RHEL7 - exclude the user 'nfsnobody' from accounts_users_home_files_*

[yuumasato]

Description:

• Adds a filter to exclude the user nfsnobody on RHEL7 systems.

Rationale:

• Although we already exclude the user with username 'nobody', in some systems (RHEL7) the user 'nobody' has UID 99, and the user 'nfsnobody' has UID 65534.

• Fixes RHEL 7 - accounts_users_home_files_* rules check /var/lib/nfs/ directory #8352

Interesting reference: https://fedoraproject.org/wiki/Changes/RenameNobodyUser

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

[Mab879]

I'm getting SSGTS failures on a local VM as well.

RHEL7

ERROR - Script lenient_permission.fail.sh using profile (all) found issue:
ERROR - Rule evaluation resulted in pass, instead of expected fail during initial stage 
ERROR - The initial scan failed for rule 'xccdf_org.ssgproject.content_rule_accounts_users_home_files_permissions'.
ERROR - Script lenient_permission_hidden_files.fail.sh using profile (all) found issue:
ERROR - Rule evaluation resulted in pass, instead of expected fail during initial stage 
ERROR - The initial scan failed for rule 'xccdf_org.ssgproject.content_rule_accounts_users_home_files_permissions'.

RHEL8

ERROR - Script lenient_permission.fail.sh using profile (all) found issue:
ERROR - Rule evaluation resulted in pass, instead of expected fail during initial stage 
ERROR - The initial scan failed for rule 'xccdf_org.ssgproject.content_rule_accounts_users_home_files_permissions'.
ERROR - Script lenient_permission_hidden_files.fail.sh using profile (all) found issue:
ERROR - Rule evaluation resulted in pass, instead of expected fail during initial stage 
ERROR - The initial scan failed for rule 'xccdf_org.ssgproject.content_rule_accounts_users_home_files_permissions'.

RHEL9

Rule is excluded via prodtype.

Do we need to change the UID of nobody to 99 on RHEL7?

[root@ci-vm-10-0-137-114 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.9 (Maipo)
[root@ci-vm-10-0-137-114 ~]# getent passwd nobody
nobody:x:99:99:Nobody:/:/sbin/nologin

[yuumasato]

I have changed my approach to filter out the nfsnobody on RHEL7.

Do we need to change the UID of nobody to 99 on RHEL7?

[root@ci-vm-10-0-137-114 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.9 (Maipo)
[root@ci-vm-10-0-137-114 ~]# getent passwd nobody
nobody:x:99:99:Nobody:/:/sbin/nologin

I think the previous approach with default nobody UID and GIDs was not good.
In RHEL7 the value 65534 was actually incorrect, as it is the UID/GID for nfsnobody.