

We will look into adding some logic to the composite to detect for future release, but for your case, I would recommend skipping V-204623 if you do not have tftp installed. If you have some servers that do and others that do not, you will need to have two separate configs based on your server setup.

Thanks,

Eric