From a55675089457ad2c34820ac0c83888f1f6f8c933 Mon Sep 17 00:00:00 2001
From: "Tomuta, Diana Maria (T CST SCC-RO)" <diana.tomuta@siemens.com>
Date: Thu, 3 Jul 2025 13:03:08 +0300
Subject: [PATCH] Fixing issue
 https://code.siemens.com/infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis/-/issues/41.

Signed-off-by: Diana-Maria Dumitru <diana.dumitru@siemens.com>
---
 tasks/section_5/cis_5.4.2.x.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/tasks/section_5/cis_5.4.2.x.yml b/tasks/section_5/cis_5.4.2.x.yml
index 37a4e11..9a93947 100644
--- a/tasks/section_5/cis_5.4.2.x.yml
+++ b/tasks/section_5/cis_5.4.2.x.yml
@@ -135,6 +135,22 @@
       ansible.builtin.set_fact:
         root_paths: "{{ discovered_root_paths.stdout }}"
 
+    - name: "5.4.2.5 | AUDIT | Ensure root PATH Integrity | Check for presence of non-dirs"
+      ansible.builtin.stat:
+        path: "{{ item }}"
+      loop: "{{ discovered_root_paths_split.stdout_lines }}"
+      register: paths_stat
+
+    - name: "5.4.2.5 | AUDIT | Ensure root PATH Integrity | Create dirs for some paths that are not dirs"
+      ansible.builtin.file:
+        path: "{{ item.item }}"
+        state: directory
+        owner: root
+        group: root
+        mode: 'go-w'
+      loop: "{{ paths_stat.results }}"
+      when: not item.stat.exists
+
     - name: "5.4.2.5 | AUDIT | Ensure root PATH Integrity | Check for empty dirs"
       when: discovered_root_paths is defined
       ansible.builtin.shell: 'echo {{ root_paths }} | grep -q "::" && echo "roots path contains a empty directory (::)"'