_auditd_config.py: do not check permissions on file that doesn't exist

This change avoids a FileNotFoundError exception when running 'verify' if
auditd.conf doesn't exist. The exception causes 'verify' to print a stack trace
and return error 1 rather than EX_CHECK_FAILURE. auditd.conf is not on the
nilrt base system image; it's created by nilrt-snac. Thus, that exception would
always happen when running 'verify' before running 'configure'.

Signed-off-by: Alex Hearn <alex.hearn@ni.com>

Author: AlexHearnNI

nilrt_snac/_common.py

@@ -6,7 +6,7 @@
 
 
 def _check_group_ownership(path: str, group: str) -> bool:
-    "Checks if the group ownership of a file or directory matches the specified group."    
+    "Checks if the group ownership of a file or directory matches the specified group."
     stat_info = os.stat(path)
     gid = stat_info.st_gid
     group_info = grp.getgrgid(gid)
@@ -38,4 +38,4 @@ def get_distro():
                     if line.startswith("ID="):
                         return line.split("=")[1].strip()
     except NameError:
-        return None
+        return None

nilrt_snac/_configs/_auditd_config.py

@@ -182,20 +182,21 @@ def verify(self, args: argparse.Namespace) -> bool:
         if not auditd_config_file.exists():
             valid = False
             logger.error(f"MISSING: {auditd_config_file.path} not found")
-        elif not is_valid_email(auditd_config_file.get("action_mail_acct")):
-            valid = False
-            logger.error("MISSING: expected action_mail_acct value")
-
-        # Check group ownership and permissions of auditd.conf
-        if not _check_group_ownership(self.audit_config_path, "sudo"):
-            logger.error(f"ERROR: {self.audit_config_path} is not owned by the 'sudo' group.")
-            valid = False
-        if not _check_permissions(self.audit_config_path, 0o660):
-            logger.error(f"ERROR: {self.audit_config_path} does not have 660 permissions.")
-            valid = False
-        if not _check_owner(self.audit_config_path, "root"):
-            logger.error(f"ERROR: {self.audit_config_path} is not owned by 'root'.")
-            valid = False
+        else:
+            if not is_valid_email(auditd_config_file.get("action_mail_acct")):
+                valid = False
+                logger.error("MISSING: expected action_mail_acct value")
+
+            # Check group ownership and permissions of auditd.conf
+            if not _check_group_ownership(self.audit_config_path, "sudo"):
+                logger.error(f"ERROR: {self.audit_config_path} is not owned by the 'sudo' group.")
+                valid = False
+            if not _check_permissions(self.audit_config_path, 0o660):
+                logger.error(f"ERROR: {self.audit_config_path} does not have 660 permissions.")
+                valid = False
+            if not _check_owner(self.audit_config_path, "root"):
+                logger.error(f"ERROR: {self.audit_config_path} is not owned by 'root'.")
+                valid = False
 
         # Check group ownership and permissions of /var/log
         if not _check_group_ownership(self.log_path, "adm"):